![]() ![]() It is easy to set up and manage, and it comes with a free 30-day trial. The Sophos XG Firewall is a powerful and feature-rich security solution that offers a great deal of protection for home and small office networks. In this article, we will show you a step-by-step guide on how to do just that. To learn more about how to do this, see this thread.If you are looking for a tutorial on how to install the Sophos XG Firewall Home Edition on VMware, then you have come to the right place. The final thing I will be doing is enabling the native MAC Learning functionality that is now built into vSphere 6.7 so that I do not need to enable Promiscuous Mode, which has normally been a requirement for the Nested portgroup and nested labs in general. I’ll now also be able to access the ESXi UI and VCSA UI, once they are stood up. I’ve configured a route summary of 10.254.0.0/16 to go through the IP address of the WAN interface as the gateway so that I can access the Admin UI at as well. This is where the static route will now be useful to access your nested lab. Choose something easy to label them as which makes sense to you: Navigate to Firewall > Add firewall rule and create the following rules. With our VLANs created, we’ll need to create two firewall rules to allow traffic from the WAN port to access the LAN, as well as to allow traffic from LAN to LAN. Navigate to Networking and select Add Interface > VLAN to create each of your networks. Now, we can create our VLANs for our nested environment. ![]() ![]() Once in the Admin GUI, navigate to Administration > Device Access and tick the box for WAN under the HTTPS column. The WAN port is set to grab an address from DHCP so you’ll need to determine which IP address this is either by going into your physical router, or using a tool like Angry IP. To do so, choose option 4 to enter the device console and enter the following command: system appliance_access enable So what do we do? We need to run a command to enable admin access on the WAN port. Unfortunately, this will not work since the LAN side has no physical uplinks. Once this is done, you would normally navigate to that address on port 4444 to access the admin GUI. Login to the console with the default ( admin – admin) credentials, and choose the option for Network Configuration to change the IP for your nested LAN port. This will need to be changed to the subnet you’re using for your nested LAN interface. Once the VM has been deployed, the Sophos XG will be configured with a 172.16.1.1 address by default. Boot: BIOS (will not boot if you keep as EFI).Network Adapter 1: LAN portgroup (nested).Disk: 40GB thin (you may make this smaller if you’d like).RAM: 2GB (add more as needed – max supported is 6GB in the home edition).CPU: 1 (add more as needed – max supported is 4 in the home edition).I’ll describe the basics for deploying the Sophos XG firewall, but will not go into full detail as this is pretty trivial and can be deployed using the following guide as a reference. With that said, one of the VLANs I have is for “Development” work, such as this so I’ll be connecting one uplink from the router to this VLAN which will serve as the WAN interface while the other uplink will be connected to the new nested portgroup to serve as the LAN for the nested lab. I have a bunch of VLANs created for my physical Home Lab as I’ve yet to deploy NSX-T in there, but once I do, I’ll be removing the majority of said VLANs and only keeping the required ones needed to run the lab. Once you determine the subnets you’d like to use for the nested lab, add a static route summary on your physical router.Static route to access the nested lab from my LAN.Set the VLAN type for this portgroup to VLAN Trunking with the range of 0-4094 to allow all VLANs to trunk through.VDS and portgroup without physical uplinks.All traffic will flow through virtual router/firewall to communicate to and from the nested lab. My physical Home Lab is configured with Virtual Distributed Switches, or VDS (sometimes seen as DVS) for short, and since this is a nested lab environment that will not have any physical uplinks connected, I will need to create a new VDS without physical uplinks connected to it along with a portgroup for the nested environment and then configure access to the environment from my LAN. In this post, I will cover the setup and configuration of a Sophos XG firewall Home Edition which will serve as the router for my nested lab environment. In my previous post, I went over the gist of what I plan to do for my nested NSX-T Home Lab. Welcome to Part 1 of my NSX-T Home Lab Series. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |