The VR works fine as a basic NATing firewall, but you can't do advanced next-gen functions like reverse proxies, SSL offloading, robust rule sets, IDS/IPS, etc.
I have been setting it up manually. The other way is to have the users create their VR but then do a 1to1 NAT or a port forward of all ports to the virtual pfsense. The “WAN” of the pfsense sits in an isolated subnet. This does use another VLAN for the “WAN” network and is technically double NATing, but it works fine. I don’t think it scales the best, though, and may change it in the future. From: Wei ZHOU <ustcweiz...@gmail.com> Date: Wednesday, May 29, 2024 at 3:18 PM To: users@cloudstack.apache.org <users@cloudstack.apache.org> Subject: Re: Using a seprarte router other than the virtual router WARNING: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. I know some users deploy a pfsense or Linux vm as gateway in L2 network or isolated network without source nat. No matter which software/os is used, users have to configure the vms manually. Some features (e.g static nat, pf,lb, userdata) are not supported either. I think VR is still the best option with most supported services so far. What is the purpose of the router ? Gateway or other service provider? -Wei On Wednesday, May 29, 2024, Marty Godsey <mar...@rudio.net> wrote: > Hello All, > > What is the best way, or how are you providing a router for customers that > is not a virtual router? For example, if I have someone who wants to use > PfSense for their router instead of the virtual router, what’s the best way > to do this and make it as seamless as possible for the customer? > > I can see ways to do it, but I am curious to know how other people perform > this function. > > Thanks in advance. 😊 >
