I am going to be a college student studying Network Engineering this September, and I just thought that it would be a good idea to mess around with esxi and pfsense all together. I have already ordered all the hardware for my Esxi server and I am just waiting for it to arrive!
My question is, Would you recommend me to have pfsense inside of my Esxi setup since I am going to buy an intel NIC 1 Gbit with 2 ports besides the motherboard 1 Gbit port, or would it be better to have Esxi on a Separate box like those
It depends on your cash situation, if it’s not much then I’d say virtualise pfSense. Though I have a similar box for pfSense and generally I’d recommend a physical box.
ESXi is not a bad option if you will be mocking up networks then scrapping them, though having an ebay managed switch might help with the learning, that being the case a quad port card is not much more expensive then a dual port, then it’s easier to mess around with bonding, teaming, aggregation.
@karl_598 I am running pfsense on ESXi, I bought Intel I350-T4 and did a passthrough to pfsense VM.
I think you will be good with 2 port NIC if you dont want to have Multi Wan/Load Balance, just passthrough the card to pfsense VM and you will be good.
I don’t really need more than 2 ports in total including the one on the motherboard, but I got this just in case! I am going to be doing VLANs on the LAN port and just pass the WAN port from my router straight. I also ordered a cheap unmanaged switch that supports VLANs so and it can also pass all traffic including VLANs to another port. That is really what I am looking for since I will be learning about networking and just have it at home running 24/7 as a router, in Fact my dad is completely refusing that I have this thing running at home. He said if you wanna do this do it on your own, so the WAN will be a DHCP address from the ISP SOHO router.
I will look into a quad ports network card. and just so you know my only concern about this is getting DDOSed and having ESXi stress out or even effect the performance of other VMs. well it handle DDOS since my internet plan is 300 Mbps only and this wont even be exposed to WAN directly. It will be behind a wiregurad VPS in a Data center that has a big DDOS attack protection platform.
What I am asking here is lets say one day I decide to expose this to the internet directly like with a public IP, well Pfsense inside of Esxi handle DDOS attacks the same as in a dedicated Pfsense box or will it not stand a chance against DDOS?
I also would like to know from you, what is a good cisco switch that I can buy from ebay that is fully managed? I am aiming for a gigabit ports switch but it would be fine if I can get a fast ethernet switch with good advanced features!
I couldn’t really say how pfSense in ESXi would handle being attacked, though I suspect many people run such a setup and there isn’t much news about it flaking out. ESXi has been around for years so again I’d say it’s pretty stable.
Cisco is a good idea from a learning point of view, there has been past recommendations in the forum but I don’t have experience of Cisco I’d only suggest trying to get your hands on something that still has it’s firmware supported. If you’re learning cisco on your course then it will obviously help.
Not all ethernet cards are created equally, again from a learning point of view, you’ll need to do some research (I just need plenty and cheap) or search the forums for what other have recommended.
Whoever is running your course ought to be consulted for their inputs too.
@karl_598 I think you will be good with 2 port card you have, you dont need T4, if you are planing to learn networking by using same esxi’s VM, then you dont even need external Switch.
But if still need cheap switch which can handel some vlans then you can also look for Smart Switch, I am using both Cisco Managed Switch and TP link Smart Switch, for basic networking you can just buy cheap smart switch from TP Link.
DDoS is again subjective and it all depends on attack which is mounted, so I dont think you should think too much on that aspect other than if you are planing data-center type setup.
Yeah, I thought that this card would be fine since I am doing almost everything inside of Vmware, and I have also got a D-link Smart switch that supports VLANs and a range of other things. Regarding the DDOS attacks, I am actually having this all at home and it is a home lab environment where it is fine even if things break, because I am going to be the only person that uses this whole system. Also, I am not going to be facing massive DDOS attacks since the internet in Canada is super expensive and the highest internet speed I will ever get is no more than 300 Mbps since it can get really expensive for anything above that, like I am taking from 100 CAD to 200 CAD for a 1 Gbit network plan.
Thank you to every one that have commented on this and given my suggestions!
