https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-vmware-workstation-created-vm-s-to-work-on-physical/m-p/508031#M105786 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/224742">@R.Tryba</a>,</P> <P>Sounds like you have a routing issue. I'd verify on your PC that your route table is actually setup how you wish to route traffic, along with verifying that you have the virtual router routes setup properly.&nbsp;</P> Wed, 06 Jul 2022 00:06:35 GMT BPry 2022-07-06T00:06:35Z https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-vmware-workstation-created-vm-s-to-work-on-physical/m-p/507996#M105784 <P>Hi,</P><P>My home setup includes PC with multiple NIC's and a VMware Workstation that has my virtual lab (Windows domain controller, 5 ESXi&nbsp; 7 hosts, VCSA and some other stuff) This is licenced via VMUG programme.</P><P>My main PC goes through one of NIC's direct to PA-820, VMWorkstation is 'bridged' to one of other NIC's I have. Separate subnets.</P><P>&nbsp;</P><P>Have created new zone, NAT and security policy to allow all traffic from VMware-assigned PA-820 NIC/zone to 'any' zone - to get any input data. Have applied management profile that allows ping to zone.</P><P>&nbsp;</P><P>Problem: I cannot make VCSA to connect to Internet. All traffic I can see is that from IP address that is assigned to 'bridged' NIC on main PC to IP assigned to PA's interface.</P><P>Tried amending NAT policy to include PA's address (IP_VMUG_Router) in NAT policy, it does not work with and without that.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="20220705-PA_NAT.JPG" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/42147i76470ADC4FC20F04/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="20220705-PA_NAT.JPG" alt="20220705-PA_NAT.JPG" /></span></P><P>Security policy looks like that (Speedy is my main PC's zone):</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="20220705-PA_secpolicy.JPG" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/42148iBCFF167EFDC9E782/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="20220705-PA_secpolicy.JPG" alt="20220705-PA_secpolicy.JPG" /></span></P><P>IP's are:&nbsp;</P><P>192.168.172.71 - DHCP assigned IP to physical NIC 'bridged' to VMWorkstation network segment.</P><P>192.168.172.1 - IP of PA-820's interface for that zone</P><P>192.168.100.x - main PC's subnet.</P><P>&nbsp;</P><P>I can ping from main PC to all IP's used in VMUG zone.</P><P>I can ping from VM's in VMUG zone to PA's NIC IP.</P><P>I cannot ping from any VM to anything outside of VMUG zone, neither on Speedy or Internet.</P><P>&nbsp;</P><P>&nbsp;</P><P>Where do I go wrong? I wonder if my main PC understands that one of NIC's has IP from 192.168.172.x subnet and pings direct to NIC? I can see ping traffic on PA from 192.168.172.71 to 192.168.172.1 only..</P><P>&nbsp;</P> Tue, 05 Jul 2022 19:24:07 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-vmware-workstation-created-vm-s-to-work-on-physical/m-p/507996#M105784 R.Tryba 2022-07-05T19:24:07Z https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-vmware-workstation-created-vm-s-to-work-on-physical/m-p/508031#M105786 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/224742">@R.Tryba</a>,</P> <P>Sounds like you have a routing issue. I'd verify on your PC that your route table is actually setup how you wish to route traffic, along with verifying that you have the virtual router routes setup properly.&nbsp;</P> Wed, 06 Jul 2022 00:06:35 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-allow-vmware-workstation-created-vm-s-to-work-on-physical/m-p/508031#M105786 BPry 2022-07-06T00:06:35Z