Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense on VM or dedicated T620?

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 3 Posters 901 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cheapie408
      last edited by cheapie408

      My current system consist of a Unifi AC Pro AP, an old Asus AC1750 as my router. It serves its purpose. I don't do anything fancy except for a few port fowards to my Blue Iris server and HomeSeer.

      The Blue Iris server is an i7 6700 with 32Gb of ram with quite a bit of resources to spare. Instead of jumping in with both feet, I'm thinking of buying a 2 or 4 port NIC and slap it on the Blue iris server and spin up PFSense on a VM.

      I have 60 devices on my network but about 10 of those are really using any WAN resources. The rest are IOT, rachio, Ecobee etc..

      Would PFsense in a VM would be better than the Asus?

      I like the ASUS since it comes with a free DDNS but I also have a duckdns acount that I can rely on.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Probably.

        There are numerous free dyndns services so that's not really a reason to stick with it IMO.

        The disadvantage of running in a VM is if you have to reboot the host you lose all connectivity. That can be very inconvenient. It can require manual intervention to boot back up after a power failure for example if something is relying on pfSense being there to come up correctly. You can find yourself in a chicken/egg situation.

        Steve

        C 1 Reply Last reply Reply Quote 1
        • C
          cheapie408 @stephenw10
          last edited by

          @stephenw10 said in PFSense on VM or dedicated T620?:

          It can require manual intervention to boot back up after a power failure for example if something is relying on pfSense being there to come up correctly. You can find yourself in a chicken/egg situation.

          Steve

          This is all it took to convince me not to put it on a VM. I travel a lot and require my internet to be reliable so I can remote back home. When something goes down, I'd like to be able to have the wife be able to power cycle the device and let everything mingle up.

          provelsP 1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            I mean it might not and if you test it to make sure then it should be OK. Just something to be aware of. If your VM pfSense it running DHCP and DNS for the rest of the network and it isn't up yet because the hypervisor is still booting what happens.
            Or worse when the hypervisor somehow fails because pfSense isn't up yet! I mean that would be very poor planning but it would not be the first time I've seen that. ๐Ÿ˜‰

            Steve

            C 1 Reply Last reply Reply Quote 0
            • C
              cheapie408 @stephenw10
              last edited by

              I honestly don't know how PFSense will benefit me since I don't do all that much on my home network. My internet speed is only 200/10 so it's not like I'll gain anything there.

              I work in the industry and feel like I have an obligation to mess with everything IT related that just seems cool.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Ha, I know that feeling!

                Install it in a VM and test it.

                Steve

                1 Reply Last reply Reply Quote 0
                • provelsP
                  provels @cheapie408
                  last edited by

                  @cheapie408 FWIW ( and worth every penny paid...), my Hyper-V host has it's BIOS power options set to start when power is restored (and, of course, on a UPS anyway) and pfSense set to always start. Would be a real PITA to set static DHCP reservations for 60 IoBS devices, though.

                  Peder

                  MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                  BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                  1 Reply Last reply Reply Quote 0
                  • C
                    cheapie408
                    last edited by

                    I got PFSense spun up in a VBox and a couple VM's running to play around with, with no problem. I'm going to mess with it for a few days before dropping $180 on a PFSense dedicated box. I'd rather spend that money on adding another AP to add coverage to the home than a PFSense box.

                    The one thing I think I'll benefit most is the ability to monitor my network traffic and identify bandwidth hogging device and watch for attacks on my network.

                    provelsP 1 Reply Last reply Reply Quote 0
                    • provelsP
                      provels @cheapie408
                      last edited by provels

                      @cheapie408 You could just hook up a LAN port of your Asus AC1750 to your LAN net to expand your WiFi. So much money I've saved you already! โ˜บ

                      Peder

                      MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                      BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                      C 1 Reply Last reply Reply Quote 0
                      • C
                        cheapie408 @provels
                        last edited by

                        @provels said in PFSense on VM or dedicated T620?:

                        @cheapie408 You could just hook up a LAN port of your Asus AC1750 to your LAN net to expand your WiFi.

                        That's exactly what I don't want to do. I turned off the WiFi on the Asus so I can manage all my WiFi devices from the Unifi software.

                        What's funny is after posting this message, the Asus stalled and I lost all internet connection. I had to power cycle the damn thing. This happened at least 3 times in the past 2 months and one of those time was when I was away. A higher power is trying to convince me of PFSense. ๐Ÿ˜ˆ

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.