Virtualizing Pfsense and PBX

  • Good Day,

    I am new to this forum. I apologize for posting this in General as this is both a Firewall and Virtualization question.  I am looking to create a small appliance using Proxmox with a device that has two Ethernet ports.  One port is connected to a Pfsense VM (WAN) and a second port (LAN) connects to an Elastix PBX and the Pfsense firewall.  The processing power and memory is good with 4 cores at 2.9GHz and 16GB RAM (VT-d supported).  The idea is to hide and provide access to the PBX ONLY via IPSec/OpenVPN tunnels and not to pass SIP directly through the firewall ports.  I was just wondering if this is something that is best practice, that is, is this safe?  If not, what are the issues I can run into in a setup such as the one described?  I have seen arguments for and against virtualizing firewalls on your VM host in case there are vulnerabilities that can be exploited, however is this not mitigated via the setup described?  Just a discussion I wanted to get into and to get a feel of what others here have done.  Thanks.