Solved

Vmware 'team' setup for checkpoint development / network simulation

Posted on 2006-07-12
10
794 Views
Last Modified: 2013-11-16

Hi,

I have got Vmware Workstation v5.5.1

I have created 3 virtual machines, all windows 2003 server :-

One which will run checkpoint ng and act as the firewall /gateway  (static IP)
One which will run AD, DNS and DHCP(static IP)
The other will just act as a client on the network  (dynamic IP)

At the moment they are just installed as seperate virtual machines, They can see and ping each other in a virtual machine and get on the internet.

I need to set them up to study for my Checkpoint CCSA certification, so I will be altering the rulebase etc on checkpoint then testing it in a simulated network enviroment.

Im unsure how to set the network up to work properly, especially the Virtual machine that will run checkpoint - surely it will need two virtual NICs so as to simulate NAT.

The PC which VMWare runs on has just one NIC, and connects directly to a cable modem.

If someone has done this type of setup before then I would be most grateful for advice

Cheers
Matt


0
Comment
Question by:ma77smith
10 Comments
 
LVL 13

Accepted Solution

by:
prashsax earned 350 total points
ID: 17093379
All you need is a second NIC on your host machine.

Just install a loopback adapter and it will work fine for you.

Here is how you do it.

On your host machine.(Real Machine)

Goto control panel, Add new Hardware.
Select choose from list, select network adapter.
Then from the list of network adapter, choose microsoft as company and loopback as adapter.

Click next to install and finish.

Now your host machine will have two NIC cards.

Now use this second nic in all your VMWare virtual guest machines.

On the checkpoint machine, choose DSL NIC as outside and Loopback as inside.

On remaining two machines, just choose loopback adapter, so that they would have to go thru checkpoint, if they need to access internet. With this config you can simulate a real network.

0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 17093985
If the purpose is to simulate a firewall for the virtual lan, then all you would need to do is setup the two virtual nics. One of the virtual nics will be on the virtual lan and the other virtual nic would be shared with the host. Since I like order, I would probably name the shared one Internet and the virtual one Local Network. I also like to switch up the ip scheme as well. If your cable modem network (shared virtual nic) is internally 192.168.x.x, make your virtual network 10.100.x.x or 172.17.x.x.

If the purpose is to simulate a TEAM adapter, then you would need teaming software for the two virtual nics

If you need the host pc to be able to communicate to the virutal network, or you need another computer to communicate with the virtual network, then you would need a second nic card on the host computer to be setup for a shared connection as well. This is useful if you are testing a virtual AD Group Policy on external hardware, say like an access point.

0
 
LVL 13

Expert Comment

by:prashsax
ID: 17094017
Here is what you should have to practice with checkpoint.


DSL Internet NIC--------------Checkpoint Machine--------------------LoopBack
                                                                                               |
                                                                                               |----------------------Machine1-AD
                                                                                               |----------------------Machine2-Client

With this you can ping Machine 1, Machine 2 and Checkpoint using loopBack.

Also, then you can practice opening ports on checkpoint for Machine1 and Machine 2 to be able to access internet using NAT, Access list etc.
0
 

Author Comment

by:ma77smith
ID: 17094142

Para, what you have said makes total logical sense to me - but I cant seem to implement it in vmware!

When I create a loopback adapter on my real pc, it doesnt show up in any of the virtual machines as NIC

When you say the virtual machines 'use' the loopback NIC, I presume you mean then use it as their default gateway ?? (as its the internal IP for the checkpoint)

The VMachines use the VMnet8 adapter by default and use the network IP 192.168.40.0


DaMaestro -  The NIC on my PC has a public address that it gets from the ISP - the cable modem uses no NAT

Cheers
Matt
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 13

Expert Comment

by:prashsax
ID: 17094174
So, map VMnet7 or 6 to loopback nic.

Then use VMnet7 in both of your machines ie. AD and client.

On checkpoint use VMNet8 and VMnet7 as well.

Does, this make sense.

You should have a utility in Vmware from where you can map network cards to be used in guest machines.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 17095280
Do you need the host machine to have network connectivty to the virtual network other than the shared connection? If not, the loopback is not neccscary. Only an additional virtual nic in the virtual machine's configuration screen is required to simulate an external to internal vpn/firewall/nat scenario
0
 
LVL 7

Expert Comment

by:nttranbao
ID: 17097715
prashsax is right, if you replace the loopback with the HOST connection in your real machine. When you install VMWare, it will install 2 other Virtual NIC on your real machine. One of the is the HOST ( Virtual Network 1 ), which you used to connect to the TO-HOST connection (Virtual Network 1) of the virtual machine. To simplify it, the virtual machine will connect to your real one via VIRTUAL HOST connection.

I suggest you see the VMWare Help about Networking and Virtual Networks
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17099422
If you need some more details here it is:

Open the Virtual Network Manager.

Goto 3rd Tab(I can't recall the heading of the TAB). It will show you mapping of VMNet1-8 to actual adapter.

Just map any of the VMNetX adapter to Loopback Adapter.
You already have VMnet8 mapped to DSL NIC.

Now, use VMNetX adapter in your all virtual machines.

Also, add VMNet8 as secondary NIC in your checkpoint machines.

0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now