Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Advisor

CloudGuard for VMware ESXi

Jump to solution

I'm looking for some advice from the community on how to protect a small DC environment with VM over Vmware Vsphere ESXi hypervisor (not VCenter and much less NSX). I know the right product would be CloudGuard for VMware ESXi, but I would like to know the following:

  1. Implementing this would be like putting a perimeter firewall where VMs need to point their default gateway to this Cloudguard VM to be inspected/protected?
  2. Regarding lateral movement,  Is it possible to protect communications between VMs in the same segment within the host where Cloudguard is installed? (without the need for NSX or VCenter) maybe deploying Cloudguard in layer2??

Thank you for your comments

0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted

Hi @MikeB 

You can use the Cloud Guard image for NSX or a normal R80.40 installation image. Cloud Guard image for NSX contains only Cloud Guard controller 2.0, which allows you to import cloud objects into SmartConsole.

To your question, I would always use a dedicated management interface.

Layer 2 is not so good, because the VMWare interface (vSwitch) has to be set to promiscuous mode. This may cause to L2 spanning tree problems.

View solution in original post

Tags (1)
3 Replies
Highlighted

Hi @MikeB 

You can use the Cloud Guard image for NSX or a normal R80.40 installation image. Cloud Guard image for NSX contains only Cloud Guard controller 2.0, which allows you to import cloud objects into SmartConsole.

To your question, I would always use a dedicated management interface.

Layer 2 is not so good, because the VMWare interface (vSwitch) has to be set to promiscuous mode. This may cause to L2 spanning tree problems.

View solution in original post

Tags (1)
Highlighted
Admin
Admin

I run CloudGuard IaaS on bare metal ESXi just fine.
To get full protection from lateral movement in Layer 2, you do unfortunately need to use NSX-T.

Advisor

Thank you @HeikoAnkenbrand  and @PhoneBoy . It's clearer to me now.

0 Kudos
Reply