Hey everyone,
I am setting up a Pfsense VM on a 3-node proxmox cluster for HA.
The three nodes have the exact same hardware, and I have set up 2 linux bridges, vmbr0 for the LAN interface, and vmbr1 for the WAN Interface.
In order to achieve live migration for the Pfsense VM (without moving the WAN cable), I have a dumb switch that connects the WAN from my ISP and vmbr1 on each of the 3 nodes.
In practice this works, I can migrate the Pfsense and WAN will stay connected. However, I'm worried if this is introducing any security concerns, like exposing the 2 nodes without Pfsense running to the WAN.
So my question is, is this setup safe to use? Would anyone be able to access the cluster from the vmbr1 bridges? The Pfsense VM will be the only client to use vmbr1, no other client will use this Linux bridge. No IP address is assigned to vmbr1.
I am setting up a Pfsense VM on a 3-node proxmox cluster for HA.
The three nodes have the exact same hardware, and I have set up 2 linux bridges, vmbr0 for the LAN interface, and vmbr1 for the WAN Interface.
In order to achieve live migration for the Pfsense VM (without moving the WAN cable), I have a dumb switch that connects the WAN from my ISP and vmbr1 on each of the 3 nodes.
In practice this works, I can migrate the Pfsense and WAN will stay connected. However, I'm worried if this is introducing any security concerns, like exposing the 2 nodes without Pfsense running to the WAN.
So my question is, is this setup safe to use? Would anyone be able to access the cluster from the vmbr1 bridges? The Pfsense VM will be the only client to use vmbr1, no other client will use this Linux bridge. No IP address is assigned to vmbr1.
