Solved

Microsoft Forefront UAG External NIC Configuration on VM Server

Posted on 2013-06-14
9
156 Views
Last Modified: 2015-06-23
Hi Everyone,

Scratching my head a little on this one but should imagine its fairly simple.

I am setting up UAG on a virtual Windows 2008 R2 Server (VMWare 5.1) As per requirements I need to assign 2 public IP's to the external nic. I have setup both the internal and this external nic as per best practices.

Here is some visuals
Public IP 1 - 209.17.187.212
Public IP 2 - 209.17.187.213
Pubic IP Subnet - 255.255.255.248
Public External Gateway - 209.17.187.214

Current Internet IP - 209.17.187.209
Firewall - Sonicwall NSA 3500

Internal IP Range 192.168.1.0/24

I am  failing on one of the pre-requisites to access the internet which I imagine is  because I am using the public gateway on the 'external' nic as required (209.17.187.214) and not the usual gateway on our 'internal' nic (our firewall internal ip - 192.168.1.254) so it doesnt know how to get out.

So I guess I need some help to understand a few things (a bit of VMware newbie):

For the external nic configuration:
- do I need to setup a DMZ first on the firewall and then use those settings on the external nic instead of a public IP? - will this work for Direct Access?
- do i need to setup a route on the firewall to pass through traffic for those public IP's to the server (how does this even work for a vm as I  cannot physically plug it into any of the interfaces on the firewall)

If so does anyone on have any guidance on how to configure this?

I guess this has partly been answered below but I am using a vm and a sonicwall firewall so trying to wrap my head around how to configure:
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Checkpoint_Firewall/Q_25148706.html

Appreciate your help,
Neil
0
Comment
Question by:nhaydock
  • 4
  • 3
9 Comments
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 39249033
physical NICs on the Host ESXi server do not have IP Addresses configured, only network interfaces on the Virtual Machine have IP Addresses configured.

BUT, what you must do, is configure different vSwitches, connected to physical network interfaces, which are connected to the correct physical networks.

and then add network interfaces in the VMs, connected to distinct virtual machine portgroups which are connected to different vSwitches, which in turn are connected to physucal nics in the host, connected to the correct physical networks.

then it's exactly the same as if you had a physical server.
0
 

Author Comment

by:nhaydock
ID: 39249076
Thanks for the reply, certainly makes sense now just got to wrap my head around that - this whole vm world is a little confusing to me but learning....

Please see attached cabling setup diagram. When you say vSwitches do you mean the powerconnects in this diagram or should the physical nics on the host be configured?
VM-cabling.jpg
0
 
LVL 119
ID: 39249088
When I type vSwitches I'm referring to vSwitch0, vSwitch1, vSwitch2 created in the VMware vSphere Host. - networking.

see here as an example.

example vSwitches
I'm assuming here, ports on your Cisco go to Production LANs, and DMZ?

PowerConnect looks like it's just for storage?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:nhaydock
ID: 39249250
Ok I should have known about the vswitches....apologies.

Ok so to dumb it down....

I have to create another vswitch assign a physical host nic to it
Change the adaptor on the vm that uses this vswitch to use this vswitch network connection
Plug a cable into this network port on the host/s into the firewall interface

Does that sound right?
0
 
LVL 119
ID: 39249294
That's correct, you've got it.
0
 

Author Comment

by:nhaydock
ID: 39257850
Sorry for the delay - just getting back to implementing this now. Will setup a vswitch soon but just wondering if you know what to do on the firewall side - ie how do I tell it that traffic destined for 209.17.187.212 should be routed to the UAG server nic 209.17.187.212? To me this doesnt make sense and shouldnt work but I guess there must be some config needed as UAG is supported to work behind a firewall....

Thanks
Neil
0
 
LVL 119
ID: 39257862
that will need to be configured.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40845711
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now