FortiGate VMX

Hi!

I'm working in redesigning our DC network and I need a little guidance.

We have our DMZ and Internal servers VLANs directly attached to our edge firewall (FortiGate), so we can do IPS, AV and those security features for the DMZ --> Internal traffic. When we talk about IPS, we have edge firewalls and nothing more.

But now we are moving the DC's VLANs far away from the edge, so I'm loosing my NGFW features between VLANs, and that's a problem.

Sec Team is proposing a fisical appliance for the new DC facilities, but I've discovered VMWare NSX network introspection.

Soooo, I'm considering FortiGate VMX, which by my understanding can do NGFW between virtual machines. And it can do it inside VMWare!

Can any of you spot something problematic that I'm not seeing?

I don't trust my VAR's technitian and they are the only ones in my area. You guys are my best chance.