Announcement

Collapse
No announcement yet.

Virtualizing a firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Virtualizing a firewall

    Hi folks,

    I'm running VMware vSphere 4.1 with 3 hosts. I've completed the task of virtualizing all "old" physical servers exept the last one running the role as firewall.

    Now I'm planning on virtualizing this last server as well. It's running OpenBSD with PF as firewall.

    My initial plan was to virtualize the firewall as put it on one of the hosts dedicating a phycical NIC for it's external interface. Of course in this scenario it won't be possible to migrate (using vMotion) the virtual machine to other hosts.

    What are the "best practises" for virtualizing a firewall?

  • #2
    Re: Virtualizing a firewall

    I beleive, if you make sure you have the exact same configuration on the hosts within the cluster, you should be able to

    So if you have a vswitch called BSD_PublicInterface on host1, do the same on host2
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Virtualizing a firewall

      Thanks for the answer tehcamel.

      Does this mean that I need dedicated physical NICs in all VMware hosts as well?

      Comment


      • #4
        Re: Virtualizing a firewall

        well, probably
        however all you really need is a vSwitch configured precisely the same on each server.

        Best bet would be to just build a quick test machine
        configure the network on 1 host, move it to the other
        observe, then move back
        then configure the network on the 2nd host the same
        observe, conclude

        delete temporary guest

        that way you're not really impacting your live system..
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Virtualizing a firewall

          Thanks. I'll give that a try.

          By the way, are there official best practices for doing this? I have a hard time finding any usefull information about the topic. Guess there are a lot of people out there, who are allready runninng virtual firewalls.

          Comment


          • #6
            Re: Virtualizing a firewall

            not really sure
            I know the company I work for deploys alot of "Vyatta" virtualised routers for our cloud solutions...
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment

            Working...
            X