LingQin
Contributor
Contributor

T1 firewall proctecting physical server

Jump to solution

Is there a way that i can leverage T1 SR firewall  to protect my physical server? for instance, L2 bridge physical server to my VDS, then physical server can be protected by T1 FW? or other way around?

0 Kudos
1 Solution

Accepted Solutions
mauricioamorim
VMware Employee
VMware Employee

I didn't quite get your specific doubt, but lets say you have an overlay segment on network 192.168.1.0/24 connected to T1-A with IP 192.168.1.1 as default gateway.

Now you have a physical server on VLAN 10 on subnet 192.168.10.0/24 whose default gateway is 192.168.10.1. You can configure T1-A to be the default gateway of VLAN 10 with the following steps:

1) create a new segment on a VLAN transport zone that is available on the edge nodes and configure it with VLAN 10;

2) edit your T1-A gateway and add a Service Interface;

3) configure this interface with 192.168.10.1/24 IP address and connect it to the segment created on step 1.

With this you have a T1 that on one interface is default gateway of the overlay segment and on the other is the default gateway of VLAN 10.

Now all you have to do is configure gateway firewall rules so that VLAN 10 can only access what you want.

View solution in original post

0 Kudos
4 Replies
mauricioamorim
VMware Employee
VMware Employee

If the physical server VLAN is a separate subnet you can configure a T1 router with a gateway firewall and be the default gateway of a VLAN using a Service Interface.

If the physical server is in the same subnet as an overlay segment you need to bridge and can configure a firewall on the bridge.

0 Kudos
LingQin
Contributor
Contributor

My physical server is on different vlan with my overlay VMs. creating the physical server gateway on T1 DR and enable the FW on T1 SR is straightforward. My question is how to assoticate the physical server vlan with its gateway on T1 DR?

0 Kudos
mauricioamorim
VMware Employee
VMware Employee

I didn't quite get your specific doubt, but lets say you have an overlay segment on network 192.168.1.0/24 connected to T1-A with IP 192.168.1.1 as default gateway.

Now you have a physical server on VLAN 10 on subnet 192.168.10.0/24 whose default gateway is 192.168.10.1. You can configure T1-A to be the default gateway of VLAN 10 with the following steps:

1) create a new segment on a VLAN transport zone that is available on the edge nodes and configure it with VLAN 10;

2) edit your T1-A gateway and add a Service Interface;

3) configure this interface with 192.168.10.1/24 IP address and connect it to the segment created on step 1.

With this you have a T1 that on one interface is default gateway of the overlay segment and on the other is the default gateway of VLAN 10.

Now all you have to do is configure gateway firewall rules so that VLAN 10 can only access what you want.

View solution in original post

0 Kudos
LingQin
Contributor
Contributor

Many thanks

0 Kudos