Firewall for internal networks
- by Cylindric
I have a virtualised infrastructure here, with separated networks (some physically, some just by VLAN) for iSCSI traffic, VMware management traffic, production traffic, etc.
The recommendations are of course to not allow access from the LAN to the iSCSI network for example, for obvious security and performance reasons, and same between DMZ/LAN, etc.
The problem I have is that in reality, some services do need access across the networks from time to time:
System monitoring server needs to see the ESX hosts and the SAN for SNMP
VSphere guest console access needs direct access to the ESX host the VM is running on
VMware Converter wants access to the ESX host the VM will be created on
The SAN email notification system wants access to our mail server
Rather than wildly opening up the entire network, I'd like to place a firewall spanning these networks, so I can allow just the access required
For example:
SAN  SMTP Server for email
Management  SAN for monitoring via SNMP
Management  ESX for monitoring via SNMP
Target Server  ESX for VMConverter
Can someone recommend a free firewall that will allow this kind of thing without too much low-level tinkering of config files?
I've used products such as IPcop before, and it seems to be possible to achieve this using that product if I re-purpose their ideas of "WAN", "WLAN" (the red/green/orange/blue interfaces), but was wondering if there were any other accepted products for this sort of thing.
Thanks.