Hi,
Is it possible to enable PVLAN / VM ISOLATION on Proxmox?
Due to security requirements, we want to inspect traffic between VM's in the same subnet.
If we remove the local route on the host, all traffic to VM's on the same subnet will go via the firewall (external hardware outside of ProxMox).
However, if the host were to be compromised, an intruder could easily add the route and it will bypass the firewall again. This would not be a problem if we applied firewall rules in ProxMox, but this will currently not work, as the packet will still include source/destination even if it goes via the firewall, hence blocking all traffic.
Does it exist a proper solution to deploy this for production use?
Thank you.
Is it possible to enable PVLAN / VM ISOLATION on Proxmox?
Due to security requirements, we want to inspect traffic between VM's in the same subnet.
If we remove the local route on the host, all traffic to VM's on the same subnet will go via the firewall (external hardware outside of ProxMox).
However, if the host were to be compromised, an intruder could easily add the route and it will bypass the firewall again. This would not be a problem if we applied firewall rules in ProxMox, but this will currently not work, as the packet will still include source/destination even if it goes via the firewall, hence blocking all traffic.
Does it exist a proper solution to deploy this for production use?
Thank you.
Last edited:
