Canadian Bacon Cybersecurity Series: Are Virtual Firewalls the Same?

Jason Maynard — Mon, 16 Feb 2026 21:11:40 GMT

Is Digital Resilience Impacted with Traditional Virtual Firewalls?

Most people in the industry are fully aware of virtual firewalling within the vendors’ hardware offerings, but do they stand up in today’s modern world? Let’s explore this in more detail but the short answer depends on how they are delivered. I know “it depends”!

Now, virtual firewalls provide multiple benefits such as supporting multiple lines of business, test environments, compliance and regulations, and other use cases. The question is whether they make a great choice when supporting the needs of today’s business?

Time to level set.

Virtual Firewalls are named differently across vendors from multi-context, virtual domains, to even just virtual firewalls and they all have lots of limitations.

Let me explain

Most virtual firewalls are not isolated firewall instances within the hardware platform they reside. In fact, they have a variety of shared components making it difficult to support the needs of the business in today’s agile environment. One could argue that they impact the business environment more than they protect.

If you leverage the old way of how these virtual firewalls are deployed you end up finding out that they are limited as they share many resources, they require the same version of code, you cannot patch one vs. another, if you need to reboot all virtual firewalls must reboot. This does not allow the business to be agile nor resilient.

Diagram 1: visualizes the shared hardware elements

Now, let’s move to the modern era of virtual firewalling. Imagine having the ability to remove all shared services and expand that to ensure CPU and memory are allocated and assigned to the virtual instance. It has complete control over the assigned resources, and nothing can compete with it or monopolize that line of business or use case.

Diagram 2: visualizes the freedom of aligning physical resources to the respective virtual instance.

Is that enough? No! You need to be able to meet the business where they are going and be flexible enough to upgrade to features that matter most to line of business, patch when risk exposes one line of business vs. another or reboot the virtual instance at any point with impacting other virtual instance or lines of business.

Diagram: visualize the core differences that matter

Cisco Secure Firewall supports multi-instance the next generation of virtual firewalling that supports independent instances that can run different versions of code, different patch levels, dedicated hardware, and supports independent rebooting without impacting any other instance on the box.

This is the next generation virtual firewalling supporting the demands of the business with a core focus on digital resilience. It matters

topic Canadian Bacon Cybersecurity Series: Are Virtual Firewalls the Same? in Network Security

Canadian Bacon Cybersecurity Series: Are Virtual Firewalls the Same?

Is Digital Resilience Impacted with Traditional Virtual Firewalls?