I am unable to get internet traffic through the UTM.

Ryan Miller said:

....The internal interface is on a different subnet than the internal interface.

Can you please explain this sentence a little bit. A network diagram would be also useful.

You are misconfigured:

In your scenario the netgear has to be treated like it is the wan device not a router as far as what the UTM sees.  

1. external is fine

2. disconnect the netgear from the switch.

3.  what is the third connection for?  

3. All other server traffic (non-vm)

I had disconnected the router from the switch but nothing changed.

If you look at my OP I explain my current setup which is what the diagram is for.

I can make additional diagrams for the other configurations I have tried.

William Warren said:

You are misconfigured:

In your scenario the netgear has to be treated like it is the wan device not a router as far as what the UTM sees.  

1. external is fine

2. disconnect the netgear from the switch.

3.  what is the third connection for?  

then you have something misconfigured either inside the utm OR the vmware switch.  I do not know vmware well so it is going to be up to somebody who knows vmware well...

I suspect the VM also. I have vmnet2 and vmnet3 configured as bridged with the corresponding internal and external interface selected from my Intel quad port gigabit NIC.

Both virtual interface IP's are static but the physical interface is DHCP. My lingering question is - how is the physical interface supposed to be configured?

It appears that you have two NICs connected to the same ethernet segment. What were you trying to accomplish with that? Is there a reason why you don't replace the Netgear with your UTM?

Cheers - Bob

I do not want to replace the Netgear with the UTM virtualized in VMware because of the security risks with VMware. I plan on reinstalling the UTM on standalone hardware and removing the Netgear.

Perhaps I am misunderstanding your use of segment but the internal port is plugged into a 16 port switch and the external port is plugged into the firewall (albeit it is also a switch but is physically and logically separate)

I do not want to replace the Netgear with the UTM virtualized in VMware because of the security risks with VMware. I plan on reinstalling the UTM on standalone hardware and removing the Netgear.

Perhaps I am misunderstanding your use of segment but the internal port is plugged into a 16 port switch and the external port is plugged into the firewall (albeit it is also a switch but is physically and logically separate)

what security risks?  The utm itself is not perfect.  I run hyper-v with UTM virtualized with it on the front lines.  VMWare is not a huge risk if you have it properly configured and you keep it updated(like any other software).  double-natting like this only causes other headaches(like you are experiencing now).

I'm using Wokstation 10 and security is an issue because it is not regularly updated.

I would love to use hyper-v but I'm running Essentials 2012 R2 and is only licensed for an instance of Essentials 2012 R2. I have considered upgrading to Standard but I will lose the media server functionality, so standalone hardware it is. I already have a case, psu, and ram, so the only items I need to purchase is a mobo and cpu.

I kept bringing up double nating as a potential issue in Spiceworks for WAN connectivity and throughput but most people down played the potential or ignored it. I did plug into my modem with the external interface configured with my static IP but I still couldn't get any data through from a client. I was successful in doing a traceroute and ping through the external interface.

Regardless of licensing I'm giving hyper-v a go and so far so good. There were some irregularities when it came to updating the UTM software on Workstation 10 that have not happened with hyper-v.

Switching to hyper-v did the trick! I have the UTM running DHCP and clients have connectivity after releasing and renewing the NIC IP. I am still going through the Netgear for my external interface so I will conduct further testing to see what double nating will break and I have removed the connection between the router and switch so everything runs through my server.