VLAN Gateway/Static Route

colly72 · ‎03-04-2016

OK, so I have a Hyper-V 2012 R2 host, which is connected (via converged fabric with 8 Teamed NICs) to my HP5500 HI IRF core switches. The VMs on the host are in their own VLAN (VLAN 70), which using inter vlan routing on the core, works perfectly. They get their IPs from the DHCP server where required and can access the internet, via our Sophos UTM (which is the default gateway of the core stack).

I now have a requirement to create a DMZ and have a new VM on the host connected to it. I then want the Sophos UTM to do the firewall rules to allow /restrict access.

My question is, how do I go about it? I thought I could create a new Virtual switch, then bind two NICs to it, then use that virtual switch for the new VM. How though, do I get it to use the UTM as the router and not the core switch?

Any help gratefully received.

16again · ‎03-04-2016

On switch, add a VLAN for DMZ. On switch aggregated interface towards HyperV , add this VLAN tagged. On HyperV, configure guest VM to use this DMZ VLAN. (Enable virtual lan identification checkbox, and specify VLAN number below it)

colly72 · ‎03-07-2016

I've already done that, but the VLAN is still using the core switch as it's router. I want the VLAN to have the Sophos UTM as it's default gateway, so I can use it all allow/deny traffic between the DMZ/LAN. All my other VLANs should have the core switch as the default gateway.

Do I need to use policy based routing for this? Can anyone give me an example config?

16again · ‎03-07-2016

Simply configure the default gateway on the HyperV guests, or alter DHCP settings, so Sophos IP is used.
If core switch isn't involved in routing DMZ packets , get rid of the core layer3 interface in the DMZ.

VLAN Gateway/Static Route

VLAN Gateway/Static Route

Re: VLAN Gateway/Static Route

Re: VLAN Gateway/Static Route

Re: VLAN Gateway/Static Route

Hewlett Packard Enterprise International