My Virtual Firewallby Brian Drew<br />Last time I shared my home vSphere environment that I use to test and train on. I go...
Overview<br />Before and After<br />Physical and Logical Components<br />Next Steps<br />Agenda		<br />As always the infor...
I feel good about the IPCOP solution. I might give Microsoft Forefront  Threat Management Gateway a try when I get some fr...
After - Physical<br />By using that 3rd NIC in each HP ProliantMicroServer I was able to create the required environment.<...
In vSphere the networking looks like this on both hosts. I did not use vDS this first time around. <br />Notice the ipcop ...
The ipcop server is set as the default gateway now for all devices on that LAN segment. <br />All packets must go through ...
Go through icop documents and button things up if desired<br />Other services that can be enabled include DHCP, NTP and In...
Upcoming SlideShare
Loading in …5
×

My virtual firewall

1,542 views
1,429 views

Published on

using the previously described vsphere lab, I created a dedicated ipcop firewall as a virtual machine to secure my home networks.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,542
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

My virtual firewall

  1. 1. My Virtual Firewallby Brian Drew<br />Last time I shared my home vSphere environment that I use to test and train on. I got a lot of positive feedback and wanted to follow up with my virtual firewall configuration. <br />Prior to implementation I had a Comcast cable modem and Windows firewall on each PC. That was the extent of it and I knew better. I needed something stronger. <br />
  2. 2. Overview<br />Before and After<br />Physical and Logical Components<br />Next Steps<br />Agenda <br />As always the information contained within is not meant to be an exhaustive how-to manual but rather represent what I used to build a secure network using my virtual lab. <br />I used IPCOP, an Open Source solution, on a virtual machine. The only “stickler” is the network config but that is easy too. The end-result is a decent, dedicated firewall and a little extra learning to boot. <br />
  3. 3. I feel good about the IPCOP solution. I might give Microsoft Forefront Threat Management Gateway a try when I get some free time but for now I’m satisfied. <br />I thought it worth showing before and after pics to get the overall jist of things. <br />This is the BEFORE…..<br />Overview<br />
  4. 4. After - Physical<br />By using that 3rd NIC in each HP ProliantMicroServer I was able to create the required environment.<br />Caveat – notice the un-used on-board NIC on the other ESXi host. <br />
  5. 5. In vSphere the networking looks like this on both hosts. I did not use vDS this first time around. <br />Notice the ipcop VM is on 2 virtual switches<br />The corresponding physical connections are then made<br />After - logical<br />
  6. 6. The ipcop server is set as the default gateway now for all devices on that LAN segment. <br />All packets must go through the firewall inbound and outbound. <br />Security is now up to the configuration of ipcop.<br />To me that is a LOT better than having individual firewalls on each and virtual machine. <br />Make sure to turn them all off if you go this route. <br />You still need anti-virus.<br />It’s beautiful <br />
  7. 7. Go through icop documents and button things up if desired<br />Other services that can be enabled include DHCP, NTP and Intrusion Detection – all are already “in the box” waiting to be enabled. <br />I use all the services now – point ESXi servers at it for NTP. The Intrusion Detection is particularly interesting. <br />Back to that unused network port. Regretfully, since I don’t have sophisticated equipment at home, when a ESXi host failure occurs, I need to move the cross-over cable to the other, live ESXi host. Everything else will take care of itself. <br />THE END<br />Next Steps <br />

×