Hello All,

the following is an example of the vapps I am hosting:

• x.x.160.x is my "external" network.
• 172.30.10.x is just another internal network to allow access to other labs.
• I have pfsense router in every vapp
• all vapps are fenced [large catalog....]
• the reason for pfense is so my users can ssh or rdp to the same external interface of the pfsense and access the environment inside the vApp

• 000_pfsense = rotuer
• 001_dc01 = domain controller  (full internet access)
• 002_LJUMP = Centos Jump    (full internet access)
• LAB-01-x = nested ESXi nodes / VC cluster on isolated network (172.168.10.x)

the design works very well, been using it for years now, but I am curious  - is there a better way to do this?

Every vApp will have its own external IP address [not shared], custom ports are not allowed, I so I only use 22 & 3389 when accessing the x.x.160.x address.