Is running a firewall in a VM less secure than on a physical box?

[Jeff7181]

I have a home version of Astaro firewall and I'm running it in a VM on my ESXi host to test it. I think I'd like to use it, but I don't have a box I can dedicate to it. So my question is, assuming the ESXi host is configured properly and all security measures that can be taken with securing VM's are in place, is a firewall running in a VM less secure than a firewall running on a dedicated piece of hardware? If there's other VM's running on the same ESXi host, does that make them less secure? What factors are there to consider? Would useing multiple NICs, some dedicated to the firewall VM, make it more secure?

 

[jtusa]

As long as your traffic is routed correctly you should be fine.

 

[dawks]

Technically there is ESXi software (driver) between the physical NIC and a VM, so its theoretically possible to compromise that ESXi software and therefore the VM. If someone were able to modify how ESXi was running, it *could* route traffic around the VM. This would be pretty difficult and unlikely, so you should be fine as long as everything is configured properly.

At home, not a huge deal... Running the CIA's network, maybe more of a concern

 

[Jeff7181]

Cool.