View Single Post
Old 28th November 2011, 20:55
3zzz 3zzz is offline
Junior Member
Join Date: Jan 2008
Location: California
Posts: 18
Thanks: 0
Thanked 1 Time in 1 Post

Originally Posted by neofire View Post
Hey 3zzz

The Reasons i Suggested a physical machine if pfsense is going to be edge firewall, (and mmidgett nailed one of the reasons) is purely from Disaster Recovery point a view ( all eggs in one basket situation ) and the other reason is security and expandability, i have seen one situation where a client had a VM firewall on the same host as his production VMs and (his firewall was setup quite poorly) and some one managed to hack and gain access to his VMware ESXi Console, and cause considerable damage to his environment

if you have any more questions or concerns feel free to ask
Thanks neofire!!
I think I will have 2 identical machines for redundancy; seems for my purposes it'll be cheaper than shared storage.
For security I will limit access to ESXi to the local network only, and use pfsense to block LAN addresses from spoofing over the WAN so I would hope ESXi is not accessible to hackers unless they first gain access to a LAN machine.

Well thanks for your advice, I'll let you know how it goes!
Reply With Quote