Some commercial firewalls (i.e. Juniper/NetScreen ScreenOS-based gear)
have been offering virtual-systems for years now. I think the negative
comments received here may be appropriate when sharing the system with
non-secure guest OSs, but it seems that it might be alright if its
nothing but firewalls
Cheers,
Kent
Josh wrote:
Hello there.
We have a bunch of obsd firewalls, 8 at the moment, all working nice
and so forth. But we
need to add about another 4 in there for new connections and networks,
which means more
machines to find room for.
So basically I have been asked to investigate running all these
firewalls in two big boxes, with lots
of NIC's, with a bunch of openbsd vritual machines on them. One main
box for the primary firewalls,
one for the secondary. Each virtual machine getting its own physical NIC.
Personally I dont really like the idea, I can see things going wrong,
lots of stuff balancing on a
guest os and box.
Can someone please inform me if this is a really bad idea or not,
ideally with some nice reasoning?
Cheers,
Josh
