Release: 5nine Virtual Firewall 1.0

5nine logo

5nine is a brand new startup that entered the virtualization market less than one month ago.
It launched a capacity planning tool for Hyper-V that goes beyond the planning phase, actually executing the P2V migration.

Rather than trying to capitalize the attention obtained with its first product, 5nine launches a second one, called Virtual Firewall, once again for Hyper-V.

So basically this startup goes solo in the Microsoft territory, while most security firms are competing to release an innovative product for VMware environments that could use the VMsafe APIs.

The heavy critics expressed to those vendors before they started to leverage VMsafe, applies to 5nine as well: delivering a software firewall inside a virtual machine doesn’t make it a virtual firewall by any mean. At the best, the performance of such product become “virtual” as it’s totally unpredictable how many virtual machines will compete to access the physical resources of the host. 
And this of course applies to 5nine, to Microsoft (which supports its ISA Server inside a Hyper-V VM) and to any other vendor, until Hyper-V will provide a VMsafe-like approach to transparently interact with the hypervisor kernel without interacting with the virtual networking and the guest operating systems.

Beyond this the first version of Virtual Firewall is severely limited as it can only filter the traffic that goes to and from the host. There’s no way at the moment to inspect and block the intra-VMs network activity.
Last but not least the product seems to be powered by a simple packet filtering engine when the entire security industry is offering advanced stateful inspection.

It’s understandable that 5nine is trying to offer something easy for the SMB audience that is supposed to adopt Hyper-V, but this first attempt is a little too weak and loses hands down against free but extremely powerful products like pfSense. Yes, their developers don’t call it a “virtual firewall” but customers can still deploy it in a virtual machine and reconfigure the virtual networking to be fully protected.