<div>
<div class="content wysiwyg-content">
I am currently in the process of switching from a Barracuda load balancer to an F5 load balancer. During my discussion with F5 I found that their load balancing device also has the capability to function as a firewall.<br />
<br />
After reviewing the feature set their firewall had to offer I am interested in making the switch. However, the F5 device is virtualized and I am nervous about relying on a virtual firewall instead of a physical.<br />
&nbsp;<br />
My main concern is the server (ESXi) that would be housing the firewall/load balancer vm would also be housing other virtual machines. I understand that I can utilize VMWare’s vSwitches to logically separate the incoming public traffic from my private traffic, but I don’t fully understand the security consequences that would have. Could traffic hop from one vSwitch to another bypassing the firewall? What are other possibilities I should consider? What type of settings should I make sure are in place before implementing this setup? Or is it just a bad idea and I shouldn’t do it?
</div>
</div>


I am currently in the process of switching from a Barracuda load balancer to an F5 load balancer. During my discussion with F5 I found that their load balancing device also has the capability to function as a firewall.

After reviewing the feature set their firewall had to offer I am interested in making the switch. However, the F5 device is virtualized and I am nervous about relying on a virtual firewall instead of a physical.
 
My main concern is the server (ESXi) that would be housing the firewall/load balancer vm would also be housing other virtual machines. I understand that I can utilize VMWare’s vSwitches to logically separate the incoming public traffic from my private traffic, but I don’t fully understand the security consequences that would have. Could traffic hop from one vSwitch to another bypassing the firewall? What are other possibilities I should consider? What type of settings should I make sure are in place before implementing this setup? Or is it just a bad idea and I shouldn’t do it?

Virtual Firewall security question

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Software Firewalls

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.