I don't have VMWare-specific insight.  But, we're doing this on another 
platform, with CARP syncing between the pfSense VMs.  I would consider using a 
VLAN to isolate the Internet traffic from the servers.  Depending on the amount 
of traffic there are settings for the number of firewall states and such but 
unless you're expecting a super high number of connections I would probably 
just turn it on and check the settings periodically.

--

Steve Yates
ITS, Inc.

-----Original Message-----
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia
Sent: Thursday, April 14, 2016 4:41 PM
To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
Subject: [pfSense] pfSense on vmware ESXi 6.0

Hello,

I'm looking for advices and best practices when running pfSense (this time it 
will be 2.3) in a vmware VM.  I'm offered to move some resources to a virtual 
datacenter made of dedicated hardware hosts in clusters, running ESXi 6.0 and 
vSphere.  I have access to such an infrastructure for the next 3 weeks.  I have 
used pfSense in a number of devices and hosts, but never inside a VM, except 
for experimenting with configurations of pfSense itself.

I could build up a pfSense 2.3 VM without real difficulties.  Installing the 
integration tools was easy through the included package.  Now, what are the 
pitfalls I should look for?  Any shared vmware experience from you will 
undoubtedly help fine tuning this.

For now the pfSense VM I configured has these resources: OS declared to vSphere 
is FreeBSD 10.3 64 bits, 1 socket, 2 cores, 2 GHz reserved, 2 GB RAM, 10 GB HD, 
2 network adapters. I'm generally resources-conservative but I could allow much 
more if it makes sense.

For these adapters I have the choice between E1000, VMXNET 2, VMXNET 3.  I have 
set them for VMXNET 3 but without background about this being the 
right-thing-to-do or not. At least it seems to work but I still need to stress 
test the VM (traffic-wise) a little bit.

Are there tunings inside pfSense which you could recommend / not live without, 
based on your experience inside vmware virtual machines?

Network interfaces settings? All are set for their default pfSense values, 
which means TCP segmentation offloading and large receive offloading are 
disabled. Would it make sense to enable those?

Thanks for any insight you might want to share.

--
Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, 
integral.be/om


_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Reply via email to