VMware Cloud Community
Itzikr
Enthusiast
Enthusiast

Use case for vShield Zones in an enviornment that's already have a firewall

Hi,

a customer of mine have purchased the enterprise plus of vSphere, however, his production / dev / DMZ

are already isolated by an hardware firewall..is there any logic in implementing vShield Zones?

Thanks

Itzik

Itzik Reich
Reply
0 Kudos
2 Replies
AntonVZhbankov
Immortal
Immortal

vShield can work in "allow all" mode to collect statistics.


---

MCSA, MCTS, VCP, VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
Reply
0 Kudos
Texiwill
Leadership
Leadership

Hello,

vShield Zones and a zone to zone firewall and generally cannot be used as an edge firewall, granted this depends on your 'edge' and whether you need port redirection, NAT, etc. However, it can definitely be used to segment your virtual network and protect it outside the DMZ or even within it.

The key is that vshield zones provides a way to segment your network between two vSwitches (VLAN constructs) for zone to zone transfers of data.

FOr example I may use it to firewall off my 'management tools for the virtual environment' from the rest of my virtual machines and track access to them.

Zone to Zone use cases depend on how 'layered' you would like to get.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos