vEffort

Physical efforts in virtualization and mobility

VMware Access Point Firewall Rule Generator

Hello Folks,

When deploying Virtual Desktop/Application remote access solutions you often need to engage with ‘The Firewall Guy’. This can often be a difficult conversation involving lots of questions such as “what?”, “from where?”, “to where?” and “why?”

To this end I have created a Access Point Firewall Rules Generator which you can download. You just need to plug in the parameters on the lookup tab and it will pre-populate the firewall rules for you. Other than the standard back end stuff which you (as the Virtual Desktop Consultant) should already know, the only things you need to ask the firewall guy for are:

  1. Access Point owned IP addresses in the DMZ
  2. Internet facing IP Address for the NAT rule  – You don’t actually need to know this yourself but it helps in order to provide a fully completed rule set
  3. Certificates – May be from someone else entirely

Hopefully you won’t even need to talk to the firewall guy at all after that! You can fill in the sheet and email it off to him/her.

A Few points to note:

  • This is based upon the information from this VMware article which I found to be missing items such as DNS and RADIUS so I have added these in
  • The deployment mode is based upon the two IP addresses per Access Point; Single IP will work fine, just enter the same IP in both the Front-End and Back-End Management sections
  • When Deploying the Access Point either via PoSH or OVF, the first IP entered becomes the external one, not the Management/Backend Communication one, which is the second one entered
  • If you want to read a blog on actually deploying Access Point, this by Carl Stalhood is probably the best one out there

I’ve used the PowerShell deployment method before but since 2.8 the OVF deployment actually works properly so it’s just as easy to deploy it that way then import your predefined settings from a JSON file.

 

 

 

Advertisements

One response to “VMware Access Point Firewall Rule Generator

  1. chris smith March 3, 2017 at 8:50 pm

    very cool and thanks for sharing!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: