Vmware Workstation or vSphere with powerful PC
I have a HP EliteDesk 800 G3 Desktop-Mini-PC with an i5-6500T, 16GB DDR4, 256 GB NVME, 256 SSD, and only one NIC. I was thinking of virtualizing PfSense even though I know there are some security flaws and 1 Windows 10 virtual client. I thought of sharing the ressource in half (50% Pfsense, 50% Windows). I currently have this PC dedicated to Pfsense with VLans (1 for LAN, 1 for WAN) and it is running surprisingly well. I was wondering if Vmware Workstation was good enough for my usage as I am quite scared of Vmware Vsphere. I, optionally, can run BitDefender Total Security on the PC as the host.
Could you please advice me?
Thanks a lot,
Your desktop PC is a bit overkill for running just pfSense. Virtualization would be a good move. You should probably invest in a second NIC - an Intel one with two (or more) ports to allow you more options later.
What security flaws are you talking about?
No reason to be scared of vSphere. Have a look at this. It's probably easier (and safer) than Workstation.
Thanks for your answer!
Unfortunately, there is no possibility to add a NIC but maybe you have an idea:
There are some vulnerabilities when we run Pfsense in a vm from what I read.
I don't really need to be super safe as it is in a home setup. I was thinking of Workstation as I bought a key and from what I read it can share the resources between the VMs. I can put I think 16Gb, for example, ram allocation for each VM and they will share the host resources. in Vsphere it is always allocated only for the VM.
Thus, I would like to know if running pfsense in Workstation is okay performance wise as I am comfortable with it. Moreover, I would like to please ask if it is possible to configure Pfsense VM to accept Vlans with Vmware as I only have one switch and a managed switch.
Sorry, I missed the "mini" in your original post. You could still run ESXi and set up your VLANs on that though.
Personally, I think the potential vulnerability of running pfSense in an ESXi VM is a bit overstated. I would be much more concerned about running it in Workstation, where the underlying OS is Windows.
Thanks for your reply.
No sorry, please :). Do you think it is possible to add a NIC on this Mini PC?
I understand. So it is possible for Pfsense as a VM to detect and run on vlans with the single host's NIC with Vmware ESXi?
For my home usage, I use Pfblocker NG -delevel, Snort, Squid proxy with AV, no VPN, DHCP server, and about 100gb traffic daily with my WAN. Could you please recommend me how many CPU cores, Ram, SSD storage you would recommend me? Is it possible to set 1CPU core and whenever CPU cores are available to use all of them or more?
I was thinking of:
1-2 CPU core on the 4 available
100GB Nvme Storage
What do you think?
No, as far as I know, it's not possible to add another NIC to that machine. If you are pushing 100GBytes/day through that one NIC, bear in mind that its 1Gb/s bandwidth will be pretty much split between WAN and LAN. If you aren't on gigabit fibre, it probably won't make much difference.
You can use VLANs on ESXi in much the same way as you do with your managed switch.
You will probably want to allocate at least two cores to pfSense, given the packages you run.
I don't know much about the disk space or memory requirements for those packages but I suspect 6GB of RAM would be plenty. Someone else might be able to help with those numbers.