Before I get started

  • Hi folks, just wanted to start with a quick question. Potentially save myself some time. Not asking for a how-to, I'm sure all that's in the docs and I do know how to read.. mostly just a "yea pfSense can do this and you aren't going to get 3/4 of the way through before you hit a wall and end up wasting your afternoon".

    We're a VMWare shop, and I want to create clones of production VMs into an isolated environment for upgrade tests.

    Basically exactly the same thing as a Veeam SureBackup (for those of you who know what that is) but much longer term; Veeam SB will end the moment any VM in the job is backed up again, and I'll need this to run for probably about a month. Plus if the job is otherwise terminated, the changes are all nuked and that would be most unfortunate to have to redo the changes we're wanting to test.

    I need:

    • Routing between different VLANs... each being an interface in pfSense with an IP of the production default gateway addresses which are in turn connected to a vSwitch that has no physical interfaces into the rest of the network
    • A WAN link into the production network so that we can access the test environment as per next bullet
    • Some means of NAT access... say for example, production having a static NAT entry for Ergo from my workstation, if I hit, it goes to pfsense which translates it to I'm fine with manually entering all of the NATs in if that matters.

    Actual use case (fake addresses ofc):

    • SharePoint WFE servers on vlan 100, addresses and (/24)
    • SharePoint App servers on vlan 101, addresses and (/24)
    • Load balancer on vlan 102, addresses
    • pfsense interfaces for vlans 100-102 addresses 10.0.X.254 (/24)
    • pfsense WAN interface natting to vlans.. say to or to

  • yes

  • To expand on @heper: Yes, pfSense will do this.

Log in to reply