dffvb
Dabbler
- Joined
- Apr 14, 2021
- Messages
- 42
Hi there,
I have set up a sophos firewall in a VM - behind a router - so it should be safe. Since PCI passthrough isnt really an option due to IOMMU group restrictions, I have added NICs to the VM and chosen free NICs under "Nic to attach" - apart from the discussion whether it is a good idea to virtualize a firewall at all, I am wondering how safe it would to be, to let the firewall dial up directly and let it be facing the internet instead of the current modem / router combo.
Maybe someone knoeing can elaborate on this topic in general, meaning for example how safe it would be to expose a VM to a first layer behind a router, with the main TrueNAS being in a second layer (router cascade), with the mentioned way, of the risk of breaking out of the VM...
Example: I have a router/firewall with a wireguard VPN, I am attaching a NIC to a VM with a Nextcloud installation, and plug that NIC in the router. Also too there is a second router/firewall behind the first, which has the main NIC of TrueNAS with all data etc... Lets say for whatever reason (faulty wireguard implementation e.g.) VM in the first gets infected, at how much risk is the second layer ?
Have a nice sunday
I have set up a sophos firewall in a VM - behind a router - so it should be safe. Since PCI passthrough isnt really an option due to IOMMU group restrictions, I have added NICs to the VM and chosen free NICs under "Nic to attach" - apart from the discussion whether it is a good idea to virtualize a firewall at all, I am wondering how safe it would to be, to let the firewall dial up directly and let it be facing the internet instead of the current modem / router combo.
Maybe someone knoeing can elaborate on this topic in general, meaning for example how safe it would be to expose a VM to a first layer behind a router, with the main TrueNAS being in a second layer (router cascade), with the mentioned way, of the risk of breaking out of the VM...
Example: I have a router/firewall with a wireguard VPN, I am attaching a NIC to a VM with a Nextcloud installation, and plug that NIC in the router. Also too there is a second router/firewall behind the first, which has the main NIC of TrueNAS with all data etc... Lets say for whatever reason (faulty wireguard implementation e.g.) VM in the first gets infected, at how much risk is the second layer ?
Have a nice sunday
Last edited: