Firewall at Hypervisor Level

tcabernoch

Active Member
Apr 27, 2024
237
47
28
Portland, OR
www.gnetsys.net
I just attended a VMUG where they brought in a heavy hitter that quite effectively made the case for their new product VMware vDefend Distributed Firewall (formerly known as VMware NSX Distributed Firewall). The primary focus of my job is getting us off of VMware, so I don't care about his product. If its not free, its a non-starter.

He did impress upon me the unique vantage point of the hypervisor as a place to interdict the spread of ransomware. With 80% of your enterprise virtualized, the hypervisor sees all. It's surveillance and interdiction capability cannot be circumvented like an agent. My NetAdmin however, is unimpressed.

So here's my question(s).
  • What does the PVE firewall bring to the table that you can't get via your physical network stack?
  • I see it does Suricata. That's cool. How's that working out for folks?
  • Is there anything else wonderful about the PVE firewall? Or maybe is it a POS that I should stay away from?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!