Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 803
  • Last Modified:

Vmware 'team' setup for checkpoint development / network simulation


Hi,

I have got Vmware Workstation v5.5.1

I have created 3 virtual machines, all windows 2003 server :-

One which will run checkpoint ng and act as the firewall /gateway  (static IP)
One which will run AD, DNS and DHCP(static IP)
The other will just act as a client on the network  (dynamic IP)

At the moment they are just installed as seperate virtual machines, They can see and ping each other in a virtual machine and get on the internet.

I need to set them up to study for my Checkpoint CCSA certification, so I will be altering the rulebase etc on checkpoint then testing it in a simulated network enviroment.

Im unsure how to set the network up to work properly, especially the Virtual machine that will run checkpoint - surely it will need two virtual NICs so as to simulate NAT.

The PC which VMWare runs on has just one NIC, and connects directly to a cable modem.

If someone has done this type of setup before then I would be most grateful for advice

Cheers
Matt


0
ma77smith
Asked:
ma77smith
1 Solution
 
prashsaxCommented:
All you need is a second NIC on your host machine.

Just install a loopback adapter and it will work fine for you.

Here is how you do it.

On your host machine.(Real Machine)

Goto control panel, Add new Hardware.
Select choose from list, select network adapter.
Then from the list of network adapter, choose microsoft as company and loopback as adapter.

Click next to install and finish.

Now your host machine will have two NIC cards.

Now use this second nic in all your VMWare virtual guest machines.

On the checkpoint machine, choose DSL NIC as outside and Loopback as inside.

On remaining two machines, just choose loopback adapter, so that they would have to go thru checkpoint, if they need to access internet. With this config you can simulate a real network.

0
 
DaMaestroCommented:
If the purpose is to simulate a firewall for the virtual lan, then all you would need to do is setup the two virtual nics. One of the virtual nics will be on the virtual lan and the other virtual nic would be shared with the host. Since I like order, I would probably name the shared one Internet and the virtual one Local Network. I also like to switch up the ip scheme as well. If your cable modem network (shared virtual nic) is internally 192.168.x.x, make your virtual network 10.100.x.x or 172.17.x.x.

If the purpose is to simulate a TEAM adapter, then you would need teaming software for the two virtual nics

If you need the host pc to be able to communicate to the virutal network, or you need another computer to communicate with the virtual network, then you would need a second nic card on the host computer to be setup for a shared connection as well. This is useful if you are testing a virtual AD Group Policy on external hardware, say like an access point.

0
 
prashsaxCommented:
Here is what you should have to practice with checkpoint.


DSL Internet NIC--------------Checkpoint Machine--------------------LoopBack
                                                                                               |
                                                                                               |----------------------Machine1-AD
                                                                                               |----------------------Machine2-Client

With this you can ping Machine 1, Machine 2 and Checkpoint using loopBack.

Also, then you can practice opening ports on checkpoint for Machine1 and Machine 2 to be able to access internet using NAT, Access list etc.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
ma77smithAuthor Commented:

Para, what you have said makes total logical sense to me - but I cant seem to implement it in vmware!

When I create a loopback adapter on my real pc, it doesnt show up in any of the virtual machines as NIC

When you say the virtual machines 'use' the loopback NIC, I presume you mean then use it as their default gateway ?? (as its the internal IP for the checkpoint)

The VMachines use the VMnet8 adapter by default and use the network IP 192.168.40.0


DaMaestro -  The NIC on my PC has a public address that it gets from the ISP - the cable modem uses no NAT

Cheers
Matt
0
 
prashsaxCommented:
So, map VMnet7 or 6 to loopback nic.

Then use VMnet7 in both of your machines ie. AD and client.

On checkpoint use VMNet8 and VMnet7 as well.

Does, this make sense.

You should have a utility in Vmware from where you can map network cards to be used in guest machines.
0
 
DaMaestroCommented:
Do you need the host machine to have network connectivty to the virtual network other than the shared connection? If not, the loopback is not neccscary. Only an additional virtual nic in the virtual machine's configuration screen is required to simulate an external to internal vpn/firewall/nat scenario
0
 
nttranbaoCommented:
prashsax is right, if you replace the loopback with the HOST connection in your real machine. When you install VMWare, it will install 2 other Virtual NIC on your real machine. One of the is the HOST ( Virtual Network 1 ), which you used to connect to the TO-HOST connection (Virtual Network 1) of the virtual machine. To simplify it, the virtual machine will connect to your real one via VIRTUAL HOST connection.

I suggest you see the VMWare Help about Networking and Virtual Networks
0
 
prashsaxCommented:
If you need some more details here it is:

Open the Virtual Network Manager.

Goto 3rd Tab(I can't recall the heading of the TAB). It will show you mapping of VMNet1-8 to actual adapter.

Just map any of the VMNetX adapter to Loopback Adapter.
You already have VMnet8 mapped to DSL NIC.

Now, use VMNetX adapter in your all virtual machines.

Also, add VMNet8 as secondary NIC in your checkpoint machines.

0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now