I keep asking myself, can any of the current batch of virtualization security products replace my existing virtual firewall setup, I keep on coming back to my modest requirements:
- Network Address Translation
- Port Redirection
- Logging of bad traffic (and filtering)
- Web Proxy
These Edge Firewall requirements push many of the security tools away from me, but then I started thinking what happens to the products if I did not use their firewall technology, what are the benefits and could this actually be done?
So let’s look at each of the virtualization security products and ignore the firewall and networking access control components which are part of their firewall products.What I realized was that the firewall is intrinsic and a major component of each of these tools and while you can disable policy settings, most of the unique functionality of each tool does not work with out it. Even so, what does each give me as a useful tool without the firewall in use? To me this implies that any VMsafe network introspection is not in use.