Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense placement in VMware ESXi
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense placement in VMware ESXi (Read 6493 times)
deodion
Newbie
Posts: 16
Karma: 0
OPNsense placement in VMware ESXi
«
on:
August 12, 2017, 01:20:47 pm »
If I put OPNsense in a VM,
what is the best practice for OPNsense placement in VMware ESXi related to other VMs being protected?
I have seen:
https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi
Assuming the above link is analogous to OPNsense,
Can I make
dSwitch A (port group: WAN) with uplink
dSwitch B (port group: LAN)
NO uplink
Make the OPNsense VM has 2 vNICs (LAN and WAN)
and let other VMs in dSwitch B (LAN),
Question:
Is above topology doable and correct?
If someone can answer: is there any VMware features affecting VM in dSwitch B? like vMotion perhaps
If I have standard switch, with VMkernel Adapter inside, can I move that to dSwitch B (separate port group says: MgmtPG)?
Thank you very much,
«
Last Edit: August 12, 2017, 01:43:13 pm by deodion
»
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: OPNsense placement in VMware ESXi
«
Reply #1 on:
August 12, 2017, 03:13:03 pm »
I would recommend the following setup:
OPNsense VM with at least 3 interfaces: Management, LAN and WAN. DMZ-Interfaces as needed.
Management: Gives Access to the Webgui of OPNsense and ESXi and unfiltered Internet Access.
WAN: As you may think how this should be used
LAN: The computers which should have filtered network access (no access to management interfaces)
Management can reach anything
LAN -> DMZ, Internet (Filtered by Port)
DMZ -> Internet (maybe limited to a list of IPs, Ports)
WAN -> DMZ (if allowed)
Logged
deodion
Newbie
Posts: 16
Karma: 0
Re: OPNsense placement in VMware ESXi
«
Reply #2 on:
August 12, 2017, 06:27:25 pm »
You seem reffering management to vcenter as one of it?
Thanks for the answer btw..
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: OPNsense placement in VMware ESXi
«
Reply #3 on:
August 12, 2017, 09:09:52 pm »
Management is a VLAN in which includes
* the Management interface of the ESXi (Web and/or API endpoint for the client)
* the Management interface of OPNsense (GUI, SSH)
* your management computer (laptop or pc), which is usually not connected to this VLAN
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense placement in VMware ESXi