Two Firewalls on 1 VM running 2 VE with 2-2 Port Gigabit NIC's. Doable?

[HopnDude]

Is it doable, or are there security flaws in the design? It's something I drew up really quick in class.

Any suggestions would be appreciated!

Server Spec's - 8 Core / 16 Gig's / Raid 1 hardware controlled configuration

Main OS - Citrix (Debian)
VM1 (2 CPU cores / 4 Gigs) - Debian
VM2 (2 CPU cores / 4 Gigs) - Forefront TMG

Fellow student thinks we need two Servers with two OS's or a Server and a Sonic Wall style firewall device.

 

[nblount]

I know this is an old question . In theory it will work the main issue with running firewalls as VM's is whether you trust the security of the hypervisor. Most virtual machines operate exactly the same way as physical machines so if you can create it with physical machines virtuals will work as well (there are some exception when you come to cloud VM's). Under Xen or ESXi I don't see any problems. Most of the commercial firewall vendors have VM versions of some sort (Fortinet, Check Point, Palo Alto)

As to security flaws, a general good rule of thumb for firewall design is don't mix traffic that is at different levels of trust. E.g. don't put External Internet traffic and DMZ traffic on the same switch, how far you take this depends on the environment. Higher security networks can take this to an extreme.