Multi-Tenant Firewall Virtualization in OPNsense

Started by vivekmauli14, July 15, 2025, 10:17:19 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 15, 2025, 10:17:19 AM
Hi,

I'm working on a requirement to bring VDOM-like functionality (Virtual Domains), inspired by how Fortinet enables multiple fully isolated firewall instances (tenants) on a single hardware appliance. Has any similar approach been explored before?

Are there thoughts on integrating bhyve or external orchestration in a more native way? Looking forward to your input and thoughts on how this can be achieved?

Best,
VivekSP
July 15, 2025, 10:24:20 AM #1
Currently the only way I can think of is to use a hypervisor of your choice and install as many OPNsense VMs as you need. I am not aware of any plans to integrate bhyve into OPNsense and I fail to see any advantage over using, say, bhyve on plain FreeBSD as one possible hypervisor choice. Best to keep the virtualisation and the firewall roles separate, IMHO.

You can of course use OPNcentral to manage your "fleet" of VMs.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 18, 2025, 01:34:26 PM #2
I use to deploy OPNsense on AlmaLinux with KVM, so I can backup / restore the whole VM in a couple of minutes.
Got very good results for years. Ping me if you need some advices (especially when not using PCI-passthrough for performance).
Print
Go Up Pages1
User actions