The biggest question I ask myself when I see VMsafe appliances is: will it replace my current virtual firewall setup? Replace my Anti-virus? or Both? I am seeing a trend that gives me pause. That is a VMsafe appliance being more than one thing. For example, Trend Micro is an Anti-Virus company that bought Third Brigade (a firewall company) and are now in the mix of merging the two technologies into one. What has happened to one tool that does one thing and does that one thing very well?
To me a virtual firewall should provide firewall functionality at the very least and not much else. The disturbing trend is security companies trying to be everything to everyone. Can an AntiVirus company do a firewall well or is it trying to do AntiVirus on the packets being sent through the firewall? Is that not what an IDS does? A fancy management console may look nice, but is it necessary to the basic functionality of a virtual firewall? Is it necessary to use an offsite web interface to manage? Do you even want your security data going offsite?
It is refreshing to see a company that is just trying to be a VMsafe virtual firewall but does that meet my requirements of a virtual firewall?
Let us first look at my virtual firewall requirements:
- Input Packet Filtering
- Output Packet Filtering
- Some form of Intrusion Detection System (IDS)
- Port Forwarding to different or same ports on different internal host
- Pin Holes between protected networks
- Support for multiple interfaces for my External network
- Support for any number of DMZ networks
- Support for a special Wireless network
- Support for the internal network
- Logging of specific packets as necessary
These are other items my virtual firewall currently does but could be handled by internal virtual machines as necessary and would add a fair amount of bloat to a VMsafe firewall so I do not expect them to be there and not sure I want them to be there either.
- OpenVPN Server
- DHCP Server
- Forwarding DNS Server
- NTP Server (not really used)
So can any of the new VMsafe firewalls provide this level of functionality?
Altor 3.0 looks like it will cleanly but probably not seamlessly replace my virtual firewall. Altor 3.0 has input packet and output packet filtering as well as IDS capability. Of my must have elements, Altor is actually missing, what I consider the most important aspect of my existing firewall: That is the ability to do Port Forwarding to different or same ports on different internal hosts.
Without this capability, I am not sure Altor could be a drop in replacement, but it does come close. I would need to setup secondary VMs to forward packets, act as my DHCP, DNS, and OpenVPN Servers.