Aruba & ProVision-based
1748268 Members
3725 Online
108760 Solutions
New Discussion

Re: VLAN Gateway/Static Route

 
SOLVED
Go to solution
colly72
Occasional Advisor

VLAN Gateway/Static Route

OK, so I have a Hyper-V 2012 R2 host, which is connected (via converged fabric with 8 Teamed NICs) to my HP5500 HI IRF core switches. The VMs on the host are in their own VLAN (VLAN 70), which using inter vlan routing on the core, works perfectly. They get their IPs from the DHCP server where required and can access the internet, via our Sophos UTM (which is the default gateway of the core stack).

I now have a requirement to create a DMZ and have a new VM on the host connected to it. I then want the Sophos UTM to do the firewall rules to allow /restrict access.

My question is, how do I go about it? I thought I could create a new Virtual switch, then bind two NICs to it, then use that virtual switch for the new VM. How though, do I get it to use the UTM as the router and not the core switch?

Any help gratefully received.

3 REPLIES 3
16again
Respected Contributor

Re: VLAN Gateway/Static Route

On switch, add a VLAN for DMZ.  On switch aggregated interface towards HyperV , add this VLAN tagged.  On HyperV, configure guest VM to use this DMZ VLAN.  (Enable virtual lan identification checkbox, and specify VLAN number below it)

colly72
Occasional Advisor

Re: VLAN Gateway/Static Route

I've already done that, but the VLAN is still using the core switch as it's router.  I want the VLAN to have the Sophos UTM as it's default gateway, so I can use it all allow/deny traffic between the DMZ/LAN.  All my other VLANs should have the core switch as the default gateway.

Do I need to use policy based routing for this?  Can anyone give me an example config?

16again
Respected Contributor
Solution

Re: VLAN Gateway/Static Route

Simply configure the default gateway on the HyperV guests, or alter DHCP settings, so Sophos IP is used.
If core switch isn't involved in routing DMZ packets ,  get rid of the core layer3 interface in the DMZ.