I was hoping to run a Opnsense firewall via ESXI along with an "occasional use" win10 Vm & a Nas (undecided which one but will only be on 1 hr a night) on a Pentium G5420 (2.8Ghz dual core w/HT)
Is this enough or should I upgrade to an i3/i5?
Also, is it best practice to pass the Nic that the ISP will connect on thru to Opnsense or just leave it part of the EXSI Nic-pool? There will be 5 1Gb ports total
CPU load will depend on the number of rules and features such as IDS, VPN, etc.
You can attach the WAN interface to an ESXi port group, through a dedicated vSwitch, or a VLAN on an existing one.
Bart...
I will will be using both IPS & a VPN to the Win10 Vm. The Vpn would only be used occasionally. The Nas VM will likewise only one for about an hour overnight for backups.
I would rather not find out I need more CPU after I buy the Pentium <grin>.
I realize I have options as to the configuration of the nics in esxi, but whats the 'best practice' from a security standpoint?
Quote from: popatim on July 03, 2020, 11:41:47 PM
whats the 'best practice' from a security standpoint?
Your firewall needs to implement your security policy. Performance is only relevant if lack of it forces you or your users to by-pass or turn off security features.
In general, you need to look at your budget in relation to your requirements. E.g. is the Win10 VM likely to be used to visit suspicious services? If not, do you really need IDS?
Bart...