Deploying a Virtual pfSense Firewall in ESXi the RIGHT WAY!
ฝัง
- เผยแพร่เมื่อ 5 ส.ค. 2024
- Running a virtual firewall can be dangerous if you don't properly set up your virtual networks. In this video, Rich walks through the pros and cons of running a virtual firewall, shows you how to properly configure virtual switches and port groups, and deploy a #pfSense firewall in #VMware #ESXi! Remember to ask your doctor if a virtual firewall is right for you!
*GET SOCIAL AND MORE WITH US HERE!*
Get help with your Homelab, ask questions, and chat with us!
🎮 / discord
Subscribe and follow us on all the socials, would ya?
📸 / 2guystek
💻 / 2guystek
Find all things 2GT on our website!
🌍 2guystek.tv/
More of a podcast kinda person? Check out our Podcast here:
🎙️ www.buzzsprout.com/1852562
Support us through the TH-cam Membership program! Becoming a member gets you priority comments, special emojis, and helps us make videos!
😁 www.youtube.com/@2GuysTek/mem...
*TIMESTAMPS!*
0:00 Introduction
0:27 The risks of exposing your hypervisor
1:19 The pros and cons of virtual firewalls
3:41 Configuring virtual networks in ESXi
6:44 Building a virtual pfSense firewall
12:38 Initial configuration of pfSense VM
16:09 Closing and final thoughts - วิทยาศาสตร์และเทคโนโลยี
As of today (February 12, 2024) VMware ESXi free is no longer available. 😰
kb.vmware.com/s/article/2107518?lang=en_US
VERY valuable video !! I stopped using a firewall, just installed a new D-Link DI-624.. :P
Would like to see this done on the new ikoolcore r2
Also what other usecases you guys could Think of
I am still considering the R2 as esxi host with pfsense, netbox, UniFi controller and possibly some docker as Well
I'd be interested in seeing an implementation with multiple VLANs/port groups with your layer 3 route points in the virtual environment. Internet provided externally through a physical appliance connected to your virtual environment. pfSense would be somewhat like deploying NSX for firewalling.
Sorry bro, love your vids, but the right way to build a virtual firewall, is to do a pci passthrough of the WAN port to the FW VM, that way you're not exposing the hypervisor. Been running that for a while and it's been working flawlessly.
Only downside of this is for any changes to the FW that you want a snapshot of, is you need to do a shutdown of the vm, snapshot, and turn back on. If you're using the FW as the router, you should be ok if you do this quickly. Otherwise, if you take too long, you'll be in a though spot getting your network back online. Having a hardware backup router is a plus.
You're not wrong! Hardware passthrough would be the ultimate in security! However, passthrough doesn't work for everyone, and if you have a cluster of ESXi hosts, you can't migrate your VM between hosts. *_BUT_* you are correct! Thanks for pointing it out!
Yes WAN AND LAN in single physical port please
Guys how do I design the virtual network if I wanna have DMZ interface on FW and all the servers I create goes into DMZ
So create a 3rd interface and call it DMZ
I really don't understand what is the big deal with using hyperv. I've been running pfsense on my hyperv host close to 3 yrs now, absolutely no issues.