VMWare + Transparent Mode/Bridge Mode + DMZ

Yes, sorry. I am new to the board and still learning. My apologies.

So I have 3 Virtual NICS configured for the guest in VMWare.

1st is for the Local LAN IP

The 2nd and 3rd are bridged together for the external.

It's working in bridge mode but I am unsure how I can move it into a DMZ.

Here is a screenshot of my sophos interfaces:

And here is my vmware:

Do I just configure the external IP for the DMZ network?

Right now it's on the same subnet as the Local Lan.

Ray,

there is something strange. I mean, to configure UTM in bridge mode, only 2 vnics are required and both vnic shoud belong to different vswitch in vmware (in promiscous mode). A third vnic is required for DMZ and from your vmware, DMZ vswitch does not have a physical nic associated.

Hello and thank you for your response.

Yes, I understand what you are saying.

I have configured other virtual machines for DMZ while using 1-2 NICS.

However, the Sophos installation/configuration would not allow me to bridge the nic card with just 2 NICS (internal and then the WAN).

The documentation that I followed started 3 nics were needed (Internal, WAN and the 3rd for Bridging).

Sophos Interface configuration would not allow me to create the bridge without a adding 2 NICS together to form the bridge.

Here is the documentation I followed:

http://fastvue.co/sophos/blog/easily-evaluate-sophos-utm-9-3-using-full-transparent-mode/

As for the Vswitch, I am using pfSense (as a virtual guest).

The DMZ Vswitch is virtual.

Here is a quick synopsis of how it is configured:

https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5

Do you have an applicable How To for Sophos Transparent/Brige and DMZ configuration?

Ray,

during the wizard it is possible to configure UTM as bridge and only 2 nics are required. The other option is to convert the current configuration into bridge mode. In the configuration you are using at the moment, you have 2 different subnet and you are adding a third one (DMZ).

You said DMZ is managed by pfSense, I do not understand. For the DMZ, you have to create a DMZ vSwitch and add a physical NIC, then connect that nic to your DMZ switch or a VLAN.

Maybe a network map could help us to understand what you are trying to achieve.

I tried multiple times (with multiple re installations) to configure UTM for bridge mode. And with no success.

The 1st Internal LAN IP is easy.

The second IP configuration (for the WAN) asks for IP (Static or Dynamic).

If I entered the Static WAN IP, it took down my network.

If I entered dynamic IP, well the IP would constantly change and this caused a problem with EndPoint Management not working after awhile.

FYI: I have static IP's from my ISP.

Also, the sophos live connect would error out. Giving it a static IP from within the DHCP scope solved this problem but the UTM was not in Transparent/Bridge Mode.

So if there is a way to configure this, I would love to see a How To or some sort of documentation.

Because it just did not work.

There are 2 Networks

1) LAN - 192.168.1.0/24

2) DMZ - 192.168.2.0/24

The WAN is where pfSense must be configure in VMWare in order to "communiate" to the WAN connection and the Network.

Here is an updated capture without pfSense being blurred out.

These networks have also been defined on the pfSense router as well.

Yes, pfSense is managing the DMZ connection via the Vswitch in VMWare ESXI.

You can see that from the screen shot above. Even though there is no physical nic attached to it, pfsense is managing the connection as the server has 2 NIC cards attached. It works because I have a couple devices in the DMZ running just fine (192.168.2.0/24 network). A physical Network card for the DMZ is not needed.

Hello and good evening.

Just wondering if anyone had any insight into this?

Hello and good evening.

Just wondering if anyone had any insight into this?