On the Tech Tues chat yesterday a question came up about setting up a firewall VM by connecting one of the NIC ports on the ESX server to external Internet. The question was - Is this a good idea? Is it secure? What is the best practice?

I did a little research this morning and found a white paper from VMware that mentions the exact scenario of having one VM connected externally and acting as a firewall. On page six of VMware Networking Concepts (located at http://www.vmware.com/files/pdf/virtual_networking_concepts.pdf ) there is a diagram and discussion about it.

There is another VMware doc titled ESX 3 Best Practices Guide that I found attached to a VMTN discussion ( http://communities.vmware.com/message/861839#861839) that covers networking best practices. It also has the same recommendation that using virtual switches is very secure and allows for things like firewalls to be setup in a VM.

Todd