Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
871
Views
0
Helpful
4
Replies

NFFW virtual firewall ( formerly FTD)

adamgibs7
Level 6
Level 6

‎11-18-2022 01:58 PM

Dears

Please reply me with your experience

  1. if i m not on a public cloud and completely on premises setup then any organization would require a virtual firewall in ESXI host ?? i think it is not required becz  lets assume the vm on the esxi host all are in different subnet and to cross a subnet they need to go to the Default gateway which is physical firewall.  ( Assuming ESXi host server is connected as an port channel to the switch and switch also is connected to firewall with ether channel)
  2. how i can control VM traffic within the same vlan, Please correct me it has to be controlled by esxi host switch becz the traffic will never reach to firewall.

Thanks

0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎11-18-2022 02:06 PM

@adamgibs7 yes enterprise environments certainly would/could run a virtual environment in their ESX environment, it depends on the organisation requirements. The ESX server can have multiple interfaces, which are mapped to a different interface on the virtual firewall, so you can route through these interfaces, filtering traffic as required. One use organisations may use a virtual firewall is for a scalable remote access, adding virtual firewalls to scale out on demand.

Correct, a firewall will be no good filtering traffic inside the same VLAN, you'd rely on other solutions such as Private VLANs (PVLAN), Downloadable ACL (DACL) or ideally TrustSec SGTs.

0 Helpful

adamgibs7
Level 6
Level 6
In response to Rob Ingram

‎11-18-2022 11:40 PM

Dear Rob 

thanks for the reply

The ESX server can have multiple interfaces, which are mapped to a different interface on the virtual firewall, so you can route through these interfaces, filtering traffic as required.

when can be the situation for the above sentence.

Regards

0 Helpful

Rob Ingram
VIP
VIP
In response to adamgibs7

‎11-19-2022 01:27 AM

@adamgibs7 what I am saying is you can deploy the virtual firewall and use a you would with a physical firewall.

0 Helpful

Kaan Bilici
Level 1
Level 1

‎11-18-2022 02:08 PM

Hi,

you can use FTDv its usefull solutions. you need to create a virtual switch on esxi host and port group for wan interface. and you need to create a port group on your default virtual switch witch 4095 vlan tag. all you need is to make these settings.

We use a lot of FTDv in customer systems due to problems with product supply.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card