Virtual Firewall
Cards (11)
- A virtual firewall is similar to a physical firewall.
- A virtual firewall: it can be a firewall appliance installed as a virtual machine or kernel mode process in the hypervisor.
- When a virtual machine or a kernel mode process installed in the hypervisor is installed a firewall appliance, it performs the same functions as a traditional firewall.
- In fact: many of the traditional firewalls today are offered as virtual appliances.
- When virtualizing a firewall, you gain the fault tolerance of the entire virtualization cluster for the firewall
- Compared to a physical firewall, where your only option for fault tolerance may be to purchase another unit and cluster it together.
- As an added benefit: when a firewall is installed as a virtual machine, it can be backed up like any other VM and treated like any other VM.
- A virtual firewall can also be used as a hypervisor virtual kernel module.
- Hypervisor virtual kernel module: these modules have become popular from the expansion software-defined networking (SDN).
- Firewall rules can be configured for layer 2 MAC addresses or protocol along with tradition layer 3 and layer 4 rules.
- Virtual firewall kernel modules use policies to apply to all hosts in the cluster.
- The important difference between virtual firewall appliances and virtual firewall kernel modules is that the traffic never leaves the host when a kernel module is used.
- Compared to using a virtual firewall appliance, the traffic might need to leave the current host to go to the host that is actively running the virtual firewall appliance.