A method for data center network segmentation is provided. The data center network segmentation is for a hybrid environment including physical servers and appliances as well as virtual servers and appliances. The data center network segmentation uses software-defined networking (SDN) technology of physical SDN-ready servers/appliances and virtual SDN-ready servers/appliances. The method includes centralizing the management of network security policies for physical and virtual firewalls. The method includes using SDN to direct network traffic between physical servers through physical firewalls, and to direct network traffic between virtual servers through virtual firewalls. The method further includes using the SDN to direct network traffic from physical servers to virtual servers through physical firewalls, and to direct network traffic from virtual servers to physical servers through virtual firewalls. A firewall management device monitors activity of the physical and virtual firewalls, and adjusts a firewall management policy in response to the monitored activity.