Looking for some advice / recommendations / considerations on running OPNsense on bare metal vs virtualized, and if virtualized how best to do so.
I currently have OPNsense running bare metal on a Protectli FW6E Vault, with the following specs:
- Intel i7-8550U CPU @ 1.80GHz
- 120GB mSATA (1% utilization)
- 16GB RAM (6.5% utilization)
- 6 Gigabit Ethernet NIC ports
The Vault running OPNsense is the primary firewall and router, any wireless devices connect through a dumb AP running OpenWRT. Connected over Ethernet I have a RPi running HomeAssistant OS (would probably also move to virtual if that’s the chosen direction) as well as a TrueNAS setup.
How much of a performance hit would be expected running in some sort of container vs the current bare metal setup? Are there any other concerns with running the main firewall / router virtually vs bare metal to take into account?
Performance is going to be the same.
Security is the main point here.
If this is your internet facing firewall then you want minimal layers of software complexity, so bare metal is the answer.
I’m a pfSense user, so I don’t know how regularly OPNsense is updated, but, it’s so much easier to just reboot that 1 box whilst everything else is mostly unaffected.
Better still, do a full device backup before an update and then you have a simple disaster recovery backup in case of any problems.