Hi all!
I have a rather complicated question regarding network stuff on ESX in datacenter...
We have ESX 4 in datacenter and I can manage only ESX, I cannot manage switch or other
equipment... Provider gave us 5 public IP addresses...
So I used one for management network, I have 2 PHY NICs teamed in one vSwitch.
I also have one network created via vsphere client that is for virtual machines + management network..
So my question is, can I install pfSense (or any other capable) firewall on ESX and assign 2 virtual NICs
from that network I created and assign one for WAN and one for LAN on pfsense?
So my virtual machines would use internal class C network addresses and I could still use 4 (3) public
IP addresses...
Problem is that I have no option of second machine in datacenter to act as a firewall...
What do you think guys? Is it safe? I kind of tested it already and it works, but I don`t know how safe
this config is...
Thanks!
Umm I must correct myself...
I have 2 vSwitches...
1 for those 2 teamed NICs (uplink to my ISP)
other vSwitch is for virtual machines for LAN but with no NICs...
So that they are separated...
With the 2 vSwitches you can connect the green interface of pfSense to the internal vSwitch and the red interface to the external vSwitch. This way you can make pfSense act as a firewall and router. The only unprotected port group in this case is the ESXi host's Management Network itself.
André
Thanks André!
Is this some sort of best practice?
I know ideally would be that we add another physical machine and install pfsense on it
and then protect whole ESX enviroment, but sadly this is not an option...
Is there some sort of other solution for ESX`es in such remote datacenters?
Thanks!