?
Solved

Microsoft Forefront UAG External NIC Configuration on VM Server

Posted on 2013-06-14
9
Medium Priority
?
188 Views
Last Modified: 2015-06-23
Hi Everyone,

Scratching my head a little on this one but should imagine its fairly simple.

I am setting up UAG on a virtual Windows 2008 R2 Server (VMWare 5.1) As per requirements I need to assign 2 public IP's to the external nic. I have setup both the internal and this external nic as per best practices.

Here is some visuals
Public IP 1 - 209.17.187.212
Public IP 2 - 209.17.187.213
Pubic IP Subnet - 255.255.255.248
Public External Gateway - 209.17.187.214

Current Internet IP - 209.17.187.209
Firewall - Sonicwall NSA 3500

Internal IP Range 192.168.1.0/24

I am  failing on one of the pre-requisites to access the internet which I imagine is  because I am using the public gateway on the 'external' nic as required (209.17.187.214) and not the usual gateway on our 'internal' nic (our firewall internal ip - 192.168.1.254) so it doesnt know how to get out.

So I guess I need some help to understand a few things (a bit of VMware newbie):

For the external nic configuration:
- do I need to setup a DMZ first on the firewall and then use those settings on the external nic instead of a public IP? - will this work for Direct Access?
- do i need to setup a route on the firewall to pass through traffic for those public IP's to the server (how does this even work for a vm as I  cannot physically plug it into any of the interfaces on the firewall)

If so does anyone on have any guidance on how to configure this?

I guess this has partly been answered below but I am using a vm and a sonicwall firewall so trying to wrap my head around how to configure:
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Checkpoint_Firewall/Q_25148706.html

Appreciate your help,
Neil
0
Comment
Question by:nhaydock
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 122

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 2000 total points
ID: 39249033
physical NICs on the Host ESXi server do not have IP Addresses configured, only network interfaces on the Virtual Machine have IP Addresses configured.

BUT, what you must do, is configure different vSwitches, connected to physical network interfaces, which are connected to the correct physical networks.

and then add network interfaces in the VMs, connected to distinct virtual machine portgroups which are connected to different vSwitches, which in turn are connected to physucal nics in the host, connected to the correct physical networks.

then it's exactly the same as if you had a physical server.
0
 

Author Comment

by:nhaydock
ID: 39249076
Thanks for the reply, certainly makes sense now just got to wrap my head around that - this whole vm world is a little confusing to me but learning....

Please see attached cabling setup diagram. When you say vSwitches do you mean the powerconnects in this diagram or should the physical nics on the host be configured?
VM-cabling.jpg
0
 
LVL 122
ID: 39249088
When I type vSwitches I'm referring to vSwitch0, vSwitch1, vSwitch2 created in the VMware vSphere Host. - networking.

see here as an example.

example vSwitches
I'm assuming here, ports on your Cisco go to Production LANs, and DMZ?

PowerConnect looks like it's just for storage?
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 

Author Comment

by:nhaydock
ID: 39249250
Ok I should have known about the vswitches....apologies.

Ok so to dumb it down....

I have to create another vswitch assign a physical host nic to it
Change the adaptor on the vm that uses this vswitch to use this vswitch network connection
Plug a cable into this network port on the host/s into the firewall interface

Does that sound right?
0
 
LVL 122
ID: 39249294
That's correct, you've got it.
0
 

Author Comment

by:nhaydock
ID: 39257850
Sorry for the delay - just getting back to implementing this now. Will setup a vswitch soon but just wondering if you know what to do on the firewall side - ie how do I tell it that traffic destined for 209.17.187.212 should be routed to the UAG server nic 209.17.187.212? To me this doesnt make sense and shouldnt work but I guess there must be some config needed as UAG is supported to work behind a firewall....

Thanks
Neil
0
 
LVL 122
ID: 39257862
that will need to be configured.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40845711
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question