Thanks DavoudTeimouri!
But seem im not clear in my ideas!
ESXi now not need any security layer because i put the management network in a security LAN zone.
I need a firewall tool to protect 2 webserver that sit directly on the Internet, before these webserver. i google and find that thereis some firewall appliance but i want to build it using the most common tools like iptables and snort in a Linux VM, more over, i don't know how to config this appliance to capture all the traffic in/out to public line.