pfSense in Virtualization Station with VLANs

[volvog]

Until now routing/firewalling is done via a FritzBox router directly connected to a physical switch and all virtual machines are using Adapter 3 (Model is a TS977xu running QTS 5.0.x.) via a virtual switch without any VLANs... Guest WLAN is done via VLAN 199 directly mapped via separate port to FritzBox.

But I want to run pfSense as Router/Firewall in Virtualization Station. Connected via 2 (out of 4 available) network adapters:
- 10Gbit (Adapter 3) for internal LAN
- 1Gbit (Adapter 1) for external WAN

The WAN will be a PPPoE (FTTH) interface and needs 2 VLANS (requested by ISP):
- 10 -> Data
- 20 -> VoIP
Do I need to setup a Virtual Switch with the 2 VLANs? Or just having a Virtual Switch with the physical network interface, connect the interface to pfSense VM and defining only 2 VLANs in pfSense?

For the LAN I need to setup several VLANs:
- 1 -> Management (after reading in this forum it seems that I need to have a VLAN 1 for management because there's no untagged VLAN...?!?)
- 20 -> VoIP
- 199 -> Guest WLAN
- ...

Scenario 1:
Do I need to setup a Virtual Switch for every VLAN? This means that I would have to connect each Virtual Switch (VLAN) and create a network adapter for pfSense in Virtualization Station...?!?

Scenario 2:
Or is it one Virtual Switch with all the VLANs connected? That's how I understood VLANs... -> but this means, that all my virtual machines connected to the Virtual Switch (using the 10Gbit physical adapter) will have all VLANs...?!

Scenario 3:
Or is it a combination:
- Virtual Switch with only VLAN 1: connected to all virtual machines
- Virtual Switch with VLAN 20, 199: connected to i.e. Asterisk (VoIP)

Many thanks for your support.

[Moogle Stiltzkin]

I'll save you a bunch of time. i think doing pfsense in a separate hardware not the nas is better.

here are some suggestions (this is what i am using for myself. pfsense on a similar hardware as in the video)

https://www.youtube.com/watch?v=h7U4fCj_Pos

https://www.youtube.com/watch?v=xExmvIHEQao

https://www.youtube.com/watch?v=tZK1l9bXDgs



then if you still insist on vm, you can setup proxmox on them and pfsense. but i prefer bare metal pfsense :X


but if u insist on pfsense in qnap (not my recommendation), there are some videos and links here guiding you through the process

How to configure pfSense 2.5.0 on your QNAP NAS Server
https://www.youtube.com/watch?v=azMSNt14QX8


Safeguard x86-based QNAP NAS with pfSense firewall
https://www.youtube.com/watch?v=5mJ0h6pvKKw


https://www.qnap.com/en/how-to/tutorial ... a-qnap-nas

https://m7i.org/tutorials/qnap-networki ... d-pfsense/

[FSC830]

Running pfSense in VM at NAS is better than nothing, but I am also preferring to use a bare-metal solution.
If NAS has an issue and is out- of-service, no internet access is possible.
An update of QTS/QuTS hero or VM station can cause errors. QNAP proved this more than once in past. So internet access is again disturbed or not possible.
A simple small PC with two NICs can do this job.

Regards