From there, a port group will be created on the vSwitch with the associated uplinks and that port group will be tagged for the appropriate VLAN. The above diagram is pretty conventional – all trunk lines will carry the necessary VLANs into the hosts just substitute your favorite hardware, maybe add a secondary firewall, maybe put them on their own switch stack, maybe not, you get the idea. However, the configurations I am accustomed to always involve a physical firewall, router, or Layer 3 switch at the top of the infrastructure making it more straightforward for me to understand. Working at a cloud hosting company, I am very familiar with creating a multi-tenant setup in vSphere. I don’t suspect needing that many NICs/networks on my firewall, but it’s not best-practice if we’re working toward real-world concepts. So, while this would work, I could potentially run into issues with total NIC counts on the pfSense VM and, even worse, each time I added a NIC I had to reboot the firewall because FreeBSD does not support hot-add of NICs yet. However, if you read the Configuration Maximums documentation for vSphere 6.0 you’ll find that there is a 10 NIC limit per VM so this method will not scale well at all.
![pfsense vmware esxi 6 network pfsense vmware esxi 6 network](https://miro.medium.com/max/950/1*27d6Dhedv0Kd0nHYyPcUoQ.png)
After creating VMs and putting them in this new port group, I was able to control access to and from this new interface in pfSense. I then added a NIC to my pfSense VM and connected it to a port group on the newly created vSwitch. Originally, I had this concept working by simply creating an additional vSwitch on my ESXi host. Because I run a virtual pfSense firewall, the networking portion of this is a little more confusing than if the firewall were physical. There’s many ways to accomplish this, so don’t take my instructions below as the sole method.
![pfsense vmware esxi 6 network pfsense vmware esxi 6 network](https://i0.wp.com/domalab.com/wp-content/uploads/2020/10/domalab.com-pfSense-setup-06.png)
#Pfsense vmware esxi 6 network free#
I wanted to be able to spin up a small Linux VM and let a friend remote into it to test an application but I didn’t want him being able to run free on my network. I found it confusing enough that I thought it’d make for a good blog post regarding a VM of pfSense and VLANs.
#Pfsense vmware esxi 6 network how to#
Really, you don’t need that requirement for this to be useful – this post also documents how to segment your network with VLANs while using a virtual pfSense firewall.
![pfsense vmware esxi 6 network pfsense vmware esxi 6 network](https://www.jonkensy.com/wp-content/uploads/VLANfeatured.jpg)
I struggled to title this blog post because the purpose of this implementation for me was to modify my existing vSphere environment so that I could host VMs in their own segregated network.