Solved

Vmware 'team' setup for checkpoint development / network simulation

Posted on 2006-07-12
10
798 Views
Last Modified: 2013-11-16

Hi,

I have got Vmware Workstation v5.5.1

I have created 3 virtual machines, all windows 2003 server :-

One which will run checkpoint ng and act as the firewall /gateway  (static IP)
One which will run AD, DNS and DHCP(static IP)
The other will just act as a client on the network  (dynamic IP)

At the moment they are just installed as seperate virtual machines, They can see and ping each other in a virtual machine and get on the internet.

I need to set them up to study for my Checkpoint CCSA certification, so I will be altering the rulebase etc on checkpoint then testing it in a simulated network enviroment.

Im unsure how to set the network up to work properly, especially the Virtual machine that will run checkpoint - surely it will need two virtual NICs so as to simulate NAT.

The PC which VMWare runs on has just one NIC, and connects directly to a cable modem.

If someone has done this type of setup before then I would be most grateful for advice

Cheers
Matt


0
Comment
Question by:ma77smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 13

Accepted Solution

by:
prashsax earned 350 total points
ID: 17093379
All you need is a second NIC on your host machine.

Just install a loopback adapter and it will work fine for you.

Here is how you do it.

On your host machine.(Real Machine)

Goto control panel, Add new Hardware.
Select choose from list, select network adapter.
Then from the list of network adapter, choose microsoft as company and loopback as adapter.

Click next to install and finish.

Now your host machine will have two NIC cards.

Now use this second nic in all your VMWare virtual guest machines.

On the checkpoint machine, choose DSL NIC as outside and Loopback as inside.

On remaining two machines, just choose loopback adapter, so that they would have to go thru checkpoint, if they need to access internet. With this config you can simulate a real network.

0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 17093985
If the purpose is to simulate a firewall for the virtual lan, then all you would need to do is setup the two virtual nics. One of the virtual nics will be on the virtual lan and the other virtual nic would be shared with the host. Since I like order, I would probably name the shared one Internet and the virtual one Local Network. I also like to switch up the ip scheme as well. If your cable modem network (shared virtual nic) is internally 192.168.x.x, make your virtual network 10.100.x.x or 172.17.x.x.

If the purpose is to simulate a TEAM adapter, then you would need teaming software for the two virtual nics

If you need the host pc to be able to communicate to the virutal network, or you need another computer to communicate with the virtual network, then you would need a second nic card on the host computer to be setup for a shared connection as well. This is useful if you are testing a virtual AD Group Policy on external hardware, say like an access point.

0
 
LVL 13

Expert Comment

by:prashsax
ID: 17094017
Here is what you should have to practice with checkpoint.


DSL Internet NIC--------------Checkpoint Machine--------------------LoopBack
                                                                                               |
                                                                                               |----------------------Machine1-AD
                                                                                               |----------------------Machine2-Client

With this you can ping Machine 1, Machine 2 and Checkpoint using loopBack.

Also, then you can practice opening ports on checkpoint for Machine1 and Machine 2 to be able to access internet using NAT, Access list etc.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:ma77smith
ID: 17094142

Para, what you have said makes total logical sense to me - but I cant seem to implement it in vmware!

When I create a loopback adapter on my real pc, it doesnt show up in any of the virtual machines as NIC

When you say the virtual machines 'use' the loopback NIC, I presume you mean then use it as their default gateway ?? (as its the internal IP for the checkpoint)

The VMachines use the VMnet8 adapter by default and use the network IP 192.168.40.0


DaMaestro -  The NIC on my PC has a public address that it gets from the ISP - the cable modem uses no NAT

Cheers
Matt
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17094174
So, map VMnet7 or 6 to loopback nic.

Then use VMnet7 in both of your machines ie. AD and client.

On checkpoint use VMNet8 and VMnet7 as well.

Does, this make sense.

You should have a utility in Vmware from where you can map network cards to be used in guest machines.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 17095280
Do you need the host machine to have network connectivty to the virtual network other than the shared connection? If not, the loopback is not neccscary. Only an additional virtual nic in the virtual machine's configuration screen is required to simulate an external to internal vpn/firewall/nat scenario
0
 
LVL 7

Expert Comment

by:nttranbao
ID: 17097715
prashsax is right, if you replace the loopback with the HOST connection in your real machine. When you install VMWare, it will install 2 other Virtual NIC on your real machine. One of the is the HOST ( Virtual Network 1 ), which you used to connect to the TO-HOST connection (Virtual Network 1) of the virtual machine. To simplify it, the virtual machine will connect to your real one via VIRTUAL HOST connection.

I suggest you see the VMWare Help about Networking and Virtual Networks
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17099422
If you need some more details here it is:

Open the Virtual Network Manager.

Goto 3rd Tab(I can't recall the heading of the TAB). It will show you mapping of VMNet1-8 to actual adapter.

Just map any of the VMNetX adapter to Loopback Adapter.
You already have VMnet8 mapped to DSL NIC.

Now, use VMNetX adapter in your all virtual machines.

Also, add VMNet8 as secondary NIC in your checkpoint machines.

0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
Make the most of your online learning experience.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question