 Tom here for more systems and just because you can virtualize PF sense does that mean you should? Let's talk about that now. I prefer bare metal running on real hardware, but there's some pros and cons to each way So we want to walk through some of these Discussions of why you might not want to especially when new users who are new to PF sense start out going well I'll just virtualize it because that seems like it'd be simpler And they may not have as good of experience because there's some complexities And that's the first reason to run it on real hardware is because there's less troubleshooting due to less complexity The intricacies of adding a hypervisor, which has a virtualized network adapter Then you virtualize your PF sense on there you can run into issues, especially around VLANs VLANs are a struggle especially for a lot of new users and you've now added a complexity layer to setting VLANs up with each hypervisor having different ways they handle this and You know this can be an extra learning curve So if you don't even know the product already You're gonna out add some complexity and then sometimes it may perform poorly under load or not get the transfer rates We don't know if it's because PF sense has been misconfigured or if it's because the hypervisors been misconfigured or some conflict due to some Update so that less complexity and troubleshooting goes for real hardware now the part about hardware hardware is not that expensive You can use PF sense on most any x86 hardware you can pop in an Intel nick and lots of things already have this there's plenty of low-powered devices Available you can buy the neck heat hardware, and it just doesn't take a lot of compute memory or Hard drive space in order to run PF sense you can get to give it speeds with a several year old computer Perfectly fine, and there's plenty of those laying around Next PF sense is easy to reload and restore you only need the config.xml file So I get it virtualization is easy to back up because you're snapshotting a whole virtual machine But you just got one config file to restore next is the boot environments that are related to it So if you have a snapshot you're looking for instead of using it hypervisor If you have the PF sense plus which is free for home users free for the lab PF sense plus supports boot environments it's also free on the neck heat hardware and Boot environments will even let you roll to a new version of PF sense and roll back it creates snapshots in time So if you want to experiment with your PF sense They are OS level snapshots, and I have a whole video dedicated to boot environments next If there's a problem with your hypervisor everything gets taken down This can be a real challenge now granted if you have several hosts and you can migrate your PF sense to another one of your hosts But in general a lot of people are trying to run this in a home lab And if the hypervisor goes down the internet goes down with it and therefore your Troubleshooting may be hampered by doing this being able to Google things because your firewalls now down your internet's down And you're going okay. How do I figure this out and get it back up so that can be kind of a challenge? And I've seen people who delay updates that are hypervisor because they're worried about You know oh man I got to take down PF sense and I got to take down my network when I do this update and yeah That's a fact or something to consider but that comes with the complexity of doing it that way one last thing I'll mention on the potential problem side is if you are taking one of the parts of your Hypervisor and exposing it so you can put it on the WAN for PF sense you now have a Port closer to the edge of the network and if there's a stack level type of attack there's a flaw in the stack of The way the hypervisor handles things not the way PF sense handles things you now have that port exposed to the internet now granted it should be Firewalled and only allowing the traffic to go to the one virtual machine within there But if there's some other flaw within the way the hypervisor handles its virtual networks That could be a potential for security. It's just something to keep on your radar I don't know of any Absolute ways to exploit this but it's something to consider just as an attack surface now There's a couple pros to running it In a virtual environment and that first one is of course the biggest reason people want to do this It's less hardware if you only have one machine Hey great then that machine can do everything it has your hypervisor all the VMs you want to run or whatever else you have on there And then you throw your firewall in there now you have one device That is a cost savings. It is a power savings It is space savings and especially with the energy cost being high I really get it why people want to put these all in one place to minimize the amount of systems that they're Supplying energy to but kind of back up to the low-end hardware. It doesn't take too much energy You can find some reasonably low-powered things to run a firewall Next is passing through a network adapter that alleviates many of the complexity problems and other Complaints I had set up. This is a popular way to set it up in your virtual environment Where you just pass the network adapter through in your hypervisor right to PF sense This solves that security potential issue the VLAN issue and a lot of the other troubleshooting problems That's not a bad way to go if you're going to do that So you just pass the nick through and that's a good way to do it and keep those cost savings Those benefits of having a virtual but nonetheless, it's really your decision to make We do have our lab that I have a virtual PF sense out of convenience But if I reboot my hypervisor or the lab goes down, no one's really bothered by it But me because I can't make videos with my lab and my staff can't complete something So I don't mind running the one virtual but all the business side I run all on hardware But what do you run? What is your preferred method for setting this up? Is it hypervisor plus pass-through? Is it just raw hypervisor because that's the way you like to run PF sense Let me know in the comments down below what your combination is I'm kind of curious what the audience says about this and if you want to have a more in-depth about this and other topics Those are my forums for that discussion. Thanks