Hi.
I'm migrating a physical web/mail server into VMware ESXi. The network has an existing physical firewall in place. I need to replace the physical server with two VMs. I was also hoping to install pfSense inside of VMware ESXi to logical make a DMZ network for the VMs to connect through.
Topology
Real firewall -> Real Switch -> VMware EXSi -> Virtual WAN -> pfSense VM -> Virtual DMZ -> web/mail VMs
My reasons for implementing it this way.
If the VMs are compromised the attacker can't get out of the VMware ESXi network, since with pfSense I'm filtering traffic outbound as well. Even if they managed to they still have the physical networks security measures to deal with. As the real network is already segmented into OFFICE STAFF/DMZ/WAN.
I really need some guidance.
-
Is this unnecessary work for a small benefit?
-
Should I instead just run two VMs in ESxi while using the physical network to protect them?
Thanks for any help and have a nice day.
No comments:
Post a Comment