Release: 5nine Virtual Firewall 2.0 for Hyper-V

The US startup 5nine entered the virtualization market in June 2009, launching four different products in a very short timeframe: a capacity planning tool that also offers manual P2V migration capabilities, a capacity management tool, an automated P2V migration tool, and a virtual firewall.

To be fair, the first three ones could easily merge into a single product: since the technology is already there, a customer would probably expect that the same tool performs capacity planning before and after consolidation, allowing the administrator to go for manual or fully automated execution of the plan by orchestrating P2V migrations.
Separating all these features in different tools is just a way to complex things, and in fact 5nine now has a bundle called Migration Suite that comprises all products.

While shaping its capacity management offering, 5nine also updates on its other product: Virtual Firewall.

Launched in July 2009, the first version showed severe limitations and a way too simple packet filtering engine to be considered for any medium business or enterprise deployment.

Some of them have been addressed in this new version 2.0: the intra-VMs traffic inspection for instance is now possible.
A new heartbeat service continuously checks if the security rulebase is enforced, stopping the virtual machine if the network filter that the firewall uses is unresponsive (it’s unclear if this behavior can be modified or not.

While the product still lacks of a more powerful stateful inspection engine, it has potential, thanks to some interesting solutions.
For example, it tracks statistics for the number of packets and average size of each packet, creating a network usage pattern. If the pattern chances, the product notifies the user as this may be the hint of worms activity, denial of service (DoS) or other malicious activities.

Virtual Firewall 2.0 also supports System Center Virtual Machine Manager (SCVMM) 2008 R2 to deploy itself on Hyper-Vhosts.
Another new thing is the capability to manipulate the rulebase through a PowerShell API.

The product is priced per-VM, an emerging trend that even the market leader VMware is embracing, and the price starts at $49 per VM.