Some commercial firewalls (i.e. Juniper/NetScreen ScreenOS-based gear) 
have been offering virtual-systems for years now.  I think the negative 
comments received here may be appropriate when sharing the system with 
non-secure guest OSs, but it seems that it might be alright if its 
nothing but firewalls

Cheers,
Kent


Josh wrote:
quoted text
> Hello there.
>
> We have a bunch of obsd firewalls, 8 at the moment, all working nice 
> and so forth. But we
> need to add about another 4 in there for new connections and networks, 
> which means more
> machines to find room for.
>
> So basically I have been asked to investigate running all these 
> firewalls in two big boxes, with lots
> of NIC's, with a bunch of openbsd vritual machines on them. One main 
> box for the primary firewalls,
> one for the secondary. Each virtual machine getting its own physical NIC.
>
> Personally I dont really like the idea, I can see things going wrong, 
> lots of stuff balancing on a
> guest os and box.
>
> Can someone please inform me if this is a really bad idea or not, 
> ideally with some nice reasoning?
>
>
> Cheers,
>    Josh