Understanding VMNETs in VMWARE Workstation

If you are going to learn cybersecurity then the first thing you realize is how you don’t really understand anything till you do it. Good job to whoever came up with;

I hear, and I forget

I see, and I remember

I do, and I understand.

— not Confucius

And since most of us don’t have data centers lying around at home, the amazing power of virtualization is all we have.

Initially setting these up gets messy because a lot of “network” guys go almost their entire lives never done anything related to servers as they are not the “server” guy. Well, after a few CBT Nugget videos this thing becomes very straightforward.

Now I will stop rambling and get to the point.

Every VMnet Is Like A Network/Subnet

If you look at my setup below.

VMnet settings on my vmware setup
my setup

This means VMnet1 is a network in the range Think of it like a switch and the gateway is your own machine which has a VMnet1 adapter with the IP

Quick explanation of the highlighted parts:

  • I use VMnet1 as management network or OOB network.
  • Host only – means it doesn’t deal with your host’s IP addresses in anyway and is totally a separate network.
  • Connect a host virtual adapted to this network option creates a vmnet1 adapter on the host machine, which is your PC and the address can be anything in the subnet range but by default is .1, like mine is This is like a cable from your machine to the vmnet1 switch and now your machine can access everything connected to this vmnet1.
goto run -> type: ncpa.cpl

  • DHCP – I disable it as most devices just pick up a random IP then it’s difficult to find, just better assign them manually.
  • Subnet – For the love of your God, plan your subnets and IP ranges well, or else you will just stop doing labs when you keep forgetting what IP is where, like happened to me for the first 2 years. 

A NAT VMnet For Internet Access

This is maybe just my setup. I did it this way for the CBT Nuggets F5 labs.

  • The only difference is this is a NAT adapter and not host only, so it will NAT the range with your host’s IP address and so anything assigned this adapter can go to the internet through
  • Notice the gateway next-hop you have to point to is as .1 is assigned to the vmnet2 adapter on your own host PC.
  • I use this this as my external vlan, where the virtual servers live in f5 labs and also to give a default route to the f5 to the internet through
  • You can use it to give internet access to a firewall too, but remember to NAT your internet inside zone LAN to first as that will be a separate private IP address space.
  • This also puts a vmnet2 adapter on your host machine as explained, which is what lets you connect to the virtual servers if you use this as an external vlan.

One Completely Isolated VMnet

this one’s all by himself

This VMnet cannot be accessed directly from your host machine as it does not “connect a host virtual adapter”. You can only reach him or it to you via a routing device like a firewall or f5.

This is perfect to simulate an inside network in firewall labs and for the internal vlan in f5 labs where you put the back end nodes/servers.