I have a couple questions regarding security zones and networks... not sure if this is the right area for it, so bare with me

To paint the picture real quick:

We have multiple security zones behind the FW. Zone 1, 2, 3 4.

In each environment we have ESXi hosts/clusters with vDS. So Cluster for zone, 1, 2, 3, 4.

My question is, is there something that can be done on a HOST/vDS level to give my firewall/security team the warm and fuzzies to allow a VM thats on a zone 2 cluster, to have a vDS for a network that would be in a 3 or 4 zone?

Their biggest concern is the adding of multiple NIC's on a VM. Meaning, if I add a NIC vDS for security zone 2, I can also add one for network 3.

I can elaborate more if anyone else needs!

Thanks!