Starting my virtual journey.......
I just received a NUC today. It has 32gb ram an i13500H CPU and 2X2.5gb NICs. I'm going to be running 4 VMs, one of them being a NGFW. I want something free (either Sophos Home or OpnSense of PFSense). I also bought a 5X2.5gb L2 managed hardware switch. I've been looking for a tutorial on how best to take advantage of my hardware. I want to optimize for performance, and maintainability. I've seen a lot of posts about configuring virtual bridges if you have only 1 NIC. I have been looking for something that explains the OPTIMAL setup for 2 NICS and a Managed Switch. If getting to nirvana requires me to go get a USB to ethernet adapter, i would be willing if the perceived benefit is worth the cost. This is all brand new for me. The things that are in my head, that I dont yet have the knowledge to assess are:
1) Is there a way to configure using my hardware switch that will result in less pain if the router VM goes down (eg ability to access the Proxmox host... perhaps even remotely--or is that a step too far?
2) Is there a way to set this up that better optimizes performance (eg.. pass through a port to the firewall VM, having the hardware switch do tagging, etc)
3) I guess I weigh performance a little higher than remote access.. but what is the best compromise if i cant have both? What would you do with this hardware stack given your experience? Would adding a USB NIC (a third port) help me in any way and is it worth the cost or just marginally better? I have both 3.2 gen 2 and Thunderbolt 4 ports. I want to optimize performance but not break the bank.
5) What would you recommend for my first firewall? I like the idea of packet inspection, etc. I'd like to experiment with that. I see pfSense does a lot, but sounds like it's cumbersome. Untangled looks great but requires subscription, and a lot of extra charges for features..... Which has me seriously evaluating OpnSense or Sophos Home. Thoughts for a newbie? I know Sophos maxes at 6gb ram and 4 cpus for Home use. Is that enough for packet inspection?
4) I have searched google up and down but im not finding any tutorials that specifically reference this hardware config. There's lots of videos talking about how to set up VLANS for one nic hardware, but I didnt find anything about optimizing based for this hardware stack (with 2 nics and a managed switch). Can you point me to something, or do you have a diagram that I could leverage? Im looking for a pic and perhaps a setup tutorial on how to best to configure this... with a couple of bullets on why the setup helps with performance and maintainability.
Thanks in advance!
I just received a NUC today. It has 32gb ram an i13500H CPU and 2X2.5gb NICs. I'm going to be running 4 VMs, one of them being a NGFW. I want something free (either Sophos Home or OpnSense of PFSense). I also bought a 5X2.5gb L2 managed hardware switch. I've been looking for a tutorial on how best to take advantage of my hardware. I want to optimize for performance, and maintainability. I've seen a lot of posts about configuring virtual bridges if you have only 1 NIC. I have been looking for something that explains the OPTIMAL setup for 2 NICS and a Managed Switch. If getting to nirvana requires me to go get a USB to ethernet adapter, i would be willing if the perceived benefit is worth the cost. This is all brand new for me. The things that are in my head, that I dont yet have the knowledge to assess are:
1) Is there a way to configure using my hardware switch that will result in less pain if the router VM goes down (eg ability to access the Proxmox host... perhaps even remotely--or is that a step too far?
2) Is there a way to set this up that better optimizes performance (eg.. pass through a port to the firewall VM, having the hardware switch do tagging, etc)
3) I guess I weigh performance a little higher than remote access.. but what is the best compromise if i cant have both? What would you do with this hardware stack given your experience? Would adding a USB NIC (a third port) help me in any way and is it worth the cost or just marginally better? I have both 3.2 gen 2 and Thunderbolt 4 ports. I want to optimize performance but not break the bank.
5) What would you recommend for my first firewall? I like the idea of packet inspection, etc. I'd like to experiment with that. I see pfSense does a lot, but sounds like it's cumbersome. Untangled looks great but requires subscription, and a lot of extra charges for features..... Which has me seriously evaluating OpnSense or Sophos Home. Thoughts for a newbie? I know Sophos maxes at 6gb ram and 4 cpus for Home use. Is that enough for packet inspection?
4) I have searched google up and down but im not finding any tutorials that specifically reference this hardware config. There's lots of videos talking about how to set up VLANS for one nic hardware, but I didnt find anything about optimizing based for this hardware stack (with 2 nics and a managed switch). Can you point me to something, or do you have a diagram that I could leverage? Im looking for a pic and perhaps a setup tutorial on how to best to configure this... with a couple of bullets on why the setup helps with performance and maintainability.
Thanks in advance!