Before I get started

ekisner

Hi folks, just wanted to start with a quick question. Potentially save myself some time. Not asking for a how-to, I'm sure all that's in the docs and I do know how to read.. mostly just a "yea pfSense can do this and you aren't going to get 3/4 of the way through before you hit a wall and end up wasting your afternoon".

We're a VMWare shop, and I want to create clones of production VMs into an isolated environment for upgrade tests.

Basically exactly the same thing as a Veeam SureBackup (for those of you who know what that is) but much longer term; Veeam SB will end the moment any VM in the job is backed up again, and I'll need this to run for probably about a month. Plus if the job is otherwise terminated, the changes are all nuked and that would be most unfortunate to have to redo the changes we're wanting to test.

I need:

• Routing between different VLANs... each being an interface in pfSense with an IP of the production default gateway addresses which are in turn connected to a vSwitch that has no physical interfaces into the rest of the network
• A WAN link into the production network so that we can access the test environment as per next bullet
• Some means of NAT access... say for example, production 10.0.0.1 having a static NAT entry for 10.10.0.1. Ergo from my workstation, if I hit 10.10.0.1, it goes to pfsense which translates it to 10.0.0.1. I'm fine with manually entering all of the NATs in if that matters.

Actual use case (fake addresses ofc):

• SharePoint WFE servers on vlan 100, addresses 10.0.0.1 and 10.0.0.2 (/24)
• SharePoint App servers on vlan 101, addresses 10.0.1.1 and 10.0.1.2 (/24)
• Load balancer on vlan 102, addresses 10.0.2.1/24
• pfsense interfaces for vlans 100-102 addresses 10.0.X.254 (/24)
• pfsense WAN interface 10.10.0.0/16 natting to vlans.. say 10.10.0.1 to 10.0.0.1 or 10.10.1.1 to 10.0.1.1

heper

yes

A Former User

To expand on @heper: Yes, pfSense will do this.