VMware Cloud Community
aspyrina
Contributor
Contributor
‎04-01-2016 06:53 AM

Replacing Edge GW with PfSense

Hi all,

i'm just join this forum to ask a question about migration in my cloud; i'm a newbie.

I have an Edge gw and a pfsense vm, both share the same routed networks.

I need to translate the routed networks into isolated networks and keep only the pfsense vm.

preparing for  this operations, i think it's required

1. shutdown all the virtual machines

2. create an isolated network

3. unlink the routed network from all vm

4. delete routed network

5. link all the vm to the new isolated network

6. start the vm

have you any suggestions/precutions, GURU's?

thanks!!!

Tags (3)
0 Kudos
3 Replies
Sreec
VMware Employee
VMware Employee
‎04-01-2016 10:32 AM

Hi,

     This looks like a VCD+NSX/VCNS set up since you are referring Routed/isolated network. Isn't that correct ?

1. Shutdown all the virtual machines

2. Create an isolated network

3. unlink the routed network from all vm

4. delete routed network

5. link all the vm to the new isolated network

6. start the vm

All these steps are fine.But were is the replacement step for Edge with Pfsense? If i'm not wrong in the isolated network you have pfsense VM running ? If this is a VCD set-up and if you are creating a isolated network,i hope you are aware that isolated network deploys a One-arm edge(Internal Only Interface)

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
aspyrina
Contributor
Contributor
‎04-02-2016 11:14 AM

Hi Sreec, thanks for reply!

I don't know wich is the architecture, because i am not the vcloud admin.

I have a space on this cloud.

A simple draw where you can see that the pfsense shares  the net2 with a vApp.

vcloud.png

0 Kudos
Sreec
VMware Employee
VMware Employee
‎04-04-2016 08:25 PM

Hi,

    Thanks for the topology and configuration is exactly what i mentioned earlier. Pfsense part of the VAPP only internal network.The only correction that was needed is Org Isolated network is depended on Edge which i have shared earlier. So only in that CASE if your aim to get rid of Edge it doesn't really work.In your topology it is VAPP-Isolated network and this would certainly satisfy your requirement.Only catch is Pfsense doesn't provide inbuilt HA functionality so you will have leverage vSphere HA.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos