Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 5 subscribers
  • Views 7020 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Creating a server (v)lan

Bram Clamer

Hello,

For educational purposes I have installed Sophos UTM Home. For my job I don't have to really do things with networking stuff, so I already apologize in advance for if I ask some stupid questions ;) My questions might even go a bit beyond the main topic of this forum. I would really appreciate some help though. 

At this point I don't have any servers that really do anything and I have no data at all. I now have the following:

Physical:

Desktop 'server'/hypervisor running Server 2016 with Hyper-V. This physical server has 2 NIC's.

Virtual:

1. Firewall (Sophos UTM), with 2 virtual nic's (eth0 & eth1). 

2. Windows based server

3. Hyper-V switch connected to physical NIC1 (connected to internet)

4. Hyper-V switch connected to physical NIC2 (connected to the local network only)

I have no hardware switch that has VLAN-support. I do have a wireless access point that has VLAN-support, but I prefer not using VLAN's on that if I don't have to.

To be honest I have spent several days now to create a network for my servers. I need to be able to connect my clients to the servers. My client computers (windows 7 / mac / etc) need to have internet access.

Should I add a third ethernet adapter to my firewall (that is only for connection to the virtual servers), or should I solve this with VLAN's? Or do I need extra hardware (physical switch)?

I would really appreciate some help.



This thread was automatically locked due to age.
  • +1 in reply to Bram Clamer

    Think of the UTM as a router that routes traffic from one subnet to the other by means of different interfaces. If you do have two interfaces on the same subnet, you need to either bridge those interfaces or make a LAG.

    If you bridge two interfaces of the same type (both ethernet), you are basically creating sort of a switch. When you create a LAG you connect one (logical) device to the UTM using two network cables. This both increases total bandwidth of the connection and makes the connection redundant.

  • +1 in reply to Bram Clamer

    Is there a special reason that you want your server(s) in a different subnet as your clients and your about to purchase NAS?

    If not, then why not do it like this:

    1 physical NIC connected to the Internet connection. Make a Hyper-V virtual switch connected to this and also connect 1 UTM NIC to it (the WAN port). The other physical NIC connected to your switch (doesn't need VLAN) and also connect this NIC to a second Hyper-V virtual switch. You can then also connect your virtual servers and a second NIC in the UTM to this virtual switch to just connect all of those devices to the same physical subnet. You can then attach additional physical devices to the real switch to also connect those.

    Create something like the attached drawing

  • +1 in reply to apijnappels

    If you do want to separate your (virtual) servers from your physical clients then make it as the following drawing:

    Be sure though to have all three subnets (LAN, WAN, Servers) in different IP-subnets, like 172.16.10.0/24, 172.16.20.0/24 and whatever your ISP hands out as your WAN subnet. Of course you could also create other subnets as long as they are not overlapping and use RFC1918 addresses (private internet).

  • 0 in reply to apijnappels

    I'm a little careful saying this, but I think I've got it working now. Thank you, especially for the pictures, that was a great help!