FortiGate VM 6.0.4 HA Active-Active Hi Good day, I have 2 FortiGate VMs running on VMware ESXi on 2 different physical servers. I need to set it up on HA and I've already successfully configured Active-Passive set up using the Unicast Heartbeat. You can install and set up ESXi on your physical hardware so that it acts as a platform for virtual machines.
I have a Dell PowerEdge R710 server with ESXi 5.5 installed on it. Server is connected to switch, switch is connected to router, router has internet access. On ESXi I have one virtual machine, Windows Server, IP: 10.0.0.11/24. My virtual machine is able to access the Internet but what should I do to be able to access my Windows Server (virtual machine on ESXI host) from the Internet (for example for remote desktop connection)?
Hennes59.7k77 gold badges9494 silver badges144144 bronze badges
Brian BrownBrian Brown
5 Answers
Assuming you can reach the server via RDP from within the LAN, all you have to do is set up port forwarding on your router. The default RDP port is 3389. Sometimes ISPs have a firewall externally, and in that case you would need to forward another incoming port which is more likely to be open, e.g. 443, to your server internally.
This challenge has virtually nothing to do with VMs in general or ESXi in particular.
eivamueivamu
Port forwarding is indeed the way to go. I have a similar setup with a R710 running ESXi.
- 1st I have a port forwarding rule to expose iDRAC so that I can manage the server remotely - from anywhere. Move away from ports 80 & 443 for security reason.
- 2nd you might want to expose EXSi console as well using the same technique.
- 3rd For my CentOS farm running on ESXi I setup SSH on specific port for each VM.
- 4th You set port forwarding rule for each so that I can reach out to them through the same external IP.
- This is a scenario where using a free service to map your IP to a dummy domain name becomes handy. I use noip.com. Free and reliable.
Update: With more recent routers, no need to set custom SSH port on each guest VM. You can have a rule on your router to redirect traffic received on port 222 (as an example) and redirect incoming traffic to a specific guest on port 22 (default SSH port) - based on IP or hostname. Much more easier to manage!
Martin BrousseauMartin Brousseau
In order to set up what you require you will need to set up port forwarding rules for each VM you have (I assume you don't have a collection of static IPs to hand). This will also include changing the listening port for each VM you have with Remote Desktop enabled.
If you wish to access your host OS then connect to your router (Default Gateway) admin page and set up a forwarding rule on port 3389 pointed to the internal IP of your host.
Within your first VM enable your Remote Desktop as usual, but now you will need to change the listening port. Since you didn't specify the OS of your VMs I will assume Microsoft to match your host. If not let me know. To change your listening port follow the steps:
Obviously you can change the ports however you want. So a logical method would be to increment your port usage by 1 per server. Once again go into your router and set up port forwarding rules (one per machine) using your new port and IP address of the VM.
I have used this method to set up Remote Desktop into two Windows VMs on a Windows Server 2008 RT host in the past without incident.
Disclaimer: I am aware the reference is for XP, but it seems to work on my Windows 7 machine and, once again, you have not specified your OS, so please add additional information for an updated answer as required.
Kevin Panko6,0791111 gold badges3636 silver badges4848 bronze badges
Matthew WilliamsMatthew Williams4,05988 gold badges2121 silver badges3636 bronze badges
Obviously I am not an ESXi expert or I would likely not have found this thread, but wouldn't it be easier to setup a VPN tunnel and just VPN into the network? So long as you have remote desktop (or ssh for linux/mac) turned on for each vm, which has to be configured anyhow, then you would only need the ports forwarded to the VPN server to gain access.
ThunderThunder
I know this post is a few months old. But just in case, here is my way. I port forward 1443 to 443 on my ESXi server (if you don’t use 443 for other services you can go straight 443 to 443). This is for vSphere to access ESXi server itself. To access the VMs themselves, you will also need to port forward 902. Then simply put
ExcellllMY_DOMAIN:1443
in the 'IP Address / Name' field to log in. Because I run multiple VMs, I find these to be a simple solution, as I only have to forward 2 ports per ESXi server.11.3k77 gold badges4242 silver badges6464 bronze badges
megadeth23megadeth23
Not the answer you're looking for? Browse other questions tagged virtual-machineinternetvirtualizationesxidell-poweredge or ask your own question.
I have a Dell PowerEdge R710 server with ESXi 5.5 installed on it. Server is connected to switch, switch is connected to router, router has internet access. On ESXi I have one virtual machine, Windows Server, IP: 10.0.0.11/24. My virtual machine is able to access the Internet but what should I do to be able to access my Windows Server (virtual machine on ESXI host) from the Internet (for example for remote desktop connection)?
Hennes59.7k77 gold badges9494 silver badges144144 bronze badges
Brian BrownBrian Brown
5 Answers
Assuming you can reach the server via RDP from within the LAN, all you have to do is set up port forwarding on your router. The default RDP port is 3389. Sometimes ISPs have a firewall externally, and in that case you would need to forward another incoming port which is more likely to be open, e.g. 443, to your server internally.
This challenge has virtually nothing to do with VMs in general or ESXi in particular.
eivamueivamu
Port forwarding is indeed the way to go. I have a similar setup with a R710 running ESXi.
- 1st I have a port forwarding rule to expose iDRAC so that I can manage the server remotely - from anywhere. Move away from ports 80 & 443 for security reason.
- 2nd you might want to expose EXSi console as well using the same technique.
- 3rd For my CentOS farm running on ESXi I setup SSH on specific port for each VM.
- 4th You set port forwarding rule for each so that I can reach out to them through the same external IP.
- This is a scenario where using a free service to map your IP to a dummy domain name becomes handy. I use noip.com. Free and reliable.
Update: With more recent routers, no need to set custom SSH port on each guest VM. You can have a rule on your router to redirect traffic received on port 222 (as an example) and redirect incoming traffic to a specific guest on port 22 (default SSH port) - based on IP or hostname. Much more easier to manage!
Martin BrousseauMartin Brousseau
In order to set up what you require you will need to set up port forwarding rules for each VM you have (I assume you don't have a collection of static IPs to hand). This will also include changing the listening port for each VM you have with Remote Desktop enabled.
If you wish to access your host OS then connect to your router (Default Gateway) admin page and set up a forwarding rule on port 3389 pointed to the internal IP of your host.
Within your first VM enable your Remote Desktop as usual, but now you will need to change the listening port. Since you didn't specify the OS of your VMs I will assume Microsoft to match your host. If not let me know. To change your listening port follow the steps:
Obviously you can change the ports however you want. So a logical method would be to increment your port usage by 1 per server. Once again go into your router and set up port forwarding rules (one per machine) using your new port and IP address of the VM.
I have used this method to set up Remote Desktop into two Windows VMs on a Windows Server 2008 RT host in the past without incident.
Disclaimer: I am aware the reference is for XP, but it seems to work on my Windows 7 machine and, once again, you have not specified your OS, so please add additional information for an updated answer as required.
Kevin Panko6,0791111 gold badges3636 silver badges4848 bronze badges
Matthew WilliamsMatthew Williams4,05988 gold badges2121 silver badges3636 bronze badges
Obviously I am not an ESXi expert or I would likely not have found this thread, but wouldn't it be easier to setup a VPN tunnel and just VPN into the network? So long as you have remote desktop (or ssh for linux/mac) turned on for each vm, which has to be configured anyhow, then you would only need the ports forwarded to the VPN server to gain access.
ThunderThunder
I know this post is a few months old. But just in case, here is my way. I port forward 1443 to 443 on my ESXi server (if you don’t use 443 for other services you can go straight 443 to 443). This is for vSphere to access ESXi server itself. To access the VMs themselves, you will also need to port forward 902. Then simply put
ExcellllMY_DOMAIN:1443
in the 'IP Address / Name' field to log in. Because I run multiple VMs, I find these to be a simple solution, as I only have to forward 2 ports per ESXi server.11.3k77 gold badges4242 silver badges6464 bronze badges
megadeth23megadeth23