Install v2.2 in VMware esxi5.5



  • Hi All,

    Might sound like a really silly question, but only starting to get into network security so setting up

    a pfsense vm in vmware. am i right in assuming that as it will be in the local network i do not

    configure the WAN?
    I was advised this previously from a friend but wanted to confirm this. In the past i had configured a

    pfsense vm in hyper-v that had 4x lagacy NICs (WAN, LAN, OPT1, OPT2)…this was confgure inside my home

    network (behind my ISP router). I had configured the WAN as a local address (192.168.1.254....ISP

    Router 192.168.1.1) and other NICs 10.0.0.x, 10.0.1.x and 10.0.2.x). is this wrong??...



  • No, that should work just fine.  Make sure you turn off Block private networks in the WAN interface config.



  • so the WAN, is essentially my home LAN, right? (wasn't sure which question you're answering)..doesnt need to be my IP from ISP?
    ….what I'm trying to do later is config openvpn to the same sort of setup (pfsense in a vm) at my gfs house. So hoping this would be ok for that.



  • Rebel Alliance Global Moderator

    So why would you not want your home lan behind pfsense?  I run pfsense in esxi 6, not sure why you would still be on 5.5?

    But anyway - while yes you can double nat, that would not be your home lan anymore..  That would be your wan, your "lan" ie your devices would be behind pfsense..

    The way you show it your lan is just behind your isp router and you have devices on that network? What are you going to have behind pfsense?  Just VMs?  Don't you want to protect your network with pfsense?

    Do you have a switch other than your isp router?  Is it smart and supports vlans, are you going to other physical networks on different segments or just vms?  Are you going to use multiple physical switches?  How many physical interfaces does your esxi box have in it?

    So this is how you could do it with your double nat setup… But I would really just put your isp device in bridge mode so pfsense gets public IP..

    Do you want your physical network behind pfsense, or just vms?  What switches / wireless are you going to be using?  You kind of show wifi on your lan in your drawing.. What is that from your isp device?  Another wifi router, an AP?  Don't you want your wifi network also behind pfsense?

    I don't show it but you could have VMs also connected to the lan and opt1 vswitches.




  • Running on a HP MicroServer N40L, …hmm..for some reason I assumed it wouldnt be compatible or perform as good as I couldnt find anyone who done it. Will definately try it if its compatible.

    The lab behind the pfsense was more a test lab so didnt want to impact on the home (other family members use it a lot now)..just wanted to replicate a corporate infrastructure....will move the home network behind pfsense in future once i get more familiar with it.

    in  the diagram there is a switch (there is no actually switch...), should be the router (virgin media super hub) has 4 ports, all connected. the router also supplys the wifi signal.

    server (with pfsense vm) has 3 physical NICs.

    ....thanks for your comments.................May actually put the pfsense in front of the home LAN now...hmmm...how would i bridge the connections?


  • Rebel Alliance Global Moderator

    Well you not going to do much if all you have is your isp 4 port switch that is part of your gateway to work with.

    I have been running pfsense a long time with multiple other vms 24/7/365 on a N40L with 8GB of ram and total of 4 nics..  That has been multiple versions of esxi and multiple versions of pfsense over the last few years.  I got my N40L back in march of 2012 - so a bit over 3 years ago.

    I really want to get something current and I think my next esxi box might be this - http://www.supermicro.com/products/system/midtower/5028/SYS-5028D-TN4T.cfm

    With 4 built in nics, 2 of which are 10gig the amount of ram it can do, etc..  Think it will make a fantastic home esxi box.. Now just kind of wish my N40L would die so have a excuse to give the wifi why I need another computer ;)

    If you want to actually do this you need a switch, that supports vlans would be best and then something to use for wifi.. Since seems you have everything in 1 basket with just a isp gateway device.  But yeah running pfsense as your edge router on vm is very simple and easy to do.



  • so have a excuse to give the wifi why I need another computer ;)

    Married to technology?



  • NICE!!…heard good things about SuperMicro..I'm actually tempted toward the gen8 Microserver (speced to xeon 1265lv2)...just hoping the price will go down once the gen9 is released...  :D

    just read a review on someone who actually ran esx6 on an n40l...verdict; runs ok "without any modifications"....well, i have a modded bios to allow hotswap.

    I do have a managed switch Cisco SLM2008 and a Netgear GS POE (cant remeber the model) lying around. will look further into running it as an 'edge router'...(always wondered what an 'edge router' was...lol). for the wifi, would it be best to get a wifi card or old ISP router?? any links in particular for this kind of setup?


  • Rebel Alliance Global Moderator

    I also have a modded bios and have not had any issues.  But not sure I have this bios to allow for hotswap of disks?

    As to edge router - that would be a router at the edge of your network ;)  Ie between internet and your local network would normally be edge, so the router between the internet and your network would be your edge router ;)



  • so..it appears i dont have a suffient enough wifi card/AP to run behind pfsense (edge router). at the moment i've left the SuperHub as the main router now and wifi (5G) connections connect to it. Only the physical connections connected to the managed switch are behind the firewall.

    …also, if i manage to find a resolution for the wifi, would I be forwarding all traffic to my pfsense box (and have everything managed from there?