Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense CE on ESXi 8: beginner questions

    Scheduled Pinned Locked Moved Virtualization
    2 Posts 2 Posters 604 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sgw
      last edited by

      For a customer I have to set up a pfSense CE as a VM on a VMware ESXi (8.0.2).
      So I research how to properly configure VLANs etc as these are required by the customer.

      As far as I understand I would:

      • setup (at least) two vSwitches on the ESXi: one for the dedicated WAN uplink, one for the trunk between pfSense-LAN and the rest of the networks (?)

      The VLANs should be available on the attached switches (Unifi switches, yes, I know, I have to create the VLANs on their controller also) and in the virtual switches on the ESXi (to attach VMs). Are 2 vSwitches enough to provide that? The hardware appliance running ESXi has 8 NICs: in a future step I might set up dedicated NICs for specific VLANs, maybe. But at first I want to get the basics right.

      Additional question: if we want to have a management VLAN: would it be best to add a third vSwitch then? I know that these questions are not pfSense-related only and could be asked in VMware-forums as well (at least some parts). Thanks for any explanations.

      P 1 Reply Last reply Reply Quote 0
      • P Offline
        Popolou @sgw
        last edited by Popolou

        @sgw The theory for it is relatively simple but in practice, it may require some planning due simply to the nature of virtualisation. If you have a firm grasp of the technology, it should be straight forward however.

        There are essentially three modes for vlan tagging in vSphere: external switch tagging, virtual switch tagging and guest tagging. It is all here.

        You are correct that you'd need separate vswitches for both the internal and external networks but depending on how you want to manage the internal vlans, you'd want to pick one of the above three methods. I suspect that for the majority of users running pfSense virtualised, you'd want pfSense to manage the vlans so VGT is the preferred route. Your external switch is configured to pass all vlans to the trunk/access port that pfSense is on and esxi will preserve the tagging when it forwards it onto the VM.

        For the management vlan, even if you have a single vswitch configured to accept all vlans, you can have another switch (on the same vmnic) configured for a single vlan that is also within that other wider vlan group. The usual good practice of moving the native vlan to anything other than the default vlan works in this scenario.

        A word of advice is that if you plan in future to use vSphere HA, you may want to save yourself the trouble later down the line by setting up your project with HA already up and running rather than migrating everything to Distributed Switches later.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.