System administration

Setting up a firewall to manage a subnet?

A server was rented at the Hezner DC, a subnet for virtual machines and an additional address for routing this subnet were obtained.
The vmWare ESXi 5 hypervisor was installed on the host.
If I understood everything correctly, then in order to be able to use addresses from a dedicated subnet, you need to install and configure a virtual machine that will act as a gateway. the pfsense distribution kit was chosen as this machine (perhaps it is worth reconsidering the choice? find something easier / faster?)
3 network adapters were installed on this virtual machine:
1. the adapter has an additional address for routing
2. 192.168.1.1 for organizing an internal local network
3. adapter with 1 address from the subnet - it will act as a gateway

Next, I created an experimental VM, assigned it the second subnet address, and the gateway, respectively, the first. did not work on the fly, the firewall turned out to be the culprit. After turning it off, everything seemed to be fine.

So now the question is:
1. as far as I understand, this virtual machine will now face all VMs in the subordinate subnet and all traffic will pass through it?
2. Whether it is necessary to create any rules that routing worked? or, for example, if we have a VM with Apache on one of the IPs, is it enough to make a rule in the firewall that allows packets to port 80 of this VM? and, accordingly, to enable pings to allow ICMP
3. how many resources should be given to this gateway machine?
4. With an active, properly configured gateway firewall, can you not care about filtering on end VMs so as not to raise the load?
5. well, a little off topic - which distribution kit to prefer in order to deploy a dozen unloaded sites on it (ordinary php + mysql + apache)?