Is this possible?

blop · ‎10-15-2007

Hi,

I have on a small network i administer physical pcs running smoothwall / an ftp server / web server. I was wondering if i could consolidate them all on to a single pc running a VM product. Ideally i would like the smoothwall VM to act as a firewall for the other VMs on the system and as a firewall for the other physical pcs on the network. I was hoping i could cut power and space requirements...wondered what you thoughts are.

many thanks

Liz · ‎10-15-2007

sure you can. Although you would need to check licensing for the vmware product you choose if others are to connect to the servers you run.

Workstation comes with it, but you can also download a converter tool which converts a physical machine to virtual - used to be called p2v now called converter.

continuum · ‎10-15-2007

Yes - you can do this

________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

rsa911 · ‎10-15-2007

Hi there,

your scenario is 100% feasible with Vmware, it's pretty common

homever I would do it with Vmware Server, not Workstation and best of all: the server version is free !

no problem running the firewall as guest VM

blop · ‎10-15-2007

Thanks for the replies...

Is the host OS a liability though in terms of secruity....is there a possibility that it will undermine the secruity implemented by the firewall VM. As my line of thinking makes me think the actuall network traffic hits the physical PC / Host OS first before handing it on to any VMs. So a hack / vunerability on to the host OS could circumvent my firewall VM.

rsa911 · ‎10-15-2007

as my line of thinking makes me think the actuall network traffic hits the physical PC / Host OS first before handing it on to any VMs.

you can completely disable the IP stack from the host I/F connected to the internet ( or to the lan i/f of a router connected to the internet), so the IP traffic will only flow between the internet and your firewall VM

you would use bridged mode

blop · ‎10-15-2007

i see....just to confuse matters further...

say i directed all traffic to the VM firewall...would it be possible for the physical / host OS to use the VM firewall as its gateway so it would be able to recieve updates and itself hit the internet.

rsa911 · ‎10-15-2007

sure, no problem, make sure your host has at least two nics, one nic is facing the internet (or the next device before the internet), disable the ip stack from this i/f

on the internal I/f of your host, define an ip address and use your firewall VM IP as the default gateway

assign two nics to your firewall VM: one bridged to the host "internet" nic and another one bridged to the host "lan i/f"

blop · ‎10-15-2007

the possibilities seem endless even with my convulted setup plan it seems VM will do exacly what i want...

so which product is best for what i envisage?

rsa911 · ‎10-15-2007

I would do it with the free VmWare Server product, I see no interest in doing it with workstation for your planned setup

pick a host O/S from the supported O/S list to ensure maximum stability and ease of setup / maintenance

Liz · ‎10-15-2007

The risk is minimal to the host machines if you make sure few a set of services running on it as possible, as well as if you can use a host based firewall and let a few a set of ports through as possible even better.

rsa911 · ‎10-15-2007

Yep you're right, but since the OP wanted to run his firewall inside a VM, I proposed him a workable solution

personally, I prefer to use hardware firewall appliances and only use the O/S firewall for basic filtering and preventing unauthorized internal users from accessing the vmware host itself

there's so many combinations...

All

Is this possible?