Pfsense & public services questions

Hi there!

I’m running Pfsense for my firewall and I want to make sure I’ve configured a separate network that is properly secured. I have some publicly available services (minecraft/plex) that I want to confirm can’t see the rest of my internal network.

I have a T620 Plus with a quad port nic, one of the ports goes to the cable modem (WAN), one of them goes to a physical switch with all my network devices (“SwitchLan”), and one goes directly to a ESXi virtualization server with a vSwitch with the VMs that I want to be publicly accessible (“PublicLan”).

Below is a diagram of the network. Is it sufficient to have the physical switch & devices be on the 192.168.3.X network, and the vSwitch be on the 192.168.5.X network, and just create firewall rules to block traffic between the networks, or should I really be doing more?

Yes, having them on separate networks and separate switches with proper rules should be fine.

1 Like