Thoughts on new PFSense build


#1

I’m really new to the pfSense world however I was thinking about following build:

  1. Protectli FW6C – 6 Port Intel® i5 with 32 GB Ram and 1 TB drive

Configuring Build to run Pfsense Virtualized using Proxmox. By virtualizing Pfsense it would allow by run to 1-2 additional VM’s on the box.

Question

  1. Is there a distinct disadvantage to running Pfsense virtualized or should I just install Pfsense directly?
  2. I’ve read about the long standing dispute between Pfsense/Netgate and vendors such as Protectli which don’t contribute back to the project. Any future concerns in the future with future Pfsense builds not supporting the hardware in the Protectli box?
  3. If considering virtualizing – any other hypervisors that would be recommended. Looking for SMB with very low costs if possible.

Anything else I might be missing?


#2

In my mind, the main disadvantage of running pfsense as a VM is when you need to take the host down for maintenance you loose internet. The Protectli is overkill for just pfsense.

If you want Netgate hardware I’d look at the SG-1100 or SG-3100 depending on your connection speeds and needs. If you are fine with used hardware this might be a good option. They also have a version without a cpu that I got. I put a Xeon E5-2609 v2 in it and already had spare RAM and a ssd laying around. It should be able to handle gigabit with IPS/IDS without a problem.

I haven’t read a ton about it, but my understanding is the problem is people that preload pfsense and sell it as a kit. I really don’t see them stopping support of commodity hardware.

Xcp-ng is another hypervisor if you want to stay opensource, or you can run the free version of ESXi. Sometimes there is a hardware compatibility reason to run one over another, but I’d say it’s mostly personal preference and comfort.