VMware vSphere

Hi.

I'm trying to deploy a firewall appliance base on ISA server or Untangle on a VM machine.

Assuming that my ESXi server has only one physical network adapeter, the question is:

because every (physical) firewall appliance has at least two NICs : one connected to the internal network and the other to the external network (tipically the internet router ) wich is the best way to deploy it?

In other words: assumed that the internal (virtual) NIC is directly connected to the vSphere standard switch ant than - by means the only physical network adapter - to the physical network , the other (virtual) NIC  of the appliance - the external network - how it's connected to the router?

Wich is the best and efficient way to do this?

Attached to this post is the network layout that I've supposed.

Is it the correct one? Are there other more efficient solutions?

Thanks in advance.

Can you use VLAN's? If yes, the problem solved.

Check out this vid: Configuring a Virtual Router on the VMware Hypervisor 

Sorry, but i don't even well understood.

1) I can create two VLAN on the virtual switch

2) I can connect the internal interface (i.e. 192.168.200.1) of my virtual firewall appliance on VLAN1 and the external interface (i.e. 172.16.200.10) on VLAN2

3) At this point I must connect the only phisical NIC installed on my ESXi host to a physical switch

4) Than I connect all my internal PC (on the same subnet of the internal interface of virtual firewall: 192.168.200.xxx) and the internet router (172.16.200.254) to the same physical switch: all like the attached layout.

Is this the configuration that you suggest or are there some modification to reach best performances?

Thanks to everyone that can help me.

m4biz ha scritto:

Sorry, but i don't even well understood.

1) I can create two VLAN on the virtual switch

2) I can connect the internal interface (i.e. 192.168.200.1) of my virtual firewall appliance on VLAN1 and the external interface (i.e. 172.16.200.10) on VLAN2

3) At this point I must connect the only phisical NIC installed on my ESXi host to a physical switch

4) Than I connect all my internal PC (on the same subnet of the internal interface of virtual firewall: 192.168.200.xxx) and the internet router (172.16.200.254) to the same physical switch: all like the attached layout.

Is this the configuration that you suggest or are there some modification to reach best performances?

Thanks to everyone that can help me.

The VLan in the virtual switch is ok, but you must have configured the trunk also on the physical switch. by the provider who uses it seems that you are Italian, if we want to continue on http://communities.vmware.com/community/vmtn/vmug/forums/emea/italy

as says unsichtbare, you can create 2 port group in the same virtual switch but with different VLan tipically one for DMZ and one for LAN.

if you don't have any possibility of use VLan you can use ISA with one leg but you will a limited funcionality.

Come on, get real, you want to do firewall (one of the MAIN parts of the network) on a shoestring budget?

Seb

Virtual firewall is a perfectly viable alternative for any enterprise. Ask Vyatta.

After all, why would you ignore the advantages of virtualization for firewall/routing appliances.

Absolutely right!

You just use it on proper hardware with proper slit of physical NICs (so you do not save money on THAT part)

Seb