I'm wanting to run pfSense as a VM within Synology's Virtual Machine Manager. My idea is to dedicate LAN4 of the NAS as a WAN port for pfSense, so physical setup would be as follow: VDSL Line > Vigor 130 in Bridge Mode > LAN4 of Synology NAS Logically, within VMM I have a virtual switch named "WAN" which bridges only to LAN4 of the NAS: Physical LAN4 of NAS <---> Virtual Switch Named WAN <---> Virtual NIC of pfSense VM ---------- The biggest issue I am having right now is getting the WAN side of things to work within the pfSense VM. When I plug the bridged Vigor 130 into LAN4 of the Synology, with LAN4 set to DHCP in DSM, the NAS does indeed pick up an internet connection and the interface within DSM shows my internet IP address, gateway and DNS servers. I know the NAS itself is receiving an internet connection, because I can update the DSM software and packages without issue. This would be my first major concern. Wouldn't this mean my Synology NAS is completely exposed to the internet with absolutely no protection? It's directly connected to the bridged Vigor 130. ---------- Anyway moving on, within the pfSense VM if I set the WAN port to DHCP I get no internet connection. This kind of makes sense to me, as my assumption is that the host (Synology DSM) is already acquiring the IP details using DHCP, which is how LAN4 in DSM is showing everything and why DSM can connect to the internet. I have tried setting the pfSense WAN interface to static and setting identical IP details to what's shown for LAN4 in DSM, but this also does nothing. ---------- So at this stage, I'm a little stumped on what to do to try and get this setup to work. My guess is that you need a Hypervisor that can do some sort of "NIC Passthrough" stuff, so that it can just pass the raw network data through the Hypervisor NIC to the Virtual NIC? I have tried setting LAN4 to static with no IP details in DSM in the hope it might achieve this "passthrough" functionality, but you can't set the NIC to static without putting an IP + Subnet Mask. I know I could just take the Vigor 130 out of Bridge mode, have it acquire the internet connection and then use the Vigor's DHCP server to connect everything, but then the Vigor 130 will be doing some routing/security stuff, when I really just want it to act as a bridged modem to allow pfSense to do everything. ---------- Seems you can definitely setup a virtual pfSense with QNAP devices: https://www.qnap.com/en/how-to/tutorial/article/installing-pfsense-on-a-qnap-nas/ Also certain I've read countless article on setting up a vritual pfSense in ESXi too. Just not sure if these are always DHCP connections from the modem rather than Bridged. Apologies if I'm missing something really obvious here.