This content is part of the Essential Guide: Picking the best firewall software, hardware or application
Problem solve Get help with specific problems with your technologies, process and projects.

How to implement virtual firewalls in a complex network infrastructure

If your enterprise has a complex network infrastructure, it might be necessary to implement virtual firewalls or multiple security contexts. Network security expert Mike Chapple explains the pros and cons of doing so.

Can you tell me how to set up virtual firewalls on the network, as well as the security pros and cons of doing so?

Virtual firewalls are a way to maximize your security dollar by consolidating multiple logical firewalls onto a single hardware platform. In Cisco Systems Inc. parlance, they're known as security contexts.

From a security perspective, they're a fine way to save a few bucks, as long as you purchase a product from a reliable vendor and configure it properly. Each virtual firewall has its own rulebase, interfaces and configuration options that make it completely independent from other virtual firewalls running on the same device. The independence of virtual firewalls means that a configuration mistake on one device won't affect the performance of other virtual firewalls.

One additional word of warning: If you're planning to use virtual firewalls, be sure to purchase highly redundant hardware. You don't want a single device failure taking down all of your firewalls!

If you have the complex network infrastructure that would benefit from multiple firewalls, virtual firewalls/security contexts are a great way to go!

For more information:

This was last published in July 2009

Dig Deeper on Network device security: Appliances, firewalls and switches

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.