VMware Cloud Community
itbegary
Contributor
Contributor
‎10-15-2009 12:44 PM

VMWare and VLAN w/virtual firewall

As the subject states, we have 3 physical servers, one of which has a firewall. We would like to create some vlan zones for some of the virtual servers. Here is what we currently have:

Each server has:

vlan a: 0

vlan b: 1

vlan c: 2

vlan d: 3

Now, with that said, is there an easy was for the firewall on vlan a to be able to handle all traffic for all vlans? I know I can add the other vlans to the firewall as virtual interfaces but for testing, we will be adding lots of interfaces to this. So, I don't what to have to reboot the firewall each time we add an interface to it. I understand the concept of vlans from a switch perspective, but I just don't know how to tie it all together.

Unfortunately, these boxes are hosted offsite and we only have the 6u's of space where they are, otherwise we would opt for a real firewall. The switch connecting them does support vlans, if that helps (it's a cheaper web based switch).

Note, this is a development environment as I know most will say "Don't do this for mission critical stuff."

Message was edited by: itbegary

0 Kudos
2 Replies
itbegary
Contributor
Contributor
‎10-22-2009 07:28 AM

The short fix, since we wanted to keep all of these seperate, was to create a virtual firewall for each VLAN. This is working well for the most part. Each VLAN firewall has its VLAN nic and a secondary nic on the primary LAN and we're just using a simple Linux firewall with ip forwarding (plus it's own isolation rules).

I have another post regarding performance, but it on a primary LAN independent on all of this.

0 Kudos
AntonVZhbankov
Immortal
Immortal
‎10-22-2009 02:13 PM

vShield supports VLANs, so not a problem.


---

MCSA, MCTS, VCP, VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
0 Kudos