Jason Whitt
2014-02-13 19:58:06 UTC
Hey all so I've been kicking this idea around a lot over the last few months
and I'm trying to make time in my schedule to start testing around with this
idea however that doesn't seem possible at the moment.
No sure if anyone has use the VDOM feature on Fortinet devices, however I
work for a IAAS company and it is a great way to give clients their own
managed firewall solution. I'd like to see about implementing something like
that with PFsense. With the current releases of bsd supporting xen I think
this is a pretty straight forward implementation.
1) You'd setup the dom0 or root install of pfSense and configure the
interface bridges
2) Then there would be a function to create new firewall instances
when needed ie for new clients, etc I imagine it would be something like
this:
a) create a new VM provision out 2 interfaces Outside/Inside
and attach them the the bridges
b) run a install of pfSense however there should be some way
for the install to know what ip's and interfaces to build out for itself.
3)I'd also like a way to get into each virtual instance through the
main pfSense web interface... but this brings a lot more issues if your
going the xen route. This brings up the next idea...
What about using jails? I have really limited experience with these so
someone else could maybe elaborate?
Thanks for your thoughts
Jason
and I'm trying to make time in my schedule to start testing around with this
idea however that doesn't seem possible at the moment.
No sure if anyone has use the VDOM feature on Fortinet devices, however I
work for a IAAS company and it is a great way to give clients their own
managed firewall solution. I'd like to see about implementing something like
that with PFsense. With the current releases of bsd supporting xen I think
this is a pretty straight forward implementation.
1) You'd setup the dom0 or root install of pfSense and configure the
interface bridges
2) Then there would be a function to create new firewall instances
when needed ie for new clients, etc I imagine it would be something like
this:
a) create a new VM provision out 2 interfaces Outside/Inside
and attach them the the bridges
b) run a install of pfSense however there should be some way
for the install to know what ip's and interfaces to build out for itself.
3)I'd also like a way to get into each virtual instance through the
main pfSense web interface... but this brings a lot more issues if your
going the xen route. This brings up the next idea...
What about using jails? I have really limited experience with these so
someone else could maybe elaborate?
Thanks for your thoughts
Jason