How to isolate a vm from the external network

jcf0587 · ‎06-17-2014

Hi everyone,

I have a lab setup and I would like to know if there was a way in vCenter to stop a VM from accessing other computer in my small network, but to be able to connect to the internet. For example, I have a VM running a file server, that VM should be reached form the internet, but it anybody using that VM should be able to access the other computers on the network. I have attached a diagram to show my example.

I thought about writing Firewall rules on the Network firewall to isolate the IP address for that VM, BUT I was wondering if there is a way to do that in vCenter so that I don't have to make modifications to my home firewall.

Thank you

bayupw · ‎06-17-2014

Hi

I can see that your VMs are in subnet 192.168.1.0/24 (.201-.254) and other PC on network are in same subnet (.2-.200).

Some options that I can think:

1. PVLAN

Configure Private VLAN on your dvSwitch.

Requires dvSwitch + Private VLAN-Aware Physical Switch

2. Configure Firewall Rules on your Internet Modem (if available)

3. Configure Traffic Filtering on dvSwitch.

vSphere 5.5 Documentation Center - Traffic Filtering and Marking Policy

Requires dvSwitch 5.5

See also this blog post: Virtualization The Future: Traffic Filtering and DSCP Marking in vSphere 5.5

If you prefer to configure on vCenter (on vSwitch), then you can use option 3.

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

All

How to isolate a vm from the external network