Had been organising a pfsense field as a digital machine inside a VMWare ESXi 6.0 surroundings (inside a VXRail hyper-converged Field).
The goal configuration is that to entry any machine inside this field, you must undergo the Firewall. Site visitors between machines throughout the similar field additionally have to undergo the firewall. Since they’re completely different servers e.g. Internet Server, Database Server, the VMs are setup to be in several VLANs.
As such, we have setup pfSense with two interfaces. One is the WAN that can be utilized by the “Exterior World” to speak to servers throughout the ESXI surroundings and the opposite is a Trunk that ought to then connect with all of the VLANs protected by the pfSense field.
ESXi:
We have adopted the information right here to setup a Distributed vSwitch in VxRail. we have setup a distributed port group? of VLAN Sort VLAN Trunking and with VLAN IDs 0-200:
To our understanding, this Port Group is what we’ll connect to pfsense Trunk in order that it is ready to “learn” all of the VLAN tagged site visitors?
Trunk on PfSense:
To create a trunk on pfsense is principally including the NIC to the pfsense VM. The NIC ought to be the Port Group we have created above.
VLAN on pfSense:
After that we create a VLAN on pfSense and add a VLAN ID. This VLAN is sitting on the Trunk we have created above. Instance under:
We then add an interface based mostly on this VLAN and provides it an IP of 192.168.152.1
Protected Machine:
We then create a machine that can be protected by the firewall. So first, we add an NIC to it. The NIC relies on a bunch community that has a VLAN tag e.g. 152 as seen under.
We then assign the protected machine an IP of 192.168.152.10 with a default gateway of 192.168.152.1.
Downside Assertion:
Concern is, after doing all this, the protected machine can’t ping its default gateway. The default gateway can’t ping that machine. It is like there isn’t any communication between them in any respect. We have added a firewall rule to permit all site visitors on Interface152 and logged all the pieces however we can’t see any site visitors being accepted or rejected.
What might now we have missed? The most important confusion now we have is on the VXRail ESXI setup however any correction on pfSense setup can also be welcome.