- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- CloudGuard for VMware ESXi
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CloudGuard for VMware ESXi
I'm looking for some advice from the community on how to protect a small DC environment with VM over Vmware Vsphere ESXi hypervisor (not VCenter and much less NSX). I know the right product would be CloudGuard for VMware ESXi, but I would like to know the following:
- Implementing this would be like putting a perimeter firewall where VMs need to point their default gateway to this Cloudguard VM to be inspected/protected?
- Regarding lateral movement, Is it possible to protect communications between VMs in the same segment within the host where Cloudguard is installed? (without the need for NSX or VCenter) maybe deploying Cloudguard in layer2??
Thank you for your comments
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @MikeB
You can use the Cloud Guard image for NSX or a normal R80.40 installation image. Cloud Guard image for NSX contains only Cloud Guard controller 2.0, which allows you to import cloud objects into SmartConsole.
To your question, I would always use a dedicated management interface.
Layer 2 is not so good, because the VMWare interface (vSwitch) has to be set to promiscuous mode. This may cause to L2 spanning tree problems.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @MikeB
You can use the Cloud Guard image for NSX or a normal R80.40 installation image. Cloud Guard image for NSX contains only Cloud Guard controller 2.0, which allows you to import cloud objects into SmartConsole.
To your question, I would always use a dedicated management interface.
Layer 2 is not so good, because the VMWare interface (vSwitch) has to be set to promiscuous mode. This may cause to L2 spanning tree problems.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I run CloudGuard IaaS on bare metal ESXi just fine.
To get full protection from lateral movement in Layer 2, you do unfortunately need to use NSX-T.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you @HeikoAnkenbrand and @PhoneBoy . It's clearer to me now.