Solved

Microsoft Forefront UAG External NIC Configuration on VM Server

Posted on 2013-06-14
9
137 Views
Last Modified: 2015-06-23
Hi Everyone,

Scratching my head a little on this one but should imagine its fairly simple.

I am setting up UAG on a virtual Windows 2008 R2 Server (VMWare 5.1) As per requirements I need to assign 2 public IP's to the external nic. I have setup both the internal and this external nic as per best practices.

Here is some visuals
Public IP 1 - 209.17.187.212
Public IP 2 - 209.17.187.213
Pubic IP Subnet - 255.255.255.248
Public External Gateway - 209.17.187.214

Current Internet IP - 209.17.187.209
Firewall - Sonicwall NSA 3500

Internal IP Range 192.168.1.0/24

I am  failing on one of the pre-requisites to access the internet which I imagine is  because I am using the public gateway on the 'external' nic as required (209.17.187.214) and not the usual gateway on our 'internal' nic (our firewall internal ip - 192.168.1.254) so it doesnt know how to get out.

So I guess I need some help to understand a few things (a bit of VMware newbie):

For the external nic configuration:
- do I need to setup a DMZ first on the firewall and then use those settings on the external nic instead of a public IP? - will this work for Direct Access?
- do i need to setup a route on the firewall to pass through traffic for those public IP's to the server (how does this even work for a vm as I  cannot physically plug it into any of the interfaces on the firewall)

If so does anyone on have any guidance on how to configure this?

I guess this has partly been answered below but I am using a vm and a sonicwall firewall so trying to wrap my head around how to configure:
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Checkpoint_Firewall/Q_25148706.html

Appreciate your help,
Neil
0
Comment
Question by:nhaydock
  • 4
  • 3
9 Comments
 
LVL 118

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 500 total points
ID: 39249033
physical NICs on the Host ESXi server do not have IP Addresses configured, only network interfaces on the Virtual Machine have IP Addresses configured.

BUT, what you must do, is configure different vSwitches, connected to physical network interfaces, which are connected to the correct physical networks.

and then add network interfaces in the VMs, connected to distinct virtual machine portgroups which are connected to different vSwitches, which in turn are connected to physucal nics in the host, connected to the correct physical networks.

then it's exactly the same as if you had a physical server.
0
 

Author Comment

by:nhaydock
ID: 39249076
Thanks for the reply, certainly makes sense now just got to wrap my head around that - this whole vm world is a little confusing to me but learning....

Please see attached cabling setup diagram. When you say vSwitches do you mean the powerconnects in this diagram or should the physical nics on the host be configured?
VM-cabling.jpg
0
 
LVL 118
ID: 39249088
When I type vSwitches I'm referring to vSwitch0, vSwitch1, vSwitch2 created in the VMware vSphere Host. - networking.

see here as an example.

example vSwitches
I'm assuming here, ports on your Cisco go to Production LANs, and DMZ?

PowerConnect looks like it's just for storage?
0
 

Author Comment

by:nhaydock
ID: 39249250
Ok I should have known about the vswitches....apologies.

Ok so to dumb it down....

I have to create another vswitch assign a physical host nic to it
Change the adaptor on the vm that uses this vswitch to use this vswitch network connection
Plug a cable into this network port on the host/s into the firewall interface

Does that sound right?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 118
ID: 39249294
That's correct, you've got it.
0
 

Author Comment

by:nhaydock
ID: 39257850
Sorry for the delay - just getting back to implementing this now. Will setup a vswitch soon but just wondering if you know what to do on the firewall side - ie how do I tell it that traffic destined for 209.17.187.212 should be routed to the UAG server nic 209.17.187.212? To me this doesnt make sense and shouldnt work but I guess there must be some config needed as UAG is supported to work behind a firewall....

Thanks
Neil
0
 
LVL 118
ID: 39257862
that will need to be configured.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40845711
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now