ESX VLAN to SonicWALL DMZ

ESX VLAN to SonicWALL DMZ

By

Tony

,

August 9, 2016

I have an ESX server on my LAN and I want to connect it to the DMZ on my SonicWALL using a VLAN as the ESX server only has one network adaptor.

The SonicWALL is a TZ 205w which is connected to Fibre. This in itself was a challenge and is described in the post Connect SonicWALL TZ205w to Fibre ONT.

Prerequisites

The main prerequisite is that the SonicWALL must be running firmware 5.9 or greater, if a generation 5 applicance such as the TZ 205w or I believe 6.0 or greater for a generation 6 appliance.

Worth noting that I am running ESX v6, though I don’t think that matters as I am sure VLANs have been supported for quite a while in VMware.

Enabling a VLAN on ESX virtual machine

Open up the vSphere Client and select the root. From there select the configuration tab and click on the “Properties” link for your vSwitch:

vSphere Client

In the vSwitch properties, Select the “VM Network” port and click on the “Edit” button to set the VLAN ID to match your VLAN number, in my case “5” and potentially change the “Network Label” to something more meaning full like say “VLAN 5”:

vSwitch Properties

To give:

VLAN setting

Obviously you need to go back to your VM and set the network label to match:

VM settings

Enabling a VLAN setting on a SonicWALL DMZ

On the SonicWALL side of the equation we need to now create a “Virtual Interface”.

So login to the SonicWALL and select “Network | Interfaces” Virtual Interface Then set the following:
VLAN settings Note that the “Advanced” settings are all default. Obviously the “VLAN Tag” needs to match the “VLAN ID” used in ESX.

The “IP Address” is the address of the interface and is the “gateway” for the VLAN.

VM network settings

In the above example the “IP Address” of the interface is “192.168.204.1” and subnet “255.255.255.0” or “/24”. This means that for the virtual machine on this VLAN in order for it to connect outside the VLAN it should have an IP in the range 192.168.204.x with a “default gateway” of “192.168.204.1”. Remember you can change any of this to suit your requirements !