Physical firewall for VMWare networks

2017-09-30

Introduction

Sometimes you need to figure out some weird configurations. In this post I will try and justify the joy of VLANs in the following setup.

I want to have a perimeter network with my proxy server, and my application servers on a secured network. I also want to use a physical firewall outside my VMWare environment, which is the odd bird in this cage.

Normally, I would be setting up a pfSense in a virtual machine, which is easy enough and would have saved me quite some headaches. But now I want to use my physical box, the APU2C4, as firewall, so I have to share the network card on my VM Host system.

This setup is classic and simple. No magic, but since we only have one network interface on the VMWare host, you will need to use some tricks to make this happen.

I created two networks, kmg-perimeter with VLAN id 90 and kmg-secure with VLAN id 91. These are both connected to the same network card (the one and only NIC on the VM host).

On the firewall, I set up two VLAN interfaces with the corresponding VLAN id tagging on the same interface. Physically, I connected the NIC on the firewall to the NIC on the Intel NUC.

From here on, you are good to go. You pretend that you have two networks, which are firewalled just as you would normally do it if you had multiple physical network cards on your VMWare server.

As an example, I add one more VLAN interface, which I will call DEMONETWORK.

That's it!