I am thinking of running PFSense as VM...
Currently running SOPHOS UTM as VM...
Any suggestions for RAM,HDD space etc...
Currently running SOPHOS UTM as VM...
Any suggestions for RAM,HDD space etc...
PFSense as VM
- Thread starter acmcool
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
What sort of size network are you running? Really helps in sizing.
Also as well as what size network are you running, will you be running a VPN server etc on your PFSense instance? As that has quite a large impact on requirements.
I think my post didn't come through.
I run pfsense in a VM as my router, firewall and UTM(suricata) on ESXi.
I dedicate:
16 gig of storage (8-10 is probably enough)
3 gig of ram
2 vcpus
My wan is 100mbit/2.5mbit
I very rarely exceed 30% usage and have 300mhz reserved for the VM so if I peg the box doing something I still have reasonable speeds.
Note the box has an i7-4790 as a cpu
A couple of tricks:
If you have an existing pfsense box you want to replicate, just do a config backup on that box, do an install on the VM and restore from the backup, will have you up in about 10 mins- just have to reconfigure the nics
Use openvm tools in pfsense.
Use virtual nics versus passthrough, which will mean that if you change real nics, you don't have to reconfigure
I run pfsense in a VM as my router, firewall and UTM(suricata) on ESXi.
I dedicate:
16 gig of storage (8-10 is probably enough)
3 gig of ram
2 vcpus
My wan is 100mbit/2.5mbit
I very rarely exceed 30% usage and have 300mhz reserved for the VM so if I peg the box doing something I still have reasonable speeds.
Note the box has an i7-4790 as a cpu
A couple of tricks:
If you have an existing pfsense box you want to replicate, just do a config backup on that box, do an install on the VM and restore from the backup, will have you up in about 10 mins- just have to reconfigure the nics
Use openvm tools in pfsense.
Use virtual nics versus passthrough, which will mean that if you change real nics, you don't have to reconfigure
Last edited:
Just made the switch myself from Sophos to PFSense.. if you don't do anything crazy you can start with a 1 GB RAM, 8 GB thin disk and vmxnet3 adapters and you'll be just fine.
Two thread (2 vCPU) for PfSense is really needed due to 1 thread for routing & iptable and the other is dedicated to ipsec/openVPN + snort + squidGuard
RAM: 1G ~ 2G depends on the number of your concurrent sessions
HD: 8GB is more than enough
I am running
RAM: 1G ~ 2G depends on the number of your concurrent sessions
HD: 8GB is more than enough
I am running
- PfSense VM on i7 3770 via KVM
- PfSense VM on Xeon D-1540 via KVM
- PfSense on C2758
Had very frustrating day with pfsense...
Installed it...Could not get LAN traffic to go to WAN...
The DHCP was working and I added firewall rule for each VLAN.
Installed it...Could not get LAN traffic to go to WAN...
The DHCP was working and I added firewall rule for each VLAN.
Agreed, squid can be configured to be conservative with ram but probably works better with more of it.
If setup in vanilla mode (before you screw around with it) on VM and you have two physical NIC's passed to the the PF then should be OK. That being said, it took a long time to PFSense on VM's and there will still be bugs.
One of the reasons I always keep mine on dedicated hardware and NOT a VM.
One of the reasons I always keep mine on dedicated hardware and NOT a VM.
Sorry pfsense has been virtualised by people for years. Plus it is officially supported with VMware.. There is no reason to think it'd be more buggy than on baremetal
It has spent more years off VM than on.
Still prone to issues on either platform, more so on VM as you are introducing way more variables.
I have run both versions and found, dedicated hardware is cheap and easy to use. No need for virtual NIC's, VLAN's or possible grey areas like the OP is having now.
Hardware option also keeps your security at the edge, not inside your network.
Still prone to issues on either platform, more so on VM as you are introducing way more variables.
I have run both versions and found, dedicated hardware is cheap and easy to use. No need for virtual NIC's, VLAN's or possible grey areas like the OP is having now.
Hardware option also keeps your security at the edge, not inside your network.
The security argument (unless you are a government agency or bank or such) is really overstated, have you ever seen a hypervisor compromised such that it is likely to kill pfsense? I havent
Also chiming in to say I'm running PFsense on esxi using a rangely platform. The machine is mostly dedicated to PFSense, I just put my vcenter instance on there to piggyback on the free ram. It runs without any issues, and has been much faster and more stable on my 200/20 connection than my ASUS dedicated router.
