Hi All,
Hopefully someone might be able to chime in and give me an idea on if what I am trying to achieve is possible (and also sensible).
Anyway in my quest to lower power usage, I am looking at all of the machines I am running and which I can consolidate. Currently I have a vmware esxi server which runs a number of my virtual machines, and then I also have an older IBM machine which is running pfsense as my firewall / gateway / router. The pfsense machine is given a half-bridged external IP from my modem and then handles the routing to and from my network, does IDS and a number of other things.
Anyway the issue is that the machine is not an efficient machine, uses a bit of power, and I have spare capacity in my esxi server to easily handle a number of these kinds of virtual machines.
I am keen to try and keep security as good as possible, so I don't want to just join the modem into my main switch since it would expose security issues, so my thought was I could put another network card in my physical server (esxi server) and create a virtual machine for the pfsense firewall, assign a physical network port to the pfsense machine (for the WAN) and this port would only be assigned directly to the virtual machine (e.g. not shared through a virtual switch), and then one of the normal network ports of the esxi machine can be the LAN network port which is post firewall and should be fine to be shared with other machines.
Optionally I could also have a virtual switch for DMZ and move my web servers, email servers etc into the DMZ zone for additional security preventing me having to open ports into my internal network.
Would the above be possible, and am I right in thinking as long as I assign a physical port to the firewall, then it should be as secure as a physical machine in place since the network port would only be for the firewall virtual machine, and not management, or any other internal network related port?
Appreciate your thoughts.
Hopefully someone might be able to chime in and give me an idea on if what I am trying to achieve is possible (and also sensible).
Anyway in my quest to lower power usage, I am looking at all of the machines I am running and which I can consolidate. Currently I have a vmware esxi server which runs a number of my virtual machines, and then I also have an older IBM machine which is running pfsense as my firewall / gateway / router. The pfsense machine is given a half-bridged external IP from my modem and then handles the routing to and from my network, does IDS and a number of other things.
Anyway the issue is that the machine is not an efficient machine, uses a bit of power, and I have spare capacity in my esxi server to easily handle a number of these kinds of virtual machines.
I am keen to try and keep security as good as possible, so I don't want to just join the modem into my main switch since it would expose security issues, so my thought was I could put another network card in my physical server (esxi server) and create a virtual machine for the pfsense firewall, assign a physical network port to the pfsense machine (for the WAN) and this port would only be assigned directly to the virtual machine (e.g. not shared through a virtual switch), and then one of the normal network ports of the esxi machine can be the LAN network port which is post firewall and should be fine to be shared with other machines.
Optionally I could also have a virtual switch for DMZ and move my web servers, email servers etc into the DMZ zone for additional security preventing me having to open ports into my internal network.
Would the above be possible, and am I right in thinking as long as I assign a physical port to the firewall, then it should be as secure as a physical machine in place since the network port would only be for the firewall virtual machine, and not management, or any other internal network related port?
Appreciate your thoughts.
Comment