Wired Intelligent Edge

 View Only
  • 1.  VLAN Gateway/Static Route

    Posted Mar 04, 2016 09:45 AM

    OK, so I have a Hyper-V 2012 R2 host, which is connected (via converged fabric with 8 Teamed NICs) to my HP5500 HI IRF core switches. The VMs on the host are in their own VLAN (VLAN 70), which using inter vlan routing on the core, works perfectly. They get their IPs from the DHCP server where required and can access the internet, via our Sophos UTM (which is the default gateway of the core stack).

    I now have a requirement to create a DMZ and have a new VM on the host connected to it. I then want the Sophos UTM to do the firewall rules to allow /restrict access.

    My question is, how do I go about it? I thought I could create a new Virtual switch, then bind two NICs to it, then use that virtual switch for the new VM. How though, do I get it to use the UTM as the router and not the core switch?

    Any help gratefully received.


    #VLAN


  • 2.  RE: VLAN Gateway/Static Route

    Posted Mar 05, 2016 02:55 AM

    On switch, add a VLAN for DMZ.  On switch aggregated interface towards HyperV , add this VLAN tagged.  On HyperV, configure guest VM to use this DMZ VLAN.  (Enable virtual lan identification checkbox, and specify VLAN number below it)



  • 3.  RE: VLAN Gateway/Static Route

    Posted Mar 07, 2016 04:51 AM

    I've already done that, but the VLAN is still using the core switch as it's router.  I want the VLAN to have the Sophos UTM as it's default gateway, so I can use it all allow/deny traffic between the DMZ/LAN.  All my other VLANs should have the core switch as the default gateway.

    Do I need to use policy based routing for this?  Can anyone give me an example config?



  • 4.  RE: VLAN Gateway/Static Route

    Posted Mar 07, 2016 05:01 AM

    Simply configure the default gateway on the HyperV guests, or alter DHCP settings, so Sophos IP is used.
    If core switch isn't involved in routing DMZ packets ,  get rid of the core layer3 interface in the DMZ.