Pfsense network config question (in Hyper-v)
-
New to the forum, pfsense and hyper-v but not network architecture. I need a bit of help getting going then I can take it from there as I see quite a few options and nothing too concrete on the searches I have done thus far. This is for a home network (although fairly robust compared to most since I have substantial home automation infrastructure.
Infrastructure: 2016 MS server with 6 nic ports (2 are aggregated link to core Juniper EX2200 core); I can devote 3 to pfsense. Various devices (A/Ps, mobile devices, computer etc. on core with a HP procure edge switch. I have the hyper-v machine created and pfsense installed, somewhat configured (30gb drive with 4gb ram) and web interface is up (can log in to pfsense).
IP schema: internal LAN (vlan 30) 10.0.0.X; WAN ISP assigned address (192.x.x.x) and GW=42.x.x.x (ISP).
I attempted a cutover and WAN link received the correct DHCP WAN address in pfsense (from ISP), but I rolled back to original WAN router because my lack of experience with pfsense is causing double guess.
Now to my Q (TMI I'm sure). I want to cutover from my existing synology WAN/firewall router to pfsense (hyper-v). I need some help/ guidance on what to configure the physical NICS, virtual switch and pfsense IP addresses.
1. I need to setup the 3 physical NICS (LAN, WAN, MGT or maybe DMZ) with static IPs
2. IP address(s) for virtual switch(s) and what types (ext, int or private?)
3. IP addresses within pfsense (LAN, WAN etc).
4. Endstate: I have a WAN link with firewall rules applied and isolated from everything else, LAN link for filtered internet access and a LINK for management of pfsense (web interface and isolated to a workstation only).- Once I get the network set up properly following the best practice provided from this forum; I can take it from there as I know what rules I need and how to set up the rest of pfsense. I just didn't want to start out with something stupid with regards to the network setup and build everything on garbage.
Verbose I know but hopefully this gives a picture of current dilemma. any guidance is greatly appreciated- who knows, someday I may be able to offer some input to someone else but need to start from the beginning. Thx
-
Correction to #1 above- I don't need to assign IPs to the physical ports (protocols disabled); just the virtual switch(s).
-
1. I need to setup the 3 physical NICS (LAN, WAN, MGT or maybe DMZ) with static IPs
You only need virtual switching. Just add as many network adapters as youd like through hyper-v manager and your vm settings.2. IP address(s) for virtual switch(s) and what types (ext, int or private?)
for outbound(wan) traffic, use an external switch and create at least one external network adapter for your pfsense vm. You don't have to share this with management os, but take not that your management os wont have access to it. in your pfsense configureation, this will be assigned an ip either by dhcp or staticely to match the external network. create an internal switch for all other vms and even your host. create adapters for all your vms and configure vms with pfsense internal ip address as default gateway.3. IP addresses within pfsense (LAN, WAN etc).
pretty much answer to 2.
4. Endstate: I have a WAN link with firewall rules applied and isolated from everything else, LAN link for filtered internet access and a LINK for management of pfsense (web interface and isolated to a workstation only).I would suggest keeping it in an isolated environment until you are comfortable with it. Then when you are sure of your abilities to manage it, put it into production.