Firewall – Running Firewall (IPCop) on Hyper-V

firewallhyper-vipcopvpn

I currently use IPCop for our corporate firewall & VPN. I am looking to consolidate a number of servers, and am considering including the firewall server in the consolidation. I currently plan on using Server 2008 with Hyper-V for the virtualization. Has anyone out there tried virtualizing IPCop? Is there anything that I should be aware of? In particular, IPCop has somewhat limited hardware support for NICs – what hardware will the VM see for the network card?

Best Answer

Generally, I would advise against virtualising your firewall. It's another place for insecurity to happen. Web filter, VPN concentrator, yes - perimeter fw, no.

I would say, though, if you are going to do it, it will probably work. I work for SmoothWall (our GPL firewall was IPCop's grandaddy) and we have hyper-v some of our web filter products OK.

Last I looked, however, you were limited to one processor core under linux - so if high performance is required that may be an issue - though one core should be more than enough for a simple firewall job.

Related Solutions

Linux Firewall Appliance that Supports iPhone VPN

Pfsense( http://www.pfsense.com/ ) is BSD based and has an OpenVPN addon. Very reliable and really easy to use.

Firewall – Virtualized firewall under Hyper-V

What Wesley said... Plus a diagram:

              +----------------------------------+
              |    +----------+   +---------+    |     +----+ +----+ +----+
              |    | pfSense  |   | Host OS |    |     |    | |    | |    |
              |    |          |   |         |    |     | PC | | PC | | PC |
              |    +----------+   +---------+    |     |    | |    | |    |
              |         ^   ^          ^         |     +----+ +----+ +----+
              |         |   +------+   |         |        ^      ^      ^
              |         |          |   |         |        |      |      |
              |         V          V   V         |        V      V      V
+--------+    +---+   +-------+  +-------+   +---+      +-----------------+
|Internet|<-->|WAN|<->|WAN NET|  |LAN NET|<->|LAN|<----+|    LAN SWITCH   |
+--------+    +---+   +-------+  +-------+   +---+      +-----------------+
              |          Hyper-V Host            |
              +----------------------------------+

It's actually possible to use the same NIC on the Hyper-V Host for both WAN and LAN, but you'll need to setup vLANs and need a switch that supports them. It gets messy quickly and NICs are fairly cheap. A note on NIC chips, get a good one, like Intel, Broadcom, etc. Stay away from Realtek, Marvel, and most of the on-board chips on cheaper and DIY motherboards. They're nothing but trouble for virtualized environments.

Also, keep in mind that Hyper-V is a bare-metal Hypervisor. It is NOT a service that runs in Windows. What used to be the Windows installation on the machine becomes a special VM. This will not appear to be the case for simplicity and usability reasons, but comes into play when you do things like setup the Hyper-V Networking.

Best Answer

Related Solutions

Linux Firewall Appliance that Supports iPhone VPN

Firewall – Virtualized firewall under Hyper-V

Related Topic