Best VMware Firewall/Router?

Posted on 2010-09-07
Last Modified: 2012-05-10
Hi, is Vyatta the best virtual appliance for VMware if I'm looking for the following:

1) free installation initially; with options to add subscription services for Intrusion Prevention, Gateway Antivirus, etc.
2) Ability to handle vlans with multiple DHCP servers

I'm looking for a vmware router/firewall to protect a Server 2008 small biz network.

How does pfSense or other solutions compare to Vyatta?

Question by:goldylamont
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 19

Expert Comment

by:vmwarun - Arun
ID: 33621668
Personally, I have not worked with pfSense, hence I cannot put forth my opinions.
Vyatta is solid to be deployed in virtual environments, but the free edition might not be able to provide you all features.
LVL 28

Accepted Solution

bgoering earned 250 total points
ID: 33621939
Personally I use Monowall ( for a virtual firewall and Snort for IDS. Can't comment on Vyatta much as I have only "played" with it in a lab environment - but from what I have seen it is pretty solid, but a bit more difficult to configure than Monowall.

Good Luck
LVL 32

Assisted Solution

nappy_d earned 125 total points
ID: 33622494
Also take a look at They make a vmware appliance.
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.


Author Comment

ID: 33622919
cool thanks for links. does anyone have experience working with these companies after paying for security services. my plan is to use the free version of the router at first and then to upgrade and start using firewall subscriptions so I have it constantly updating to the latest threats. I'm sure all solutions can do what I need on the router side but would be great to hear from users who use fee based subscriptions for live network security updates. thanks.
LVL 28

Expert Comment

ID: 33623207
I don't believe Monowall has a paid version. The situation I described with Monowall and Snort is for a small network I take care of. My main job has all Cisco for firewalls and IDS/IPS - good experience with that but it is all paid and physical devices.
LVL 29

Assisted Solution

by:Michael Worsham
Michael Worsham earned 125 total points
ID: 33623603
Another option would be to deploy Untangle as a Virtual Appliance

Untangle Virtual Appliance on VMware

Author Comment

ID: 33624637
So far Vyatta still seems like the best option for my needs--Untangle and MonoWall don't seem to handle vlans as is listed in my requirements. Smoothwall can do vlan but only with the Advanced version and I can't find pricing anywhere.

Guys I found this video; it's really good and shows how to setup up vlan using Vyatta on vmware. Really cool:

I was also checking out Endian Firewall software and it looks really cool but still not the best for me. I'd like to make a list of all the best software firewalls and user's experiences for others visiting this page.

Also, has no one out there had experience with paid versions of any of these services?

Thank you
LVL 28

Expert Comment

ID: 33627424
Actually Monowall does have VLAN support. From

m0n0wall already provides many of the features of expensive commercial firewalls, including:

web interface (supports SSL)
serial console interface for recovery
set LAN IP address
reset password
restore factory defaults
reboot system
wireless support (access point with PRISM-II/2.5/3 cards, BSS/IBSS with other cards including Cisco)
captive portal
802.1Q VLAN support
stateful packet filtering
block/pass rules
NAT/PAT (including 1:1)
DHCP client, PPPoE, PPTP and Telstra BigPond Cable support on the WAN interface
IPsec VPN tunnels (IKE; with support for hardware crypto cards, mobile clients and certificates)
PPTP VPN (with RADIUS server support)
static routes
DHCP server and relay
caching DNS forwarder
DynDNS client and RFC 2136 DNS updater
SNMP agent
traffic shaper
SVG-based traffic grapher
firmware upgrade through the web browser
Wake on LAN client
configuration backup/restore
host/network aliases"

However there is no paid version nor IDS support in the same product - so likely you are right in that Vyatta would be best for you. Just wanted to set the record straight on the VLAN support :)

Author Comment

ID: 33628762
I'm hosting this firewall as a Virtual Appliance--I'm unsure if monowall supports vlans in a virtual appliance. I suppose it's possible but there aren't any articles on it that I can find so I was skeptical. But yes it does look as if it supports vlans on certain hardware (possibly vmware but undocumented?)
LVL 28

Assisted Solution

bgoering earned 250 total points
ID: 33631120
LOL - well I guess I can't say that I have tested Monowall VLAN support under vmware myself as I haven't had the need for VLAN support in Monowall. I was just going on their specs for that.

However I do know that if you trunk vlans from a physical switch to a vmnic -> vswitch then create a portgroup and specify 4095 for the VLAN number, then all vlans will pass through to the the virtual machine NIC. With E1000 Nics I know I can see them all from the guest... So maybe there is hope. I have tested that scenario with an F5-LTM appliance when we were evaluating load balancers....

Author Closing Comment

ID: 33758119
thanks guys

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO: Connect to the VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere (HTML5 Web) Host Client 6.5, and perform a simple configuration task of adding a new VMFS 6 datastore.
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question