July 14, 2024
110118 0151 HowtobuildS1 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free
Have you been followed my previously blog to build up Hyper-V nested virtual machine on Microsoft Azure? If you don't, you better build it right now, because this is pre-requisites and you will get lots of benefit for your lab or even production environment, you can reference this link and build it. If you did, congratulation! You can create a nested gest virtual machine and install Firewall (e.g. Sophos XG, Fortinet…) for free, why we still need to build firewall at our Azure Hyper-V nested environment? Because it supports lots functions that we cannot get the functions for free from Azure, e.g. server load balance, firewall, SNAT, application filter, IPS…and so on, we also can use it for LAB or simulate issues or POC. I am going to show how to build Sophos XG here.

110118 0151 HowtobuildS1 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

Have you been followed my previously blog to build up Hyper-V nested virtual machine on Microsoft Azure? If you don’t, you better build it right now, because this is pre-requisites and you will get lots of benefit for your lab or even production environment, you can reference this link and build it. If you did, congratulation! You can create a nested gest virtual machine and install Firewall (e.g. Sophos XG, Fortinet…) for free, why we still need to build firewall at our Azure Hyper-V nested environment? Because it supports lots functions that we cannot get the functions for free from Azure, e.g. server load balance, firewall, SNAT, application filter, IPS…and so on, we also can use it for LAB or simulate issues or POC. I am going to show how to build Sophos XG here.

  1. At the first, you need to apply a Sophos XG Firewall Home Edition via follow link. You may wait for couple hours or days, and they will send the XG firewall serial number to you.

    https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx

    110118 0151 HowtobuildS2 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  2. Login to Azure and RDP to your virtual machine.

    110118 0151 HowtobuildS3 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  3. Open Hyper-V Manager tool, select New at Action pane and then click Virtual Machine.

    110118 0151 HowtobuildS4 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  4. On the Before You Begin page, click Next.

    110118 0151 HowtobuildS5 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  5. On the Specify Name and Location page, enter name for this virtual machine and then click Next.

    110118 0151 HowtobuildS6 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  6. On the Specify Generation page, select Generation 1 and then click Next.

    110118 0151 HowtobuildS7 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  7. On the Assign Memory page, enter 4096MB for startup memory and then click Next.

    110118 0151 HowtobuildS8 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  8. On the Configure Networking, select NAT Network Switch and then click Next.

    110118 0151 HowtobuildS9 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  9. On the Connect Virtual Hard Disk page, keep the default settings and then click Next.

    110118 0151 HowtobuildS10 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  10. On the Installation Options, select Install an operating system from a bootable CD/DVD-ROM.
  11. Select you Image file (.ISO) which you download from Sophos Web site, and then click Next.

    110118 0151 HowtobuildS11 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  12. On the Completing the New Virtual Machine Wizard page, review the settings and click Finish.

    110118 0151 HowtobuildS12 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  13. ON the Hyper-V Manager tool, right click virtual machine name and then select settings.

    110118 0151 HowtobuildS13 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  14. Select Processor and change Number of virtual processor to 4.
  15. Select Add Hardware, select Network Adapter and then click Add.

    110118 0151 HowtobuildS14 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  16. Change Virtual switch from Not connected to NAT Network Switch and then click Apply.

    110118 0151 HowtobuildS15 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  17. Repeat steps to add one more Network adapter and then click OK.

    110118 0151 HowtobuildS16 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  18. Start this virtual machine, type y and then click enter to continue install.

    110118 0151 HowtobuildS17 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  19. You need to remove install disk (.iso image file) from virtual machine settings after installation complete and press y to reboot virtual machine.

    110118 0151 HowtobuildS18 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

    110118 0151 HowtobuildS19 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  20. Enter the default password admin.

    110118 0151 HowtobuildS20 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  21. Select Accent for the End User License Agreement.

    110118 0151 HowtobuildS21 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  22. On the Main Menu, select 1 Network Configuration.

    110118 0151 HowtobuildS22 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  23. On the Network Configuration Menu, select 1 Interface Configuration.

    110118 0151 HowtobuildS23 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  24. On the Network settings page, you will see interface Port 1 (LAN) default IP address is 172.16.16.16/24, press Enter.

    110118 0151 HowtobuildS24 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  25. It may show Port 2 (WAN) IP address if you enable the DHCP at NAT settings on the Azure Virtual Machine, but we cannot use it to access firewall because we don’t enable the permissions yet, press enter.

    110118 0151 HowtobuildS25 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  26. It will ask you to configure IP address for the third network interface, press enter twice, we will configure it later via GUI.

    110118 0151 HowtobuildS26 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  27. On the Network Configuration Menu, select 0 exit.

    110118 0151 HowtobuildS27 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  28. I am going to add 172.16.16.1/24 to vEthernet (NAT Network Switch) temporary, so we can configure firewall from this Azure virtual machine (Host).

    110118 0151 HowtobuildS28 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  29. Open internet explorer and enter https://172.16.16.16:4444 and Select Continue to this website.

    110118 0151 HowtobuildS29 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  30. On the Sophos XG Firewall welcome page, click Click to begin.

    110118 0151 HowtobuildS30 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  31. On the Basic Configuration page, enter the new Admin Password, select I agree to the License Agreement and then click Continue.

    110118 0151 HowtobuildS31 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  32. Enter firewall Name and select time zone and then click Continue.

    110118 0151 HowtobuildS32 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  33. On the Register Your Firewall page, enter your serial number which you got it from Sophos and then click Continue.

    110118 0151 HowtobuildS33 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  34. One the Basic Setup is Complete page, click Continue.

    110118 0151 HowtobuildS34 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  35. On the Network Configuration (LAN) page, click Continue, we will modify them later.

    110118 0151 HowtobuildS35 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  36. On the Network Protection page, select all of them and then click Continue.

    110118 0151 HowtobuildS36 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  37. On the Notifications and Backups page, enter email address for Recipient and Sender and then click Continue.

    110118 0151 HowtobuildS37 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  38. On the Configuration Summary page, click Finish.

    110118 0151 HowtobuildS38 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  39. XG firewall will auto-reboot after apply configuration, and then you will see the login page, type username and password and then click Login.

    110118 0151 HowtobuildS39 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  40. Navigate to Administration and then select Device Access.

    110118 0151 HowtobuildS40 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  41. On the Local Service ACL, enable HTTPS and Ping/Ping6 at WAN Zone and then click Apply.

    110118 0151 HowtobuildS41 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  42. Click OK at update device access message pop up.

    110118 0151 HowtobuildS42 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  43. Navigate to Network, select Interfaces and then click Port2 (WAN).

    110118 0151 HowtobuildS43 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  44. Change IP Assignment from DHCP to Static, change IP address to 192.168.100.2/24, change Gateway Name to Port2_NAT Network Switch, change Gateway IP address to 192.168.100.1 and then click Save.

    110118 0151 HowtobuildS44 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  45. Click Update Interface on Update Interface warning.

    110118 0151 HowtobuildS45 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  46. Repeat steps to change Port3(LAN) IP address to 10.254.254.1/24.

    110118 0151 HowtobuildS46 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  47. Repeat steps to change Port3(LAN) IP address to 172.21.128.2/17.

    110118 0151 HowtobuildS47 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

  48. You may find that you lost the XG firewall configuration portal connection, that’s normal, you need to change url to https://192.168.100.2:4444 and you will reconnect it again.

    110118 0151 HowtobuildS48 - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

Congratulation! You installed XG firewall at Azure nested guest VM successful!!

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

ca16fbd3199de5f66b829b87082fb970?s=80&d=retro&r=g - How to build Sophos XG firewall at Azure Hyper-V Nested VM for free

Author: Cary Sun

Cary Sun has a wealth of knowledge and expertise in data center and deployment solutions. As a Principal Consultant, he likely works closely with clients to help them design, implement, and manage their data center infrastructure and deployment strategies.
With his background in data center solutions, Cary Sun may have experience in server and storage virtualization, network design and optimization, backup and disaster recovery planning, and security and compliance management. He holds CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1999. Cary is also a Microsoft Most Valuable Professional (MVP), Microsoft Azure MVP, Veeam Vanguard and Cisco Champion. He is a published author with several titles, including blogs on Checkyourlogs.net, and the author of many books.
Cary is a very active blogger at checkyourlogs.net and is permanently available online for questions from the community. His passion for technology is contagious, improving everyone around him at what they do.

Blog site: https://www.checkyourlogs.net
Web site: https://carysun.com
Blog site: https://gooddealmart.com
Twitter: @SifuSun
in: https://www.linkedin.com/in/sifusun/
Amazon Author: https://Amazon.com/author/carysun