Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Two Firewalls on 1 VM running 2 VE with 2-2 Port Gigabit NIC's. Doable?

Status
Not open for further replies.

HopnDude

IS-IT--Management
Oct 25, 2007
64
US
IMG_20130925_185710_723_zps2c60cb14.jpg


Is it doable, or are there security flaws in the design? It's something I drew up really quick in class.

Any suggestions would be appreciated!

Server Spec's - 8 Core / 16 Gig's / Raid 1 hardware controlled configuration

Main OS - Citrix (Debian)
VM1 (2 CPU cores / 4 Gigs) - Debian
VM2 (2 CPU cores / 4 Gigs) - Forefront TMG

Fellow student thinks we need two Servers with two OS's or a Server and a Sonic Wall style firewall device.
 
I know this is an old question :). In theory it will work the main issue with running firewalls as VM's is whether you trust the security of the hypervisor. Most virtual machines operate exactly the same way as physical machines so if you can create it with physical machines virtuals will work as well (there are some exception when you come to cloud VM's). Under Xen or ESXi I don't see any problems. Most of the commercial firewall vendors have VM versions of some sort (Fortinet, Check Point, Palo Alto)

As to security flaws, a general good rule of thumb for firewall design is don't mix traffic that is at different levels of trust. E.g. don't put External Internet traffic and DMZ traffic on the same switch, how far you take this depends on the environment. Higher security networks can take this to an extreme.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top