Create DMZ in Vcenter

You need to create a new Virtual Machine Portgroup, label it DMZ, use VLAN Tags for your DMZ.

Then select that virtual machine portgroup for your 3 VMs, e.g. edit VM Settings, and select that Portgroup Label next to the Network Interface.

You may also need to change the IP Addresses in the VMs to match your IP Address scheme in your DMZ.

Andrew thanks. I create the port group and assigned my DMZ VLAN to the Port Group. However when I add a virtual machine with the DMZ IP Addressing to that port group I cannot ping the DMZ VLan GW on the firewall. Network guys say they have extended the DMZ Vlan to the firewall. When running a tracert I notice the trace gets dropped right away so makes me think there is another  setting in Vcenter I need to make?

No more settings are required on host or vCenter Server (which really has nothing to do with it, it's just a Management Server!)

If you've create the virtual machine portgroup, and the correct VLAN is tagged, that's all that is required.

Can you send me a screenshot of your networking.

Sure. See attached virtual switches for the 1 host its currently configured on.
Doc2.docx

So VLAN 202 is the DMZ, and VLAN 202 should be running and trunked (tagged) down those nic links vmnic2 and vmnic3....

all the configuration that is needed.

if the IP Address is configured correctly on the VM - IP Address.... all should be good and working.

Can other devices on the DMZ ping each other if allowed ?

Where do you edit or apply a trunk to the vnics?

Ok that makes sense. I will check the upstream configurations. I suppose I will need to great the same DMZ Port Group on each ESXi host in the cluster if I want to vmotion the DMZ VMs later on yes?

thank you for your assistance!!

no problems, have a good day.