VMware vSphere

I am currently in the process of switching from a Barracuda load balancer to an F5 load balancer. During my discussion with F5 I found that their load balancing device also has the capability to function as a firewall.

After reviewing the feature set their firewall had to offer I am interested in making the switch. However, the F5 device is virtualized and I am nervous about relying on a virtual firewall instead of a physical.

My main concern is the server (ESXi) that would be housing the firewall/load balancer vm would also be housing other virtual machines. I understand that I can utilize vSwitches to logically separate the incoming public traffic from my private traffic, but I don’t fully understand the security consequences that would have. Could traffic hop from one vSwitch to another bypassing the firewall? What are other possibilities I should consider? What type of settings should I make sure are in place before implementing this setup? Or is it just a bad idea and I shouldn’t do it?

Welcome to the Community - Traffic cannot hop between virtual switches - the traffic will remain isolated between your public network and private network

It definitely is not a bad idea as VMware has developed their own security infrastructure called vShield which relies on virtual appliances providing services like firewall and anti-virus in partnership with security companies