Solved: Re: CloudGuard for VMware ESXi

MikeB · ‎2020-10-17

I'm looking for some advice from the community on how to protect a small DC environment with VM over Vmware Vsphere ESXi hypervisor (not VCenter and much less NSX). I know the right product would be CloudGuard for VMware ESXi, but I would like to know the following:

Implementing this would be like putting a perimeter firewall where VMs need to point their default gateway to this Cloudguard VM to be inspected/protected?
Regarding lateral movement, Is it possible to protect communications between VMs in the same segment within the host where Cloudguard is installed? (without the need for NSX or VCenter) maybe deploying Cloudguard in layer2??

Thank you for your comments

HeikoAnkenbrand · ‎2020-10-17

Hi @MikeB

You can use the Cloud Guard image for NSX or a normal R80.40 installation image. Cloud Guard image for NSX contains only Cloud Guard controller 2.0, which allows you to import cloud objects into SmartConsole.

To your question, I would always use a dedicated management interface.

Layer 2 is not so good, because the VMWare interface (vSwitch) has to be set to promiscuous mode. This may cause to L2 spanning tree problems.

View solution in original post

HeikoAnkenbrand · ‎2020-10-17

Hi @MikeB

You can use the Cloud Guard image for NSX or a normal R80.40 installation image. Cloud Guard image for NSX contains only Cloud Guard controller 2.0, which allows you to import cloud objects into SmartConsole.

To your question, I would always use a dedicated management interface.

Layer 2 is not so good, because the VMWare interface (vSwitch) has to be set to promiscuous mode. This may cause to L2 spanning tree problems.

View solution in original post

PhoneBoy · ‎2020-10-17

I run CloudGuard IaaS on bare metal ESXi just fine.
To get full protection from lateral movement in Layer 2, you do unfortunately need to use NSX-T.

MikeB · ‎2020-10-18

Thank you @HeikoAnkenbrand and @PhoneBoy . It's clearer to me now.