• Skip to primary navigation
  • Skip to main content
  • Skip to footer

+1-613-287-0393

info@corsa.com

Support

  • LinkedIn
  • Twitter
  • YouTube
Corsa Security

Corsa Security

Scaling network security

  • Solutions
    • Automate Your Managed Virtual Firewall Service
    • Modernize Enterprise Network Firewalls
    • Scaling Virtual Firewall Clusters
    • Complete Communications Monitoring
    • Increase Threat Protection
  • Products
    • Corsa Security Orchestrator
    • Corsa Security Platform for Automating Firewall Virtualization
    • Corsa Security Platform for Scaling Threat Protection
  • Verticals
    • Large Enterprise
    • Service Providers
    • Government
    • State, Local and Education (SLED)
  • Partners
    • Fortinet
    • Palo Alto Networks
    • Find a Reseller or Distributor
    • IT Consultants and Professional Services
    • Industry Collaboration
    • Become a Partner
  • Resources
    • Videos, Whitepapers and Other Content
    • Explainers
  • Company
    • About Corsa Security
      • Corsa Security Recycling Solutions
    • Management Team
    • Board of Directors and Steering Committee
    • News and Blog
    • Careers
    • Support
Contact Us

The True Cost of DIY Firewall Virtualization: PART 1

February 10, 2021 by Carolyn Raab

With its promise of scalable capacity, flexible architecture and simple operations, firewall virtualization is an attractive alternative to physical network firewalls. Historically, if you needed more inspection capacity at the network edge or as part of your managed network firewall service, you had to deploy more physical firewalls. That was very resource and budget intensive. With virtual firewalls, you could have more capacity at the touch of a button.

There’s just one problem. Can you imagine using Google Cloud if you had to specify which server you were going to use and what kind of SR-IOV optimization you wanted? No way, it defeats the purpose. Virtual network firewalls need to be available as a readily consumable service to be successful. All the great cloud platforms that exist today have accomplished this and so can firewall virtualization with a turnkey platform to make this possible.

However, building a virtualization platform which automatically converts physical firewalls to virtual ones and then lets you manage these virtual assets is a lot to develop up front and then maintain going forward. Developing it in-house might sound like the most cost-effective way of doing it – you’re not engaging an outside service provider or buying new technology – but does a DIY approach really save you money?

In this two-part series we’ll break down the true cost of a DIY virtualization project. In today’s post, we’ll discuss the steps and expertise you need to create a truly turnkey platform, which provides fully automated firewall virtualization. In part two, we’ll look at the costs of physical versus virtual firewalls and what you might spend on a DIY virtualization project versus a turnkey platform.

The Key Elements of Automated Firewall Virtualization

There are a number of crucial elements to a turnkey solution that automates the migration to virtual firewalls and their operations going forward. Up front, network firewall virtualization has considerations that are different from virtualizing web applications. Unlike VMWare vRealize and other virtual machine (VM) automation tools, automation of firewall virtualization needs to deal with network configuration and port assignment, for example, to ensure it is mapped from the physical world to the virtual world without any intervention on your part. It also involves these elements:

  1. Use the right commodity server and architecture to deliver the required performance for the virtual firewalls. With virtualization you will want to run your virtual firewall instances on general-purpose x86 CPUs – great on the budget but typically not optimized for network security. So, to get optimal, predictable and on-par performance from your compute, you need a good understanding of the server architecture to avoid bottlenecks of network I/O between the NICs, the CPUs and the RAM inside the server.
  2. Install the right hypervisor software on the server that is optimized for network firewalling. Again, most current hypervisors, and related software are not designed for firewall functions that process through-traffic. So, you need one that is suitable while considering all the relevant networking acceleration technologies, such as SR-IOV, DPDK, and others.
  3. Automate the bootstrapping, upgrading of software, and configuration of the virtual firewall. Booting a firewall VM on top of your hypervisor involves a huge amount of DevOps resources. You have the license, settings and policy configuration to consider. In order to be truly cloud‑like, all this needs to happen automatically. So, it’s not just the integration of the 3rd party firewall vendors’ firewall VMs with hypervisor and server that must be taken care of, but also the integration with the centralized policy manager.
  4. Scale your service across multiple firewalls and customers. This allows you to create as many virtual firewalls as you need. It supports multi-tenancy as well as multi-vendor on a single platform.

A turnkey virtualization platform covers all of these elements and more. It also incorporates orchestration, so it all works together and is controlled by a single dashboard. This orchestration must provide full management and configuration of the whole platform and be tightly integrated with the firewall vendors licensing application programming interfaces or API’s and policy managers. You also want to make sure it offers full zero-touch auto provisioning and built-in health check mechanisms to monitor VM health, so you can eliminate DevOps resources to manage the virtual firewalls.

The technical investment to automate virtualization of your firewalls is hefty and it probably won’t surprise you that the time and money it takes is substantial.

The Turnkey Virtualization Checklist

On top of these key elements we’ve outlined, we’ve put together a checklist below for you to assess whether a platform is actually delivering the turnkey capability you need. Remember, you’re not just looking at the DevOps required for each element. You also need to consider how each item is integrated into a whole platform. Integration of all the pieces is far from trivial, and rapidly gains more complexity as you scale your needs.

The turnkey checklist for automating firewall virtualization

Now that we’ve outlined the steps involved in a DIY virtualization project, you can start to calculate the how much a turnkey platform saves time and money by reducing DevOps – no team of engineers who will have to specify and source the appropriate servers, no experts to code up an integration of the servers with management of the virtual licenses. And, no need to blend those scarce skills with an understanding of networking so that traffic is properly handled and inspected, while being managed by the security policy manager.

Next time we’ll do a sample calculation that outlines the financial investment involved in a DIY virtualization project versus a turnkey platform for automating firewall virtualization. In the meantime, you can read our white paper, Automating Firewall Virtualization is Easy, to learn about a turnkey approach that helps your replace your physical firewalls with virtual ones.

Category iconBlog Tag iconAutomate firewall virtualization,  Carolyn Raab,  Total Cost of Ownership,  Turnkey Network Security Virtualization,  Virtual Firewalls,  Virtualization

Subscribe to our newsletter

Get the latest posts delivered right to your inbox

Automate network security virtualization

Talk to us about how to deploy, scale and optimize virtual on-premise firewalls with speed, simplicity and savings.

Footer

Corsa Security

We are the leader in automating network security virtualization, which helps large enterprises and service providers deploy, scale and optimize virtual on-premise firewalls with speed (24x faster deployment), simplicity (zero-touch operations) and savings (9x lower TCO). By tightly integrating firewall virtualization with intelligent orchestration, the Corsa Security Orchestrator provides an aggregated view of all your virtual firewalls while managing their infrastructure health, capacity and performance. Customers subscribe to the Corsa Security services based on their current needs and then pay as they grow by integrating credit-based licensing from our firewall partners.

info@corsa.com

Sitemap

  • Home
  • Solutions
  • Products
  • Verticals
  • Partners
  • Resources
  • Company

Quick links

  • Support
  • News and Blog
  • About Corsa Security
  • Corsa Security Platform for Automating Firewall Virtualization
  • Corsa Security Platform for Scaling Threat Protection
  • Corsa Security Orchestrator

Headquarters

300 March Road, Suite 400
Ottawa, ON K2K 2E2
Canada

+1-613-287-0393

San Francisco

201 Spear Street, Suite 1100
San Francisco, CA 94105 
U.S.A.

+1-415-887-2131

  • LinkedIn
  • Twitter
  • YouTube

Copyright © 2025 Corsa Technology Inc. All rights reserved. Privacy. Return to top