How to support ANY vendors native agents, (HP, DELL, etc.) on PFsense…
-
I have a whole MESS of HP DL360 G series servers here and they run PFsense well.
The problem lies with things like fan control and other agents and management, etc.
If you have a DELL or HP or even some other platform that is supported by any popular Hypervisor, load that first.For me, I will load VMware ESXi on these boxes and run the firewall as a single VM on them.
Then you I can load the VMware ESXi drivers that are supported by HP and since ESXi is FREE and WEB BASED, and I'm good to go.
The idea is actually a excellent, because you would never have to rebuild your PFsense box again!
I could just move the VM to any other HW you choose moving forward - the VM stays the same.
===============
BONUS OBJECTIVERun TWO PFsense firewalls on the same server.
Why?
Because you can keep both servers and sink and upgrade one while you fail over to the other or otherwise just do fancy load-balancing or nested firewalls in the same box.
Typically there would be no impact to performance on either VM, because these firewalls are not typically very busy, and even if they are there not busy enough to completely overtake the power of a ProLiant DL360 Gx or equivalent from almost any other vendor.
How many times have you had to reboot your Internet facing firewall only to lose access to your internally routed network for the duration of the reboot?
This is where nested firewalls would be of benefit.
In the past, one firewall would have handled all edge and internal network traffic, so let's just call that 100% of your networking/firewall he needs.
If you split the firewalls to externally facing and internally facing in a nested configuration, you have basically split the load amongst the servers and effectively not increased the total load overall really.