?
Solved

Virtual Firewall security question

Posted on 2014-02-05
1
Medium Priority
?
449 Views
Last Modified: 2014-02-06
I am currently in the process of switching from a Barracuda load balancer to an F5 load balancer. During my discussion with F5 I found that their load balancing device also has the capability to function as a firewall.

After reviewing the feature set their firewall had to offer I am interested in making the switch. However, the F5 device is virtualized and I am nervous about relying on a virtual firewall instead of a physical.
 
My main concern is the server (ESXi) that would be housing the firewall/load balancer vm would also be housing other virtual machines. I understand that I can utilize VMWare’s vSwitches to logically separate the incoming public traffic from my private traffic, but I don’t fully understand the security consequences that would have. Could traffic hop from one vSwitch to another bypassing the firewall? What are other possibilities I should consider? What type of settings should I make sure are in place before implementing this setup? Or is it just a bad idea and I shouldn’t do it?
0
Comment
Question by:JTD_PS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 3

Accepted Solution

by:
ArronG earned 1500 total points
ID: 39835747
It depends on your requirements.
In some systems I have set up this type is not allowed as firewalls must be a physically separate entity from the infrastructure as per regulations.
However, if you're not a regulated business then in the VMware scenario you describe this is logical separation.
As long as you get you vSwitches and virtual networks setup correctly and ensure routing between virtual networks isn't in place then you should be ok.
Also, physical NIC's can be assigned to VMware which is secure when done correctly.
F5 have pretty good devices and they are a major VMware partner with a good tech team.
You should be able to lean on F5 for support in installation by making sure it's segregated.

ArronG
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question