![]() This is how I have mine setup, NIC1 as WAN & NIC2 as LAN. So, from my understanding, and correct me if I am wrong, but the host OS should not have access to the internet directly using this method? That would make sense, however, neither does the Sophos VM as I assigned it the two adapters correctly and tried to activate the product. I plugged my Ethernet cable from cable modem to WAN (NIC1) and cable from LAN (NIC2) to my router. I named NIC1 WAN and NIC2 LAN and configured two virtual switches inside of Hyper-V both marked external (the only difference is that I have the box marked 'Īllow management operating system to share this network adapter Okay, so it looks like I am heading in the correct direction. ![]() On an R720 you should have 4 Ethernet ports to allow isolation and distribution This keeps the host OS isolated from the Internet since the WAN side of the Sophos VM is separate physical connection. In a virtual firewall setup you would normally have the VM host management port bound to a LAN side NIC, say, eth0, then the WAN side interface of the firewall VM gets a dedicated physical NIC, like eth1 and the internal firewall ports would be bound to a vSwitch and possibly a physical NIC depending on whether you need the firewall to service physical machines as well as VMs. Either a masq rule, an actual firewall rule, or both. ![]() If the Sophos' LAN address is configured as your gateway, and you can ping the Sophos but still can't get to the internet I'll almost bet you are just missing a firewall rule. It's been a while - but I believe the setup wizard automatically created any firewall and masq rules required for internet access to function. Inside the Sophos OS the WAN adapter is configured as the WAN, and the LAN adapter is configured as the LAN. One connected to WAN the other connection to LAN. The sophos VM has 2 network adapters on it. One virtual switch I named "WAN" that connects to nic1, and another virtual switch named "LAN" that connects to nic2. The concept is the same on both - I have two virtual switches in hyper-v. Both devices run Hyper-V Server as the base OS. ![]() I also run one at home on a little spare desktop. I guess I was just concerns with it sitting between my modem & firewall would leave the host OS exposed. I plan on spinning up multiple VM's on this host. R720 I have my hands is way over powered, but would allow me to build a VM to the max specs that Sophos allows for the home version of their firewall. Their primary purpose are virtual networks, so I don't see a reason to be worried.īojan Zajc for your reply. That you can use them as well to protect physical networks, is just a nice side-effect. Nobody can completely exclude bugs and flaws in software, but these virtual editions were built to protect the network side of different VM's you are hosting on your virtual servers. If the firewall is correctly set up (and updated), it should be able to separate all the virtual networks without any danger to the host OS. However when comparing to my Supermicro server with WatchGuard's virtual firewall, I have no limitations about using / separating any of the NIC in the virtual switch and firewall. I can't say anything about the HW limitations of a R720 combined with Sophos virtual firewall.
0 Comments
Leave a Reply. |