Cluster with active and passive WAN connection security issue?

[KlaverBoer]

Hi all,

i recently installed my PVE cluster with 2 hosts. On the cluster i run a Pfsense VM which acts as the gateway for my LAN and provides access to the internet WAN. Because i wanted the possibility to do an online migration of this VM between the 2 PVE hosts i created on both hosts a VMBR1 which is connected to the internet WAN.

My ISP modem is in bridge mode. The modems network cable is attached to a switch. The physical NICs in VMBR1 of both PVE hosts are also connected to this switch. VMBR1 does not have an IP address assigned to it. The Pfsense vm is the only vm on the cluster which haves a vnic to VMBR0 and VMBR1. All my other vm's only have a vnic to VMBR0. VMBR0 does have a local ip address assigned to it. VMBR1 doesn't have a ip assigned to it. The pfsense vm gets an ip address from my ISP provider on the WAN nic.

Everything works fine. I can do a live migration of the Pfsense VM without any issues.

If the Pfsense VM is running on PVE host 1, will there be a security issue on the PVE host 2 WAN port, when there is no vm connected to VMBR1 on that host?

I have attached a simple overview of my proxmox situation. Any advice is welcome.

Thanks in advance

 

[AKA]

I do not think that this is a security issue as long as access on the proxmox nodes is restricted.
Anyway, i don't know which provider you have, but the switch at the WAN side should only send packages through onr port anyway.

Anyone else: If i'm missing something here, feel free to correct me.

 

[KlaverBoer]

Thanks for your reply. Thats correct my provider only connects with one interface and that is the WAN in VMBR1 on my pfsense VM. Is there anything i can do to restrict it even more? Or leave it as it is.