Proxmox Bridge Plan

Goal

Provide a simple and isolated network foundation for the remote Windows infrastructure lab.

Design principle

Proxmox should provide virtual switching only. Routing, firewalling and segmentation are handled by HQ-FW01 running OPNsense.

Initial bridge model

Bridge	Purpose	Connected to	Notes
vmbr0	WAN / Public side	Physical NIC or provider network	Used by OPNsense WAN
vmbr1	Lab trunk/internal	OPNsense LAN and lab VMs	Carries internal lab networks
vmbr10	Optional management	Management-only segment	Can be added later if needed

Recommended initial approach

Start simple:

Internet / Provider
        │
      vmbr0
        │
   HQ-FW01 WAN
   HQ-FW01 LAN
        │
      vmbr1
        │
  Lab VMs and VLAN networks

Notes

• Do not expose Windows servers directly to the Internet.
• Do not place domain controllers on the provider/public network.
• Keep OPNsense as the only VM with WAN access.
• Add complexity only when the lab requires it.