What is a virtual firewall?
A virtual firewall, like it’s physical equivalent, provides network traffic filtering and monitoring in a virtualized environment. It manages and controls incoming and outgoing traffic, allowing or preventing access between trusted and untrusted zones. Whereas a hardware firewall is physically located at the edge of the network or between environments, a virtual one is essentially software. Market leading virtual firewalls are offered by our partners Palo Alto Networks and Fortinet.
Do I really need a virtual firewall?
Firewalls are a crucial component of any network security architecture but the limitation to physical ones is that they are a rigid, fixed resource that is difficult to adapt. You need to consider the capacity, visibility and speed requirements of your current network security as well as whatever network growth might happen.
The rate at which bandwidth demand, traffic mix and SSL/TLS adoption is growing means that a physical firewall installed today would fail to offer acceptable traffic inspection capacity well before the average three-year upgrade cycle. Virtualizing your on-premise network firewall allows you to enjoy the same features as physical firewalls, but with added flexibility to scale, meaning you don’t need a crystal ball to foresee your future security needs.
As the IT market adopts cloud-based operations, there has already been a big increase in firewall virtualization, which is only forecast to continue growing. Relying on physical firewalls involves expensive hardware upgrades and inconvenient downtime while changes are made to the network security infrastructure.
What are the advantages over a physical firewall?
There is no longer an argument to be made that says virtual firewalls are the poor cousins of their physical counterparts. The virtual firewall has evolved to provide services which replicate the capabilities customers expect from a physical firewall. In addition, you’ll also benefit from:
- Scalability: a software-defined model allows you to increase inspection capacity depending on rapidly changing requirements. Security professionals no longer have to rely on accurate predictions of future use.
- Agility: again, thanks to the cloud-based approach, there is the ability to dynamically add capacity at the push of a button. Not only is it quick, it’s easy.
- Reduced CAPEX: there isn’t the initial outlay on new hardware, instead the model is subscription based. Expenses move from CAPEX to OPEX and you only pay for what you need at any given time.
- Zero-touch operations: virtualization enables centralized management with an intuitive UI. One virtualized infrastructure manager can orchestrate policy management and other administrative functions across the whole network. What’s more, enterprises no longer have to worry whether they have the scarce DevOps expertise in-house to set up and manage a new firewall. It’s quick and easy to train staff.
- Future services: when built on a secure access secure edge (SASE) framework, you can start with virtual network firewalls today and add other security services in the future. Capabilities like: application awareness and control; intrusion detection and prevention; advanced malware detection; URL filtering; and logging and reporting.
How do I switch to a virtual firewall?
The first thing to do is to assess the capacity, visibility and speed requirements of your network security. This will help you identify the appropriate virtual firewalls that will give you the scale, flexibility and simplicity your team needs. You will also need to take these key steps to build your own virtual firewall infrastructure:
- Purchase of optimized server hardware
- Configuration of hypervisor software
- Integration of vendor virtual firewall licensing
- Configuration of virtual firewall and policy settings
- Health check mechanisms
- Single pane-of-glass orchestration and monitoring
- Testing and maintenance
This list may look intimidating; that’s because DIY virtualization is. However, if you opt for a turnkey virtualization platform, your to-do list will look very different. A turnkey platform automates virtualization. It will:
- Ensure you use the right commodity server for the virtual firewalls to run on.
- Provide optimized hypervisor software on the server.
- Automate the bootstrap, software upgrade, and configuration of the virtual firewall.
- Scale the service across multiple firewalls and customers.
Instead of an overwhelming amount of DevOps, your virtual firewall can be deployed in minutes at the push of a button. You’ll then have zero-touch network security operations, eliminating the need for on-going maintenance or heavy lifting from the operator’s end.