OK, first post here. I joined to see what I could find out about virtualizing pfSense as a way to learn it, home lab use only right now. But I think the videos I just watched here on the forum have convinced me that’s not the best way to get started with pfSense.
I had the idea because I have a couple spare Intel NUC 13 and their Thunderbolt 4 connections can be make available to the network. So… a little Proxmox install, 2 nodes, pass through the NICs and on I’d go. If I biff the thing, delete, rinse and repeat with that clone I made first. But I guess I’ll find some other lesser bare metal to run it on and not complicate things.
Unless of course someone here wants to convince me to jump in to the deep end
I did a couple of searches and I see people are virtualizing pfSense.
I’ve done this and it’s really no big deal as long as you think it through and are prepared. Like everything in tech, each approach has trade offs. For example, virtualized firewall lets you take snapshots before you make any changes or even setup some exotic HA configuration; it also means when you mess something up it’ll be an extra step to figure out if the issue is with the VM or the host.
As a way to dio your toe in and see how things go, you could easily leave your current network intact and run a virtualized pfSense as the gateway between your home LAN and a lab network. That config works great and you’ll be able to get the hang of the pfSense ecosystem.
Thanks tvcvt for the reply !
Thinking this through and being prepared is the exactly what I’m trying to do here. I’m months ahead of needing to replace/upgrade a router and with pfSense being top of the list to consider this the first step in my due diligence.
The scenario you describe is exactly what I was thinking. By running the virtualized pfSense as the gateway to just my home lab, non-critical systems and not as the primary router if I have an issue nobody else goes down.
I suppose it depends on what your starting point is.
Clearly you can just install pfSense in a vm and away you go, however I doubt you will encounter many issues until you use it as your main router. I’m pretty sure things will just come up. Though I imagine it might be tricky to differentiate the source of a problem whether it’s the virtualisation or pfsense.
Either way is fine, though I’d be inclined to go the physical route first then virtualise later.
OK while that makes complete sense I was just hoping to gain some familiarity with pfSense before deciding what hardware to run it on.
I’m anticipating using it with just 7 end points and only 1 VLAN. The thing is it’s the engineering department and the last thing I want to do is stop those guys from working, even for just a few minutes.
The way I started learning pfSense is that I installed it on an old PC with a spare NIC in it. I had one desktop PC on its LAN, and that one was nonessential. This was a good things, because during the learning process I borked it a couple times and did a reinstall. Once I had the desired level of competency with it I added the other PC in that room, and then after another week, transitioned my entire home network to it. Now I have installed and set them up for businesses and am confident in doing so.
I also back up my configs very frequently, so if I bork it I can reinstall and recover from a good config, then try the thing I borked again until I get it figured out. Saves a LOT of time, and being good at the recovery is also a very good skill to have.
Big thing is to have fun with it, and just enjoy learning.
LOL I assumed you were running this at home !
In that case you need to run this in your test environment, if you haven’t got one you know what you need first !!
Thanks Rob, that’s exactly my plan, to gain some experience with it before relying on it. Or more importantly, asking anyone else to rely on it.
neogrid I am going to run this at home first. Sorry I wasn’t clear, the eventual goal is to implement it at work for a small workgroup.
I only have instances of pfSense virtualized and never had an issue, so even in prod I can say it is solid. Being able to take a snapshot before an upgrade as saved me quite a few hours from having to deal with a failed attempt. Now I’m not pushing much more than a few hundred Mbits, but it serves my requirements without any issues.
As for a lab, I really don’t think it should matter.
Interesting Fred. Thanks.
I run pfsense virtualized in Proxmox and have no issues with it. I may pick up a dedicated unit to run pfsense but I’ll likely still put proxmox on it and install pfsense to be the only VM that runs on that node so I can snapshot it. It can be a little annoying to have your network connection drop when you need to bring down your host for maintenance.