VMware vSphere

 View Only

  • 1.  How to isolate a vm from the external network

    Posted Jun 17, 2014 07:03 PM

    Hi everyone,

    I have a lab setup and I would like to know if there was a way in vCenter to stop a VM from accessing other computer in my small network, but to be able to connect to the internet. For example, I have a VM running a file server, that VM should be reached form the internet, but it anybody using that VM should be able to access the other computers on the network. I have attached a diagram to show my example.

    I thought about writing Firewall rules on the Network firewall to isolate the IP address for that VM, BUT I was wondering if there is a way to do that in vCenter so that I don't have to make modifications to my home firewall.

    Thank you



  • 2.  RE: How to isolate a vm from the external network

    Posted Jun 18, 2014 03:16 AM

    Hi

    I can see that your VMs are in subnet 192.168.1.0/24 (.201-.254) and other PC on network are in same subnet (.2-.200).

    Some options that I can think:

    1. PVLAN

    Configure Private VLAN on your dvSwitch.

    Requires dvSwitch + Private VLAN-Aware Physical Switch

    2. Configure Firewall Rules on your Internet Modem (if available)

    3. Configure Traffic Filtering on dvSwitch.

    vSphere 5.5 Documentation Center - Traffic Filtering and Marking Policy

    Requires dvSwitch 5.5

    See also this blog post: Virtualization The Future: Traffic Filtering and DSCP Marking in vSphere 5.5

    If you prefer to configure on vCenter (on vSwitch), then you can use option 3.