PFsense + vrtual ?

  • Hi all i was just wondering if i can setup pfsense on a virtual server ? and how secure this will be ? i will have 3 separated nics 1 Wan 2 Lan 3 DMZ
    on the virtual server. the installation pf will go to a separated harddrive. what does you guys think off that ? Would it be more less secure ? than running a separated PFsense firewall ?

  • We're running PfSense on Vmware ESX, and I don't see why it would be less secure then running it on a physical box.
    Note that there is in fact a connection possible from the VM to the host(for example Vmware tools), which can be a security risc, but to get access to the guest(pfSense) you have bypass pfSense's security first.

    Running pfSense on Vmware Server/Workstation or Microsoft VirtualPC/HyperV would be less secure because of the way network has to be configured. For example: Installing a new driver for your host OS network card can reset (windows)settings(or the interface name) on that card causing that network card(you use - for worst case schenario WAN) to lose it's dedication to Vmware/VirtualPC and use default DHCP settings. This could be BAD.
    On ESX this can not happen.

    Opinions on this topic vary by the way, and i'm not a real security guy.

  • I just rebuilt my PF-Sense server back on my XenServer 5.0  Enterprise Edition.  It is working like a charm.  I am using verison:

    built on Sat Mar 28 00:13:48 EDT 2009

    It is extreamly stable and very fast.  I am running serveral services and seeing a little slow response but I am will to take that with all the new virus's running around.  A little extra protection is work it.

    As far as my configuration goes:
    I have a dedicated nic for the WAN interface, LAN interface and a shared interface on the OPT1 interface.  No issues here.

    Citrix is now providing enterprise product for free.  It works great.


Log in to reply