Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
ESXI OPNSense installations
« previous
next »
Print
Pages: [
1
]
Author
Topic: ESXI OPNSense installations (Read 8634 times)
tdalej
Newbie
Posts: 46
Karma: 0
ESXI OPNSense installations
«
on:
June 17, 2018, 06:44:32 pm »
I'm setting up OPNSense firewall on ESXi 6.5 and I'm looking for best practices on configuring the virtual networks in the ESXI server for management, WAN, LAN, DMZ and and interface to connect to a dedicated connection to a wireless access point.
This really isn't an OPNSense issue, but a VMWare issue, but I'm hoping someone has already done this and has some pointers on the ESXI side of the setup.
Logged
pongafence
Newbie
Posts: 29
Karma: 1
Re: ESXI OPNSense installations
«
Reply #1 on:
June 19, 2018, 11:57:43 am »
Hi there,
I've done exactly that. I guess the biggest thing is how you manage and how you plan on managing your Virtual Networks.
For us, what we've done is simply created a Virtual Network on our Distributed Switch for each network, and then added them as interfaces to our OPNsense appliance.
We thought about going down the route of creating a VLAN Trunk port, however, that simply opened up another can of worms regarding other Admins sneaking their VM's onto networks etc.
Logged
tdalej
Newbie
Posts: 46
Karma: 0
Re: ESXI OPNSense installations
«
Reply #2 on:
June 20, 2018, 06:12:37 pm »
I'm moving from a dedicated bit of hardware with pfsense and one static IP address to an OPNSense VM with 5 static IP addresses.
In the past since I have had only one IP address I used port forwarding to expose a web server -- with the additional IP addresses I plan to venture into DMZ setup with a dedicated Web server VM, mail server VM, etc.
In the new setup the ESXI host has multiple vSwitches, assigning a physical to NIC each -- VM management, WAN, LAN, DMZ and Wireless (for a physical cable to a pass through access point).
My first concern is that the access to the ESXI management functions don't become visible over the WAN. I can't find much about how to limit the ESXI management to a specific physical interface. I have been hoping to find some good discussion or docs on best practices on how to setup to avoid issues with connecting a physical NIC to the internet but short of ESXi hardening I haven't found a whole lot.
Logged
Evil_Sense
Full Member
Posts: 112
Karma: 15
Re: ESXI OPNSense installations
«
Reply #3 on:
June 24, 2018, 11:47:13 am »
There's a possibility to set the interface for management access on ESXi, either you use a dedicated Interface or you make sure it's on the LAN side of your OPNsense VM
«
Last Edit: June 24, 2018, 11:49:21 am by Evil_Sense
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
ESXI OPNSense installations