We've discussed key benefits of a distributed firewall service compared to legacy firewalls. Microsegmentation is easily achieved. Hairpinning, which adds latency, is eliminated since packets no longer need to travel to an external firewall appliance to be inspected. Rules are applied close to the virtual machine (VM) without taking up additional VM resources as is the case with software firewall solutions running within the operating system of the VM. The overall effect is a reduction in complexity, which is especially important in a virtual environment with virtual assets constantly being provisioned, removed, and moved on demand.

In the previous chapter, we discussed how to add DFW ...