Hello lawrence and other users, so i believe yesterday i asked this question on your Live feed on your youtube channel, although you gave a brief short answer i did not understand. Kindly elaborate.I would like to run pfsense and freenas on one hardware(one computer) but since i have never tried it before i need advice. Currently i am running pfsense independently from freenas(2 seperate computers).This is taking too much space on my cabinet and need an intergration on the two on one hardware.Is this possible? and if so, then what type of hardware specs would i need so that i do not run into issues with them? Thank you
You could make this work by loading XCP-NG https://youtu.be/bG5enpij0e8 and then configuring pass through for FreeNAS for the drives to work properly, here is a guide https://www.zerodispersion.com/xenserver-whole-disk-passthrough/ and then you would have to setup pfsense https://youtu.be/PTySV3ziPws
2 Likes
You can also install FreeNAS directly onto the box, then set-up pfSense as a VM inside of FreeNAS as it supports VM’s, although I’m not sure how well the VM functionality works in FreeNAS as I never used it that way.
There seems to be a consensus among the devs and veteran users on the FreeNAS forums that it is a very bad idea to virtualise FreeNAS in production and I am inclined to believe them, so this way you avoid virtualising FreeNAS.
You will ideally still need to pass-through the network cards you plan to use in pfSense. For proper pass-though your hardware needs to support VT-D (or IOMMU for AMD)
As for the spec. it really depends on the usage you are expecting. For very light usage, minimum for FreeNAS is a Multicore CPU with 8GB RAM and a Single-core with 512 RAM for pfSense, although I wouldn’t expect much from that set-up.
I suggest check the FreeNAS and pfSense forums for the spec required for your usage.
Seeing that you are talking about hardware specs it seems that you are willing to spend money, in which case leave FreeNAS run on it’s own hardware and get a Netgate sg-3100 (or other Netgate appliance that better suits your needs) with pfSense preinstalled, it is the official pfSense hardware and lower end Netgate appliances are the size of a router, I’m sure you can tuck it in somewhere in the cabinet, or even just keep it outside.
Thank you @ Tom…But can i not run a 16GB RAM on the PC and achieve that @ Hello IT.You see am in Kenya,Africa so it is really expensive getting a netgate router over here as i have to import.The best solution for me was to get an old pc(intel core i2, 2GB RAM and install pfsenss on it…So if there was a way to either get an affordable netgate router or run them both on one PC
With only 2GB memory, you’re pretty much stuck to running it as a pfSense box. FreeNAS requires heaps of memory dependent on drive/pool size. 1GB/1TB is the standard recommended ratio.
In that case my first suggestion stands.
Get a decent machine (or use your existing FreeNAS if it is good enough) with a Core i5 or above and 16GB RAM (or ideally a Xeon or AMD equivalent with ECC support and ECC RAM, which is recommended for production) install FreeNAS on it, then spin up a VM inside FreeNAS and install PFSense in that VM. This way you are running FreeNAS directly on the hardware, which is strongly recommended and your virtualization resource overhead would be minimal as you are only running pfSense as a VM. Ideally you would still want 3 network cards, one for FreeNAS and 2 to pass-through to the pfSense VM for WAN and LAN each.
This should be enough for a small office (5-10 Users) set-up with about 8TB of basic shared file storage on FreeNAS and a pfSense with the Firewall, DHCP, DNS, basic Web-filtering, VPN etc. enabled.
Keep in mind that enabling certain other things in pfSense may be resource intensive so check before doing so to see if your hardware can handle it.
I do agree with @faust the 2GB PC you mentioned is only good for pfSense on it’s own.
P.S. Make sure you CPU supports VT-x otherwise virtualisation is going to be very slow, and VT-d otherwise you wont be able to pass-through the network cards.