Ulrik Lunddahl (PROconsult) wrote:
> Well the traffic shaper is not needed, but I was actually thinking about using it in a production
> I run some Virtual machines I would like to protect from the general environment, and instead of
using VLAN and an external m0n0wall box. It would be nice and simple to add a few m0n0's to the HA
> Does anyone else have experience with m0n0 on ESX 3.5 ?
Ulrik, I have tested and used virtual m0n0walls in a VMWare workstation
environment. I have even worked with two of them, creating IPsec tunnels
(for testing and demonstrating). My friends tell me I'm crazy....
Phase 1: Create virtual IPsec tunnel on virtualized m0n0walls
Phase 2: ?????
Phase 3: Profit!
Who's crazy now!?? :)
I have several customers who have ESX servers too, but we are not
running any virtual firewalls on them (yet).
In my testing, I have used the CDROM version of m0n0wall with a floppy
image for storing the config. Upgrading or downgrading with this setup
is as simple as pointing the Virtual machine's CDROM to a different .ISO
file and rebooting it.
However there is one drawback that cropped up recently. With some of the
newer versions of m0n0wall (I think it is Freebsd issue) the floppy
image file is no longer recognized so I need to keep running an older
CDROM image or do what Manuel sugested on this list - use the generic PC
image and install it to a VMware hard drive image.
I see no reason not to run a virtual m0n0wall in your ESX server as long
as you fully understand and properly manage the virtual switching and
the virtual switch to physical nic mapping etc.
Reverse Polarity, LLC