Using the vGW Series Network and Firewall Modules Cooperatively

There are various ways to use the Network module in the service of the Firewall module to build a strong firewall. This topic explores some of them.

Network Assessment

Administrators are not always aware of events that transpire on their virtualized networks because existing software for the virtualized environment does not always expose them. vGW Series Network module addresses this problem. It gives you a clear view of all traffic flows across your virtualized network. You can view overall throughput, chart protocol usage, identify sources and destinations of traffic, and identify top talkers. You can calculate minimum, maximum, and average figures across specific time intervals for these aspects of your network. In the example shown in Figure 52, the Top Protocols assessment shows that the most heavily used protocols are Microsoft SQL Server followed by MySQL. The table beneath the graph gives details on all protocols used in top down order from most used to least.

Figure 52: Top Protocols Across All Machines Example

Top Protocols Across All Machines Example

Because the vGW Series allows you to view activity that occurs inside the hypervisor, you can quickly discover who is communicating with whom. If you were to use only the vGW Series ability to view connections in real time, you would still be able to make realistic network assessments. But the vGW Series can contribute much more information to use in your network assessment.

As Figure 53 shows, the Network module’s Connections tab displays the number of connections in your network across time for all machines, whether the connections are inbound, outbound, or internal. The table beneath the graph shows when the connection was set up and when it ended, the protocol used, the source and destination endpoints, and the bytes transmitted. You can view this kind of information for an individual VM by selecting the VM in the VM tree.

Figure 53: Network Module Connection Tab Information

Network Module Connection Tab Information

Using the Network Module to Observe Traffic Coming Into and Going Out from VMs

The Network module contributes to your ability to create strong firewall security in many ways. It displays information about all traffic, including traffic internal to a VM, traffic in and out of its vNICs, traffic from another VM on the same host, traffic between VMs on different hosts, and even traffic transmitted through a physical connection. In its simplest sense, you can think of this aspect of the Network module as akin to a packet sniffer, but it is far more than that.

When you use the Time Interval field to select a different time period, vGW Series redraws its graphs to let you view traffic patterns that occur during that period. You might want to use this feature to compare activity during one period of time with another, to look at past behavior, or to hone in on a VM to view its activity during a specific period.

For example, you could view all HTTP connections, the engaged workstations, and how much traffic is transmitted. You could do this for a two-day period, then a week, and then longer to observe anomalies that might exist.

Detecting Unexpected and Unwanted Behavior

The Network module can reveal unwanted behavior on your network that should be prohibited or investigated further. There are many examples of the kinds of information that the Network module might reveal. For example, you might notice that:

Using the Network and Firewall Modules Together

When used together, the Network module and the Firewall module allow you to implement appropriate, strong security for your virtualized environment. By using the Network module to view how VMs behave in real time, you can better analyze your current security posture and observe its weaknesses.

As you begin to lock down your system through the Firewall module, the Network module becomes increasingly useful. After you use the Firewall module to refine your security policy, you can return to the Network module to determine if the change in policy produces the expected behavior.

You might still notice traffic that should not be allowed. In that case, you can return to the Firewall module, create a rule or modify an existing one, and then look at the behavioral results again in the Network module.

You can cycle through this process as many times as necessary to put in place the desired security policy. You can continue to use the Network module and the Firewall module together to implement the security you desire as your network expands and as its security requirements change.

Related Documentation