Hi,
I'm working on a requirement to bring VDOM-like functionality (Virtual Domains), inspired by how Fortinet enables multiple fully isolated firewall instances (tenants) on a single hardware appliance. Has any similar approach been explored before?
Are there thoughts on integrating bhyve or external orchestration in a more native way? Looking forward to your input and thoughts on how this can be achieved?
Best,
VivekSP
Currently the only way I can think of is to use a hypervisor of your choice and install as many OPNsense VMs as you need. I am not aware of any plans to integrate bhyve into OPNsense and I fail to see any advantage over using, say, bhyve on plain FreeBSD as one possible hypervisor choice. Best to keep the virtualisation and the firewall roles separate, IMHO.
You can of course use OPNcentral to manage your "fleet" of VMs.
I use to deploy OPNsense on AlmaLinux with KVM, so I can backup / restore the whole VM in a couple of minutes.
Got very good results for years. Ping me if you need some advices (especially when not using PCI-passthrough for performance).