VMware

This Question is Answered

3 Replies Last post: Apr 8, 2008 12:05 AM by Gabrie  

Is a virtual router/firewall acceptable? posted: Apr 7, 2008 7:10 PM

Click to view philkar77's profile Lurker
philkar77
1 posts since
Apr 7, 2008

I'm going to be putting a single ESXi 3.5 server into a colo facility. Would it be a bad idea to use a virtual machine as a router firewall? Or is there a compelling reason to use a physical device?
Tags: router, esxi

Re: Is a virtual router/firewall acceptable?

1. Apr 7, 2008 7:47 PM in response to: philkar77
Click to view philvirt's profile Hot Shot
philvirt
182 posts since
Oct 12, 2007

I don't see why you would need to buy a firewall appliance, unless you wanted to have a true end point device.

Regards,

Fil

Re: Is a virtual router/firewall acceptable?

2. Apr 7, 2008 8:50 PM in response to: philkar77
Click to view impensb's profile Expert
impensb
542 posts since
Jun 10, 2004

It can be done and will work fine for a basic setup depending on your firewall software and your needs for security. Make sure your host has plenty of NICs.

I could see where some security experts may argue for not using a software based firewall and would rather see a physical device in place. If it's your decision then I guess it's really a matter of what you are willing to support or pay for...

Re: Is a virtual router/firewall acceptable?

3. Apr 8, 2008 12:05 AM in response to: philkar77
Click to view Gabrie's profile Master vExpert
Gabrie
902 posts since
Jun 6, 2005

Best way would be to make sure that internet, dmz and lan traffic are all on seperate fysical nics (and seperate virtual switches ofcourse). You could also do this on one fysical nic (like I do at home) and seperate them by VLAN tagging. There is however a possibility that someone could "hop" VLANs. For my home environment and for small business, I would guess that the chances of anything like this happening are very small. For larger companies, where attacks may also come from within, I would definitely go for seperate nics.

Gabrie


http://www.GabesVirtualWorld.com

Actions

VMware Beta Programs

Want to be Considered for Future Beta Programs?

Learn More

VMware Developer

Download SDKs, APIs, videos,
training, and more in the Developer community.

Learn More

Developer
Sample Code

Increase your developer productivity with VMware API sample code.

Learn More

VMworld
Sessions & Labs

Online access to the latest VMworld Sessions & Labs and online services.

Learn more

Purchase PSO Credits Online

Purchase credits to redeem training and consulting services online.

Buy Now

Community Hardware Software

View reported configurations or report your own.

Learn More

Only VMware ... Delivers Nexus 1000V

Ensure consistent, policy-based network capabilities to virtual machines across your data center.

Learn More

Communities