I had tried virtualizing my PFSense box in the past and had not been able to get any devices to talk back to the PFSense box. It seemed like a very straightforward setup to me. I recently tackled the project again as my physical hardware was going out on my old box causing PFSense to crash. I won’t get into the details of that box. The good news is that it’s off now. 🙂 Here is an overview of how I did this.
- Spin up new virtual machine on VMWare ESXI with PFSense. Set up 2 network adapters within ESXI and the PFSense machine’s settings.
- For ease in configuration, I turned on the LAN DHCP within PFSense. That is not required though, there are plenty of ways to accomplish this task.
- Download a backup config from existing firewall.
- Once installed, restore the backup config to your newly installed PFSense machine.
- Modify adapters as necessary. If you didn’t turn on DHCP, another option at this stage is to use the console interface in VMWare to set the interfaces in PFSense. Both methods are very easy to do.
- At this stage, if I were to plug my existing WAN into the newly designated port and the existing LAN into the newly designated port, what would happen? Assuming you mapped the ports correctly in PFSense and VMware and everything is plugged into the right spot, you’ll be missing one (quite important) step. In the properties of the adapter in ESXI, you have to set the internal LAN VLAN to 4095. This ID allows VLAN traffic to pass through without being modified. VLAN 0 disregards the tags which is the default.
This process is by no means difficult, but it was tricky. It was obvious why the traffic was not passing in my first attempt but it was not immediately obvious that VLAN 4095 is the one to use to maintain the tagging. That simple change has everything working properly.