Thanks!

Thank you Danny!

FYI: GitHub resources are free for use, so if anyone is simply interested in building the lab using VirtualBox, all the necessary resources are there (with links to ISOs and software).

Thank you Tim!

Yeah, didn't expect to sink this much time into update so soon, but it was needed.

Maybe best if you start new thread on this, as its not really related to this post : - ). Also, if you could send us basic network diagram, it always helps. Some things to check...run fw stat on the fw, as well as ip r g command to see if it shows right path.

example -> ip r g 8.8.8.8

Andy

Thanks a lot, this is the datagram

So i can't connect from 10.0.0.20 to 200.200.0.1 to complete FTW about CPGW, with telnet on 443 i obtain timeout and ping doesn't work too. 

Policy on CPCM is matched and traffic is accepted, on tcpdump i can see only syn, tried to dump on router with this command but i can't see arrive nothing from firewall 

vyos@router:~$ monitor traffic interface eth1
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
vyos@router:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.178.60/24 u/u OUTSIDE
eth1 200.100.0.254/24 u/u Net_200.100.0.0
eth2 200.200.0.254/24 u/u Net_200.200.0.0
lo 127.0.0.1/8 u/u
::1/128
vyos@router:~$ monitor traffic interface eth1
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes

this is CPCM side

[Expert@CPCM1:0]# fw stat
HOST POLICY DATE
localhost Standard 2Apr2023 16:20:35 : [>eth0] [<eth0] [>eth2] [<eth2] [>eth3] [<eth4]

[Expert@CPCM1:0]# ip r g 8.8.8.8
8.8.8.8 via 200.100.0.254 dev eth4 src 200.100.0.2

[Expert@CPCM1:0]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 200.100.0.254 0.0.0.0 UG 0 0 0 eth4
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.20.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.30.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth5
192.168.255.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
200.100.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4
[Expert@CPCM1:0]#

@Millo , check the presence of the default route on CPCM1 and CPCM2 as well as if your SmartConsole_VM object has NATR hide behind static IP configured.

Also, please check the eth0 and eth1 on CPGW and let me know which IPs you have assigned to each of the interfaces.

Cheers,

Vladimir

Hi, problem solved. The issue is that the names of the network adapter of the VM of the Router and VM of the FWs was different (case sensitive)

Thanks to all

While I like the VMware ESXi for serious lab modeling, there are few reasons why I've picked Virtual Box:

1. An issue with VMware Virtual networking in general- it is reshuffling virtual interfaces based on their PCI IDs. I.e. If you've created a VM and assigned the interfaces to the Bridged, NATed or Virtual Segments and then added another few interfaces, their assigments will shift.

2. VMware Workstation does not have Management CLI suitable for native scripted VM configuration and deployment. It must be coupled with Terraform to achieve same outcomes that are possible with simple VirtualBox scripting.

This said, once the lab is created manually and snapshotted, It'll probably be more convenient for a lot of folks to use.

Cheers!

Vladimir

Even if VMware Workstation Pro is “free” now, the change in licensing model for Enterprise customers has left a bad taste in a lot of people’s mouth.

As for the bare-metal ESXi Hypervisor…I’ve found Promox to be a lot easier to keep up to date.