Solved

Microsoft Forefront UAG External NIC Configuration on VM Server

Posted on 2013-06-14
9
171 Views
Last Modified: 2015-06-23
Hi Everyone,

Scratching my head a little on this one but should imagine its fairly simple.

I am setting up UAG on a virtual Windows 2008 R2 Server (VMWare 5.1) As per requirements I need to assign 2 public IP's to the external nic. I have setup both the internal and this external nic as per best practices.

Here is some visuals
Public IP 1 - 209.17.187.212
Public IP 2 - 209.17.187.213
Pubic IP Subnet - 255.255.255.248
Public External Gateway - 209.17.187.214

Current Internet IP - 209.17.187.209
Firewall - Sonicwall NSA 3500

Internal IP Range 192.168.1.0/24

I am  failing on one of the pre-requisites to access the internet which I imagine is  because I am using the public gateway on the 'external' nic as required (209.17.187.214) and not the usual gateway on our 'internal' nic (our firewall internal ip - 192.168.1.254) so it doesnt know how to get out.

So I guess I need some help to understand a few things (a bit of VMware newbie):

For the external nic configuration:
- do I need to setup a DMZ first on the firewall and then use those settings on the external nic instead of a public IP? - will this work for Direct Access?
- do i need to setup a route on the firewall to pass through traffic for those public IP's to the server (how does this even work for a vm as I  cannot physically plug it into any of the interfaces on the firewall)

If so does anyone on have any guidance on how to configure this?

I guess this has partly been answered below but I am using a vm and a sonicwall firewall so trying to wrap my head around how to configure:
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Checkpoint_Firewall/Q_25148706.html

Appreciate your help,
Neil
0
Comment
Question by:nhaydock
  • 4
  • 3
9 Comments
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 39249033
physical NICs on the Host ESXi server do not have IP Addresses configured, only network interfaces on the Virtual Machine have IP Addresses configured.

BUT, what you must do, is configure different vSwitches, connected to physical network interfaces, which are connected to the correct physical networks.

and then add network interfaces in the VMs, connected to distinct virtual machine portgroups which are connected to different vSwitches, which in turn are connected to physucal nics in the host, connected to the correct physical networks.

then it's exactly the same as if you had a physical server.
0
 

Author Comment

by:nhaydock
ID: 39249076
Thanks for the reply, certainly makes sense now just got to wrap my head around that - this whole vm world is a little confusing to me but learning....

Please see attached cabling setup diagram. When you say vSwitches do you mean the powerconnects in this diagram or should the physical nics on the host be configured?
VM-cabling.jpg
0
 
LVL 120
ID: 39249088
When I type vSwitches I'm referring to vSwitch0, vSwitch1, vSwitch2 created in the VMware vSphere Host. - networking.

see here as an example.

example vSwitches
I'm assuming here, ports on your Cisco go to Production LANs, and DMZ?

PowerConnect looks like it's just for storage?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:nhaydock
ID: 39249250
Ok I should have known about the vswitches....apologies.

Ok so to dumb it down....

I have to create another vswitch assign a physical host nic to it
Change the adaptor on the vm that uses this vswitch to use this vswitch network connection
Plug a cable into this network port on the host/s into the firewall interface

Does that sound right?
0
 
LVL 120
ID: 39249294
That's correct, you've got it.
0
 

Author Comment

by:nhaydock
ID: 39257850
Sorry for the delay - just getting back to implementing this now. Will setup a vswitch soon but just wondering if you know what to do on the firewall side - ie how do I tell it that traffic destined for 209.17.187.212 should be routed to the UAG server nic 209.17.187.212? To me this doesnt make sense and shouldnt work but I guess there must be some config needed as UAG is supported to work behind a firewall....

Thanks
Neil
0
 
LVL 120
ID: 39257862
that will need to be configured.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40845711
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO: Upload an ISO image to a VMware datastore for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere Host Client, and checking its MD5 checksum signature is correct.  It's a good idea to compare checksums, because many installat…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question