Asking for good pratices DMZ and xcp ng pfsense

First for my first post: Thank you Tom and your team for your excellent videos on YT.

I do have a question regarding network security good practices.
I have a pfsense firewall that LAN/WAN and 2 other networks on VLANS:
1 for user clients (guests of our non profit)
1 for internal servers and assets that guests uses (CUPS server, NAS…)

I would like to add a new server with xcp ng and VMs.
Is it safe to physically connect the host to the LAN or another subnet and at the same time isolate a specific VM on another network (or VLAN) through the another interface (or using xcp-ng vswitch) that would be open to the outside (namely filesharing service) ?

My goal is to use the XOA VM of the first server to manage the second one so I spare ressources.
But is it safe, I wouldn’t want to weaken our network as a whole.

Thank you for your time and stay safe :wink:

Not exactly clear on what you are asking, but you can use XCP-NG to connect each VM safely to what ever network you want using the Xen Orechstra.

1 Like