    using PVLAN with virtualised firewall and trunk ports

    mephistopoa

      Hi guys,


      I'm testing pfsense running as a VM in ESXi 6.7U2 and I'm having some difficulty with PVLAN on ESXi side and regular VLAN on the firewall side. So far I understood, for example primary PVLAN 10 will be promiscuous, and PVLAN 11 would be isolated, that means I need to have the firewall with a vnic connected to the group port that is promiscuous and the VM in the isolated PVLAN, that works fine. The problem is that for every PVLAN I will need to create a new vnic connected to the virtual firewall.


      I was hoping I could have some sort of trunk port at PVLAN level so the VLAN10 is tagged when it arrives on the virtual firewall. That way I can simply create additional VLANs on the firewall without need to add more vnics.


      I can't find a way to make the PVLAN10 be tagged when going to the firewall, it seems it only works as an untagged vlan port.


      Is there a way around this? I can't find anything on the documentation, so I would really appreciate if I could get some directions