Hello Nethsec community,
I wanted to get general input about the best practice using Nethsec in a VM as pertains to interfaces / vLANs / zones.
a) Specifically, currently the Nethsec VM is running in a KVM VM (RHEL 10) with virtio interfaces, on the host the interfaces are bridges. The vlan tags are on the bridges on the host. So in Nethsec, there is one interface for each vLAN, but Nethsec doesn’t see the vLANs.
b) The alternative would be to give Nethsec just one interface (? not sure, it might need atleast two) and have Nethsec deal with the vLANs. They are still virtio interfaces on bridges, but it’d need less of them (interfaces/bridges).
c) Or, another option, give Nethsec (with PCIe passthrough) one and/or more of the physical NICs from the host, which would then also require the vLAN management in Nethsec.
Things are working fine currently with a), however I need to add more zones and subnets, and hence I am thinking about options b) and maybe c).
I would appreciate your thoughts.