The host nor the VM does not have access to the internet once configuring the virtual switches, so I believe I must be doing something wrong.ġ. I setup the virtual switches in Hyper-V with " This is how I have mine setup, NIC1 as WAN & NIC2 as LAN. So, from my understanding, and correct me if I am wrong, but the host OS should not have access to the internet directly using this method? That would make sense, however, neither does the Sophos VM as I assigned it the two adapters correctly and tried to activate the product. I plugged my Ethernet cable from cable modem to WAN (NIC1) and cable from LAN (NIC2) to my router. I named NIC1 WAN and NIC2 LAN and configured two virtual switches inside of Hyper-V both marked external (the only difference is that I have the box marked 'Īllow management operating system to share this network adapter Okay, so it looks like I am heading in the correct direction. On an R720 you should have 4 Ethernet ports to allow isolation and distribution This keeps the host OS isolated from the Internet since the WAN side of the Sophos VM is separate physical connection. In a virtual firewall setup you would normally have the VM host management port bound to a LAN side NIC, say, eth0, then the WAN side interface of the firewall VM gets a dedicated physical NIC, like eth1 and the internal firewall ports would be bound to a vSwitch and possibly a physical NIC depending on whether you need the firewall to service physical machines as well as VMs. Either a masq rule, an actual firewall rule, or both. If the Sophos' LAN address is configured as your gateway, and you can ping the Sophos but still can't get to the internet I'll almost bet you are just missing a firewall rule. It's been a while - but I believe the setup wizard automatically created any firewall and masq rules required for internet access to function. Inside the Sophos OS the WAN adapter is configured as the WAN, and the LAN adapter is configured as the LAN. One connected to WAN the other connection to LAN. The sophos VM has 2 network adapters on it. One virtual switch I named "WAN" that connects to nic1, and another virtual switch named "LAN" that connects to nic2. The concept is the same on both - I have two virtual switches in hyper-v. Both devices run Hyper-V Server as the base OS. I also run one at home on a little spare desktop. I guess I was just concerns with it sitting between my modem & firewall would leave the host OS exposed. I plan on spinning up multiple VM's on this host. R720 I have my hands is way over powered, but would allow me to build a VM to the max specs that Sophos allows for the home version of their firewall. Their primary purpose are virtual networks, so I don't see a reason to be worried.īojan Zajc for your reply. That you can use them as well to protect physical networks, is just a nice side-effect. Nobody can completely exclude bugs and flaws in software, but these virtual editions were built to protect the network side of different VM's you are hosting on your virtual servers. If the firewall is correctly set up (and updated), it should be able to separate all the virtual networks without any danger to the host OS. However when comparing to my Supermicro server with WatchGuard's virtual firewall, I have no limitations about using / separating any of the NIC in the virtual switch and firewall.
Though it does seem like they have taken the business setup and just said its an home edition.I can't say anything about the HW limitations of a R720 combined with Sophos virtual firewall.
Sophos xg home edition how to#
Wanted to use Sophos as we use it as one of the schools I work at and thought I could get a firewall for home and learn how to use it, at the same time. I am tempted to try Untangle, PFSense or OPNSense if I can't get this working, as I am pulling my hair out. Should I be using it bridge or gateway mode? Do i need to setup DHCP etc on Sophos or can I allow it on the router? Afterwards you can play with all the security features in the firewall rule and see, what happens.īut this should work for every connection fine. You should start with a simple LAN to WAN Rule with MASQ enabled. This LAN interface works as a gateway for all clients. The other interface is defined as LAN and runs an own DHCP Server. This Interface will be setup as DHCP Client. In the router should be only one interface (XG). So basically one interface defined as WAN, which uses the connection to the router. You will have WAN and LAN zone interfaces. Ahhhhhhhhhh!!!!!! Tried this in gateway yesterday and I couldn't get any Internet connection.
0 kommentar(er)
