Solved: Firewall VPN, VMs and VLANs

Chinabee · ‎02-13-2012

This is just a simple example to help me understand.

Let's sayi in my data center, I have a simply setup with 1 firewall (LAN port) connected to 1 physical server' data network port. The server has two network ports, 1 data and 1 management.

3 branch offices are connected to this firewall's WAN port via VPN, and each office is on a separate subnet. The firewall is capable to creating VLANs obviously. For example, I can direct traffic from Office 1 to go to VLAN 1 which is on Port 1 of the firewall.

The requirement is that each office wants their own VMs. The VMs for one office are not allowed to talk to other VMs for other offices.

How can I set it up? How would I direct traffic from Office 1 to go to VLAN1 where VMs for Office 1 would also live, and then do the same for Office 2 & 3? Would I need 3 more network ports (one for each office) on the physical server to accomplish this or could I use "vSwitch' function?

Sreejesh_D · ‎02-13-2012

No need of additional network cards. we can build the setup with the existing cards.

1. create 3 VLANs (eg: 11,12 and 13) for each offices.

2. Configure the physical switch/firewall port which is connected to the servers Data network port in TRUNK mode. Its for allowing traffic from all the VLANs.

3. create 3 portgroups in vswitch (eg: office 1, office 2 and office 3)

4. Map the VLANs to each portgroups.

VLAN 11 -> office1

VLAN 12 -> office2

VLAN 13 -> office3

5. Connect the VMs to their respective portgroups.

View solution in original post

Sreejesh_D · ‎02-13-2012