The term virtual firewall describes a variety of firewall and firewall-like concepts. This can include virtualized software firewalls that provide filtering services for a standard physical network as well as firewalls running between virtualized client and server OSs. In theory, the use of a software firewall as a replacement for a network appliance could work as long as the host OSs network communication is routed through the virtual firewall before leaving the host’s network interface controller (NIC).

This is a relatively new and growing area for firewall deployment. Virtualization offers numerous benefits over a traditional, single OS to a single hardware box deployment. Virtualization allows for rapid development, quick prototyping, isolation, traffic management, quick recoveries, testing, and so on.

By virtualizing firewalls along with OSs, you can craft new network architectures that may not exist in the traditional network architectural concepts. For example, with a virtualized firewall, you could route every communication between every virtualized OS through the filtering services. This would be the equivalent of deploying an appliance firewall between every system, but without the hassle, expense, or complexity.

Virtual firewalls are not a panacea. Virtual firewalls will not be useful in every situation, but these are an interesting new option for deployment to monitor, manage, and filter network traffic over traditional or virtualized network segments.