My virtual firewall
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

My virtual firewall

  • 1,708 views
Uploaded on

using the previously described vsphere lab, I created a dedicated ipcop firewall as a virtual machine to secure my home networks.

using the previously described vsphere lab, I created a dedicated ipcop firewall as a virtual machine to secure my home networks.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,708
On Slideshare
1,708
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
13
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. My Virtual Firewallby Brian Drew
    Last time I shared my home vSphere environment that I use to test and train on. I got a lot of positive feedback and wanted to follow up with my virtual firewall configuration.
    Prior to implementation I had a Comcast cable modem and Windows firewall on each PC. That was the extent of it and I knew better. I needed something stronger.
  • 2. Overview
    Before and After
    Physical and Logical Components
    Next Steps
    Agenda
    As always the information contained within is not meant to be an exhaustive how-to manual but rather represent what I used to build a secure network using my virtual lab.
    I used IPCOP, an Open Source solution, on a virtual machine. The only “stickler” is the network config but that is easy too. The end-result is a decent, dedicated firewall and a little extra learning to boot.
  • 3. I feel good about the IPCOP solution. I might give Microsoft Forefront Threat Management Gateway a try when I get some free time but for now I’m satisfied.
    I thought it worth showing before and after pics to get the overall jist of things.
    This is the BEFORE…..
    Overview
  • 4. After - Physical
    By using that 3rd NIC in each HP ProliantMicroServer I was able to create the required environment.
    Caveat – notice the un-used on-board NIC on the other ESXi host.
  • 5. In vSphere the networking looks like this on both hosts. I did not use vDS this first time around.
    Notice the ipcop VM is on 2 virtual switches
    The corresponding physical connections are then made
    After - logical
  • 6. The ipcop server is set as the default gateway now for all devices on that LAN segment.
    All packets must go through the firewall inbound and outbound.
    Security is now up to the configuration of ipcop.
    To me that is a LOT better than having individual firewalls on each and virtual machine.
    Make sure to turn them all off if you go this route.
    You still need anti-virus.
    It’s beautiful
  • 7. Go through icop documents and button things up if desired
    Other services that can be enabled include DHCP, NTP and Intrusion Detection – all are already “in the box” waiting to be enabled.
    I use all the services now – point ESXi servers at it for NTP. The Intrusion Detection is particularly interesting.
    Back to that unused network port. Regretfully, since I don’t have sophisticated equipment at home, when a ESXi host failure occurs, I need to move the cross-over cable to the other, live ESXi host. Everything else will take care of itself.
    THE END
    Next Steps