Solved

Vmware 'team' setup for checkpoint development / network simulation

Posted on 2006-07-12
10
793 Views
Last Modified: 2013-11-16

Hi,

I have got Vmware Workstation v5.5.1

I have created 3 virtual machines, all windows 2003 server :-

One which will run checkpoint ng and act as the firewall /gateway  (static IP)
One which will run AD, DNS and DHCP(static IP)
The other will just act as a client on the network  (dynamic IP)

At the moment they are just installed as seperate virtual machines, They can see and ping each other in a virtual machine and get on the internet.

I need to set them up to study for my Checkpoint CCSA certification, so I will be altering the rulebase etc on checkpoint then testing it in a simulated network enviroment.

Im unsure how to set the network up to work properly, especially the Virtual machine that will run checkpoint - surely it will need two virtual NICs so as to simulate NAT.

The PC which VMWare runs on has just one NIC, and connects directly to a cable modem.

If someone has done this type of setup before then I would be most grateful for advice

Cheers
Matt


0
Comment
Question by:ma77smith
10 Comments
 
LVL 13

Accepted Solution

by:
prashsax earned 350 total points
Comment Utility
All you need is a second NIC on your host machine.

Just install a loopback adapter and it will work fine for you.

Here is how you do it.

On your host machine.(Real Machine)

Goto control panel, Add new Hardware.
Select choose from list, select network adapter.
Then from the list of network adapter, choose microsoft as company and loopback as adapter.

Click next to install and finish.

Now your host machine will have two NIC cards.

Now use this second nic in all your VMWare virtual guest machines.

On the checkpoint machine, choose DSL NIC as outside and Loopback as inside.

On remaining two machines, just choose loopback adapter, so that they would have to go thru checkpoint, if they need to access internet. With this config you can simulate a real network.

0
 
LVL 6

Expert Comment

by:DaMaestro
Comment Utility
If the purpose is to simulate a firewall for the virtual lan, then all you would need to do is setup the two virtual nics. One of the virtual nics will be on the virtual lan and the other virtual nic would be shared with the host. Since I like order, I would probably name the shared one Internet and the virtual one Local Network. I also like to switch up the ip scheme as well. If your cable modem network (shared virtual nic) is internally 192.168.x.x, make your virtual network 10.100.x.x or 172.17.x.x.

If the purpose is to simulate a TEAM adapter, then you would need teaming software for the two virtual nics

If you need the host pc to be able to communicate to the virutal network, or you need another computer to communicate with the virtual network, then you would need a second nic card on the host computer to be setup for a shared connection as well. This is useful if you are testing a virtual AD Group Policy on external hardware, say like an access point.

0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
Here is what you should have to practice with checkpoint.


DSL Internet NIC--------------Checkpoint Machine--------------------LoopBack
                                                                                               |
                                                                                               |----------------------Machine1-AD
                                                                                               |----------------------Machine2-Client

With this you can ping Machine 1, Machine 2 and Checkpoint using loopBack.

Also, then you can practice opening ports on checkpoint for Machine1 and Machine 2 to be able to access internet using NAT, Access list etc.
0
 

Author Comment

by:ma77smith
Comment Utility

Para, what you have said makes total logical sense to me - but I cant seem to implement it in vmware!

When I create a loopback adapter on my real pc, it doesnt show up in any of the virtual machines as NIC

When you say the virtual machines 'use' the loopback NIC, I presume you mean then use it as their default gateway ?? (as its the internal IP for the checkpoint)

The VMachines use the VMnet8 adapter by default and use the network IP 192.168.40.0


DaMaestro -  The NIC on my PC has a public address that it gets from the ISP - the cable modem uses no NAT

Cheers
Matt
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 13

Expert Comment

by:prashsax
Comment Utility
So, map VMnet7 or 6 to loopback nic.

Then use VMnet7 in both of your machines ie. AD and client.

On checkpoint use VMNet8 and VMnet7 as well.

Does, this make sense.

You should have a utility in Vmware from where you can map network cards to be used in guest machines.
0
 
LVL 6

Expert Comment

by:DaMaestro
Comment Utility
Do you need the host machine to have network connectivty to the virtual network other than the shared connection? If not, the loopback is not neccscary. Only an additional virtual nic in the virtual machine's configuration screen is required to simulate an external to internal vpn/firewall/nat scenario
0
 
LVL 7

Expert Comment

by:nttranbao
Comment Utility
prashsax is right, if you replace the loopback with the HOST connection in your real machine. When you install VMWare, it will install 2 other Virtual NIC on your real machine. One of the is the HOST ( Virtual Network 1 ), which you used to connect to the TO-HOST connection (Virtual Network 1) of the virtual machine. To simplify it, the virtual machine will connect to your real one via VIRTUAL HOST connection.

I suggest you see the VMWare Help about Networking and Virtual Networks
0
 
LVL 13

Expert Comment

by:prashsax
Comment Utility
If you need some more details here it is:

Open the Virtual Network Manager.

Goto 3rd Tab(I can't recall the heading of the TAB). It will show you mapping of VMNet1-8 to actual adapter.

Just map any of the VMNetX adapter to Loopback Adapter.
You already have VMnet8 mapped to DSL NIC.

Now, use VMNetX adapter in your all virtual machines.

Also, add VMNet8 as secondary NIC in your checkpoint machines.

0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now