Solved

Virtual Firewall security question

Posted on 2014-02-05
1
434 Views
Last Modified: 2014-02-06
I am currently in the process of switching from a Barracuda load balancer to an F5 load balancer. During my discussion with F5 I found that their load balancing device also has the capability to function as a firewall.

After reviewing the feature set their firewall had to offer I am interested in making the switch. However, the F5 device is virtualized and I am nervous about relying on a virtual firewall instead of a physical.
 
My main concern is the server (ESXi) that would be housing the firewall/load balancer vm would also be housing other virtual machines. I understand that I can utilize VMWare’s vSwitches to logically separate the incoming public traffic from my private traffic, but I don’t fully understand the security consequences that would have. Could traffic hop from one vSwitch to another bypassing the firewall? What are other possibilities I should consider? What type of settings should I make sure are in place before implementing this setup? Or is it just a bad idea and I shouldn’t do it?
0
Comment
Question by:JTD_PS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 3

Accepted Solution

by:
ArronG earned 500 total points
ID: 39835747
It depends on your requirements.
In some systems I have set up this type is not allowed as firewalls must be a physically separate entity from the infrastructure as per regulations.
However, if you're not a regulated business then in the VMware scenario you describe this is logical separation.
As long as you get you vSwitches and virtual networks setup correctly and ensure routing between virtual networks isn't in place then you should be ok.
Also, physical NIC's can be assigned to VMware which is secure when done correctly.
F5 have pretty good devices and they are a major VMware partner with a good tech team.
You should be able to lean on F5 for support in installation by making sure it's segregated.

ArronG
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
rajdeep0081@hotmail.com 3 104
Personal Secured Home Networking 2 49
firewall log 4 39
How do I restrict certain programs? 9 43
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question