Things to Keep in Mind with Virtual Machine Firewalls
For edge firewalls, a physical device is highly recommended. Say you have a remote office with one VMware server. Sure, it has plenty of extra network ports, CPU, RAM,etc., but don’t forget about situations like the following: Consider an example where the virtualized firewall provides an OpenVPN or IPsec tunnel back to HQ and is the only link home. VMware needs an update that requires a reboot, but there are no IT staff at the remote location. You connect to Vsphere and you gracefully shut down all of your VMs before rebooting the VMware box. But, oops! You shut down your firewall, which means your remote location no longer has Internet or VPN connectivity. Darn. Now someone physically needs to get things booted back up at the remote location. If you had a dedicated firewall, your VPN link would still be up and you could reboot your VMware server without issue. Virtualization is great, but there are situations where it will cause you more problems than any money you might have saved by not investing in a physical device.
Below are a few open source firewall options. Test a couple different ones out to see what fits your needs. There are other options out there, but below are some of the most popular. Wikipedia has a decent list of firewalls that are free and paid https://en.wikipedia.org/wiki/Comparison_of_firewalls
pfSense firewall – pfSense® is an open source firewall platform that is FreeBSD based. It is a great open source firewall platform with enough add-ins and advanced configuration options to suit most. This is the open source firewall that MaDwall Security is most familiar with and would recommend to anyone.
Excellent overview of the different PFsense features and settings on version 2.2.2 https://www.youtube.com/watch?v=dfix8WsNSHc
OPNsense® – Recommended by M0n0wall , since M0n0wall has shut down. OPNsense is another FreeBSD-based open source firewall.
Smoothwall® – Smoothwall is a Linux-based open source firewall option.
As always, contact Schneider Downs if you have more specific or detailed questions about open source firewalls and visit Schneider Downs Technology Services webpage to learn about the services we offer.