Jump to content

Network Firewall under VMWare ESXi

Ryan Doughty

By Ryan Doughty
in Security

 Share

Recommended Posts

Ryan Doughty Newbie

Ryan Doughty

Posted
Posted

Morning all, after some browsing round the net I thought I would try and find out what others are using/recommending:

I am looking for a VMware appliance or software to move my network firewalling to my VMware ESXi server. I would also like to have a look and play with IDS so if it includes that level of functionality, great. So far I have tried m0n0wall, untangle and smoothwall. I like smoothwall but the IDS seems to be broken in the latest version as snort have made some changes and smoothwall has yet to catch up. I am not a linux guy and unfortunately don't have much time to start hacking it to make it work.

So if you use firewall software on your ESXi server what do you use and why, if not any recommendations?

Thanks

Ryan

Link to comment
Share on other sites
barry99705 Veteran

barry99705

Posted
Posted

I still have problems with firewalls being in virtual machines. It just gives me that "ehhhh" feeling in my stomach. In my opinion(which we all know the saying about opinions) it's better to have the firewall as a separate machine on the network. It doesn't really need that much in hardware specs. Mini-itx, or an old laptop would work pretty good for a basic low power firewall.

Link to comment
Share on other sites
decepticon_eazy_e Newbie

decepticon_eazy_e

Posted
Posted
I still have problems with firewalls being in virtual machines. It just gives me that "ehhhh" feeling in my stomach. In my opinion(which we all know the saying about opinions) it's better to have the firewall as a separate machine on the network. It doesn't really need that much in hardware specs. Mini-itx, or an old laptop would work pretty good for a basic low power firewall.

If you configure your network properly this works pretty well. All the other pieces need to be in place for this to stay secure. For example, VLANs segregating inside and outside the firewall, lots of trunking. No service consoles in the DMZ or outside, or in the production VLAN for that matter! Strong passwords, etc.

Layers!

It's understandable for people to feel more comfortable with a firewall you can see and feel. Trust me, that feeling is what pays my bills, so I'm not going to shoot holes in it. If all your machines are virtual and you are comfortable in the vswitch configs, you should be fine. With that said, I don't use any, but I don't have any VMs that I face forward. At work, we use a PIX, but we have many machines that are not virtual, so it's needed. Another downfall is another single point of failure. You said you were using ESX3i, so there's no HA or vMotion there, so there's no failover. If any part of the box goes down, it's all down. :(

Link to comment
Share on other sites
  • 3 weeks later...
Jonny190 Newbie

Jonny190

Posted
Posted

if it is for home use i would definitly recomend astaro security gateway out of all linux firewalls i have had smoothwall, ip cop, untangle, etc. my favorite as far as configuration and managment astaaro is the way forward

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...