NG Firewall Virtual Appliance on VMware

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search

NG Firewall can be installed as a virtual appliance in VMware for use in production environments or for learning and demonstration purposes.

Getting Started

Requirements:

  1. VMware ESX server version 6.5.0 Update 3 or newer
  2. One virtual NIC and vSwitch per NG Firewall Interface

Download the NG Firewall installer

 1. Log into your Edge Threat Management account.
 2. Click GET STARTED > Software Downloads at the top right-hand corner.
 3. Download either version of the installer. Note that both options install the same software, however the "Serial" version uses only a command-line interface.

Deploy image to ESX server

  • Open your VMware vSphere Client and login to your server.
  • Create a new virtual machine and point the CD-Rom to the NG Firewall ISO image.
  • Configure the CPU and RAM per the Hardware Requirements guidelines.
  • In the “Ready to Complete” screen, verify that everything looks OK and click “Finish”

Configure Physical NIC to vSwitch mappings

  • Setup/confirm your vSwitch Settings. Click on the ESX host, then select “Configuration" tab and "Hardware -> Networking”
vCenter Hardware->Networking
vCenter Hardware->Networking
  • It is best practice to place your “Management Network “ is on a own vSwitch. (This is not a Must but if you can make sure that NG Firewall does not exist on the same vSwitch as any Management Interface)
  • On the vSwitches that NG Firewall will connect to activate “promiscuous mode” click on “Properties…”
  • Ensure that Promiscuous has status “Accept” otherwise hit "Edit" and go to the “Security “ Tab and change “Reject” to “Accept”. You will need to do this on all vSwitches that NG Firewall Virtual Machine connects to!
vCenter vSwitch Properties2
vCenter vSwitch Properties2

Configure the Virtual Machine for your Network

  • Right click on the new Virtual Machine and select “Edit Settings”.
vCenter Edit Settings
vCenter Edit Settings
  • You will need to add new virtual NICs and connect them to the appropriate vSwitches. Warning! Two Bridged Interfaces to the same vSwitch will crash your ESX server. Each NG Firewall NIC should be connected to its own vSwitch. Each vSwitch should be connected to it's own Physical NIC, or at least be separated by VLAN tagging at the physical NIC level.
  • In this example, you can see that the new NICs are connected to different vSwitches labeled LAN and DMZ.
vCenter VM properties
vCenter VM properties
  • Under “Options”->“VMware Tools” make sure to check the “Synchronize guest time with host” and click "OK"
vCenter VM properties/tools options
vCenter VM properties/tools options
Retrieved from "https://wiki.edge.arista.com/index.php?title=NG_Firewall_Virtual_Appliance_on_VMware&oldid=28690"