On 9/20/07, Josh <[EMAIL PROTECTED]> wrote: > Hello there. > > We have a bunch of obsd firewalls, 8 at the moment, all working nice and > so forth. But we > need to add about another 4 in there for new connections and networks, > which means more > machines to find room for. > > So basically I have been asked to investigate running all these > firewalls in two big boxes, with lots > of NIC's, with a bunch of openbsd vritual machines on them. One main box > for the primary firewalls, > one for the secondary. Each virtual machine getting its own physical NIC. > > Personally I dont really like the idea, I can see things going wrong, > lots of stuff balancing on a > guest os and box. > > Can someone please inform me if this is a really bad idea or not, > ideally with some nice reasoning?
I don't like the idea of virtualiazing the firewalls either. It's just asking for trouble. What happens when the host OS gets hacked? Better I think to get some of these: http://www.netgate.com/product_info.php?cPath=67&products_id=369 and some soekris boards. You'll be able to fit 2 firewalls per 'u'. Then either use VLANS, or put a nic on each segment. -Bryan