vCenter

 View Only
Expand all | Collapse all

how to configure dmz port to Virtual machine on esxi 5

  • 1.  how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 07, 2014 10:56 AM

    hello,

    on my sbox router i have dmz port and i would like to connect it to my some virtual machine (on my esxi 5.0.0).

    i don't now what should i do

    Please help me.

    Thanks.



  • 2.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 07, 2014 12:56 PM

    Do you have more than on physical nic on your ESXi server? if you do are you using them all?



  • 3.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 07, 2014 01:56 PM

    i have 4 NIC on my server.im use only one.

    how can i configure the other nics to working with DMZ port ?



  • 4.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 07, 2014 02:03 PM

    You can create another vSwitch and associate some physical NICs to this vSwitch, connect the physical NICs to the DMZ physical switch, create a Port Group on the new vSwitch and bind the virtual network interface of VM to this new Port Group.



  • 5.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 07, 2014 04:35 PM

    that is where I was going, so do what Richard said to do.

    I would have 2 NICs for main traffic and 2 NICs for my DMZ. you should have 2 switches, vSwitch0 and the your DMZ switch.



  • 6.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 09, 2014 02:50 PM

    i did it,Now i have vSwitch0 and vSwitch1.

    Now the problem that my DMZ (port group) shown on vSwitch0,and my DMZ port Going to vswitch1 !

    how can i move it to Vswitch 1 ?



  • 7.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 09, 2014 02:51 PM

    i did it,Now i have vSwitch0 and vSwitch1.

    Now the problem that my DMZ (port group) shown on vSwitch0,and my DMZ port Going to vswitch1 !

    how can i move it to Vswitch 1 ?



  • 8.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 09, 2014 02:56 PM

    Simply create a new DMZ port group on vSwitch1 (unless there's already one) and reconfigure the VM's which are currently connected to the DMZ port group on vSwitch0 to use the new DMZ port group on vSwitch1. Once all VM's are reconfigured you may delete the old DMZ port group on vSwitch0.


    André



  • 9.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 10, 2014 03:01 PM

    i did it but i did not get any  ip address.

    on my sbox the configuration are  :

    ip address 192.168.1.1

    subnet:255.255.255.0

    And the dhcp server is enable.

    so what ip address should i configure on vSwitch1 ?

    thanks.



  • 10.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 10, 2014 04:29 PM

    A virtual machine port group itself doesn't have an IP address. Only the connected VM's need one. If the VM's don't receive a DHCP lease from the connected DHCP server, then there's got to be another reason for this.

    Please post a screenshot of how your current virtual network setup (i.e. Configuration -> Networking) looks like.

    André



  • 11.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 10, 2014 05:41 PM

    Please see my screenshot.



  • 12.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 10, 2014 05:58 PM

    vSwitch0: You can delete the "DMZ" port group from the vSwitch's "Properties ..."

    vSwitch0: Why did you set VLAN-ID 4095 for the "Management Network" port group?

    vSwitch1: What's the purpose of the "DMZ PORT" VMkernel port group? All you need on vSwitch1 is your Virtual Machine "DMZ PORT GROUP" and vmnic3 connected to the DMZ router.

    André



  • 13.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 11, 2014 11:24 AM

    vSwitch0: You can delete the "DMZ" port group from the vSwitch's "Properties ...

    Done.Please See My New Screenshot.

    vSwitch0: Why did you set VLAN-ID 4095 for the "Management Network" port group?

    I Dont remmber That I did it. it is not the Defualt Settings?

    vSwitch1: What's the purpose of the "DMZ PORT" VMkernel port group? All you need on vSwitch1 is your Virtual Machine "DMZ PORT GROUP" and vmnic3

    connected to the DMZ route

    DMZ PORT Its Done For test.Should i Delete it ?

    So How Can i DO This "All you need on vSwitch1 is your Virtual Machine "DMZ PORT GROUP"

    vmnic3 Are already connected to the DMZ router.

    Thanks,Guy.



  • 14.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 11, 2014 11:36 AM

    VLAN ID 4095 is used in cases where it is required to pass the network traffic directly to the target, i.e. including the VLAN in the header. Assuming that you do not use VLANs, you may want to set the VLAN ID for the Management Network to "(none)" which is the default.

    Unless the ESXi host itself needs to communicate with the DMZ you should delete the VMkernel port group and only keep the Virtual Machine Port Group - to which you connect the VMs - on vSwitch1.

    André



  • 15.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 11, 2014 06:22 PM

    Thanks a lot now it finally working !

    Now I want to add HP managed switch

    How it fits into this network?

    I have  2 Vlan on My Switch ?

    I Have Number of questions:

    Where To  Connect My HP Switch ?  To SBOX Router  Lan Port ? Or to one of my Nic on the server ?



  • 16.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 11, 2014 06:43 PM

    you connect your HP switch to the SBOX router and your Server to the HP switch.

    now for you DMZ connection, it depends on how many public IPs your SBOX can support.

    if your SBOX can support and many public IP, then I would suggest connecting your SBOX DMZ port to the HP switch using a different VLAN.

    other wise don't change it keep the DMZ port connected to the server.

    another option is to run your own router/firewall, this depends highly on your isp setup and if you can do this

    me I had DSL a few years ago and ran my own cisco DSL (2611XM) router and then a Cisco PIX (515E) firewall for my firewall. 



  • 17.  RE: how to configure dmz port to Virtual machine on esxi 5

    Posted Aug 10, 2014 04:52 PM

    typical consumer routers, the DMZ port is for one IP address and of course i needs to be static assigned. i guess is that you will only be able to use one VM on the DMZ port.