Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

VMware SD-WAN Enhanced Firewall Services – who is it for, what problems does it solve and how does it work?

  • March 5, 2024
  • 13 min read
Virtualization Architect. Alex is a certified VMware vExpert and the Founder of VMC, a company focused on virtualization, and the CEO of Nova Games, a mobile game publisher.
Virtualization Architect. Alex is a certified VMware vExpert and the Founder of VMC, a company focused on virtualization, and the CEO of Nova Games, a mobile game publisher.

A year and a half ago, I wrote about the VMware SASE platform, which is built on SD-WAN software-defined networking technology. SD-WAN virtualizes WANs to separate software-based network services from hardware and endpoints for flexibility, ease of management, performance, security, and the ability to quickly scale to clouds.

VMware Explore 2023 featured an interesting talk, “Fortify Your Branches with Enhanced Firewall Service for VMware,” which provided an in-depth look at the security features of VMware SD-WAN Edges. This session, led by experts from VMware and CBTS, covered the evolving network security landscape, VMware SD-WAN and VMware SASE security features, and solutions to today’s security challenges.

VMware also has an excellent overview of the VMware SD-WAN Enhanced Firewall Services features in the VMware SASE Orchestrator console, which I’ll cover below:

To address the security challenges of a modern distributed corporate network, including the growth of network services at the network edge, VMware offers the VMware SD-WAN Enhanced Firewall Services. This service is designed to provide advanced security features directly at the edge of the network, meeting the needs of distributed workforces and branch offices.

VMware offers the VMware SD-WAN Enhanced Firewall Services

VMware SD-WAN Enhanced Firewall Services are an essential element of the VMware SASE layered security solution. Based on VMware’s long-developing NSX security technology, this service is built into both physical and virtual VMware SD-WAN Edge appliances.

VMware Orchestrator | Quick Start Profile

The product itself can improve and stabilize network performance and eliminate the need for legacy firewalls in branch offices while providing a comprehensive approach to security. Like all VMware SASE components, Enhanced Firewall Service management is integrated into VMware SASE Orchestrator, simplifying operations for network administrators and eliminating the need to manage security at multiple locations.

Problems to be solved

Let’s look at the list of problems present in modern distributed network infrastructures of large enterprises, which Enhanced Firewall Service solves:

  • Traditional office and remote workspaces use inefficient WAN architectures originally designed for applications in corporate data centers. Passing all internet traffic back through these data centers for routing and security checks leads to delays and complexity to manage due to different security policies. It should also be noted that legacy WAN architectures often do not include modern security checks, leaving vulnerabilities for hacker attacks.
  • Traditional firewalls require installation and management along with other equipment, costing IT departments resources to monitor and update security.
  • Inadequate security in traditional networks cannot effectively detect and protect against sophisticated DDoS attacks, which can result in network service downtime, data loss, or legal issues.
  • The growing need to support remote work and the increasing number of IoT devices connected to corporate networks creates new security challenges. Unsecured devices in different geographic locations increase the risk of data leaks and cyber-attacks.
  • The presence of heterogeneous network architectures and the lack of a unified management system makes it difficult to provide a comprehensive security assessment and timely response to threats.

VMware SD-WAN Enhanced Firewall Service Features

The main features of the Enhanced Firewall Service are:

1. Intrusion Detection and Prevention System (IDS/IPS)

The intrusion detection and prevention (IDS/IPS) feature of the enhanced firewall service improves the overall security of the branch network. IDS and IPS monitor network traffic, analyze it for malicious or suspicious activity, and take measures to prevent possible attacks. They work together to detect and block potentially dangerous traffic before it reaches the network. Overall, the IDS/IPS feature integrated into Edge is key to protecting enterprise branch networks from cyber threats.

VMware Orchestrator | Intrusion Detection and Prevention System (IDS/IPS)

VMware Orchestrator | Intrasion Signatures

2. Preventing DDoS attacks

Denial-of-service (DoS) is one of the most common attacks on businesses seen on a daily basis. The enhanced firewall takes various measures to protect all VMware SD-WAN components. The firewall’s built-in “network and flood protection” feature on the Edge side can detect and drop connections that exceed the configured level (“flooding”). It can also automatically block TCP-based, ICMP-based and other known attacks.

New Connection Threshold | Preventing DDoS attacks

3. Centralized firewall logging that collects logs from all VMware SASE services

The centralized firewall logging service is a secure and scalable solution designed for organizations of any size. This centralizes logs in one cloud location, making it easier to track and analyze security events across multiple sites and applications. Cloud-based firewall logging provides real-time visibility into network traffic and security events, allowing administrators to quickly detect and respond to threats. Hosted firewall logging can also provide historical audit records required to comply with regulatory standards such as PCI, HIPAA and GDPR.

Centralized firewall logging that collects logs from all VMware SASE services

VMware SD-WAN Edge Firewall is certified by ICSA Labs, and the Edges components themselves meet FIPS 140-2 compliance requirements.

4. Stateful inspection (or so-called dynamic packet filtering) for applications at levels L4-L7

The function of analyzing active connections for layers L4-L7 of the firewall is built into the data plane on the Edge side. It checks incoming and outgoing packets and takes sessions into account. By maintaining a table of connections and states, the firewall accepts only allowed connections and incoming traffic, blocking all other traffic from external sources. This firewall is also aware of running applications, which allows it to detect and block malicious traffic.

Stateful inspection (or so-called dynamic packet filtering) for applications at levels L4-L7

5. Traffic segmentation, which separates its different types

VMware SD-WAN technology allows users to partition the network using segments and VRF (Virtual routing and forwarding) features. Users are able not only to separate different types of traffic (enterprise, voice, guest, etc.), but also apply different firewall policies unique to each segment. For example, you can isolate guest traffic in a separate segment and disable corporate VPN features, thereby reducing the risk of Network Lateral Movement across the network.

Traffic segmentation, which separates its different types

6. Templateable firewall policy to quickly create security rules based on various criteria and easily apply them

Edge firewall offers ready-made templates for conveniently creating and managing policies. This allows administrators to quickly create security rules based on various criteria and easily apply them to multiple Edges across multiple sites, providing consistency across the entire corporate network and granular control.

7. Unified management and security monitoring in one console with VMware Edge Cloud Orchestrator

Firewall policies, like all components of the SASE infrastructure, are centrally managed from a single console using VMware SASE Orchestrator.

Unified management and security monitoring in one console with VMware Edge Cloud Orchestrator

Centralized configuration, monitoring, and management enable administrators to maintain consistent security policies across sites. It also helps them to quickly respond to potential security events, and effectively diagnose and resolve problems, thereby reducing the risk of data leaks and other security incidents.

Additional network security and control options

In addition to the above, the Enhanced VMware SD-WAN Firewall Service includes:

  • Advanced protection against viruses and malware, providing an additional layer of security to prevent threats.
  • Deep packet analysis to provide more granular control and monitoring of network traffic.
  • Automatically updates signatures and detection algorithms to ensure your protection is up-to-date against the latest threats.
  • Support for cloud services and integration with cloud providers, making it easy to extend protection to cloud resources.
  • Easy-to-use user interface for more intuitive security policy management and network monitoring.
  • Possibility of integration with other VMware products and services, creating a comprehensive security system for the entire IT infrastructure of the company.

Conclusion

VMware SD-WAN Enhanced Firewall Service is an innovative network security solution. It is designed for midsize and enterprise customers looking to securely protect their distributed enterprise networks, including regional offices and remote branch offices. This solution is especially relevant for enterprises with distributed branch networks and cloud environments that face challenges associated with legacy WAN architectures and the need to adapt to modern security threats.

Hey! Found Alex’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!