Starting the lab – Installing the Router / Firewall using Sophos UTM

Before we start working on building out our Windows Server roles it’s important to have a basic network setup so we can separate our lab traffic from our main network traffic, and it gives us a more ‘enterprise’ feel – as if we were setting it up for a client.

In this post I will go over how to setup Free Home Edition Sophos UTM software appliance inside of a Hyper-V VM.

Sophos UTM is my preferred choice over PFSense due to it’s ease of use, great looking UI, and advanced feature set.

Feel free to read along below, or follow my YouTube video here.

Let’s begin!

1) Download Sophos UTM Free
Start off by downloading the latest version here. Make sure you download the “Software Appliance” version, since we don’t own any Sophos Hardware! At the time of writing the latest version is 9.405-5.1, but this doesn’t matter – the general setup will be the same.

2) Create a new Virtual Switch inside of Hyper-V.
Select “Virtual Switch Manager” on the right menu of Hyper-V Manager. In my case I named it “Sophos – Private” since this will be a private (not accessible by the host) network shared only by the Lab VM’s.

post1-Sophos-Step2.1

Create one more Virtual Switch, and let’s make this one an External switch so that it can connect to the internet using our Hosts connection, and call it “WAN”. If you have more than one NIC or WiFi adapter in your computer, make sure the proper device is selected in the drop down under External Network. Make sure the checkbox for “Allow management operating system to share this network adapter” is checked!

2) Create a new Gen 1 Hyper-V VM.
My personal settings for this lab are listed below:

  • 2GB RAM – Not dynamic
  • New 20GB Disk
  • Attached “Sophos – Private” Network adapter
  • Attached “WAN” Network adapter
  • Selected the downloaded Sophos UTM ISO as the DVD boot device

You should have a basic VM with 2 NIC’s now created. We are ready to install Sophos.

3) Install Sophos
Connect to the console of your VM, and power it on.
On the first page go ahead and press Enter, and let the Linux installer begin doing it’s thing.
Continue pressing enter until you get to the screen that asks you for which interface will allow access to the WebAdmin UI.
If you followed my guide properly, eth0 will be set to our “Sophos – Internal” virtual NIC since it was the device added first. If you are not sure, open up your VM settings and confirm the order.
post1-Sophos-Step3.1

I will be setting this to eth0, so I can access the WebUI inside of my virtual network. You can press Tab to get to the option that says “Next”.
The next step will ask you for network address – this will be the subnet that our lab network lives on. Here are my settings:

  • Address: 192.168.2.1
  • Netmask: 255.255.255.0
  • Gateway: Leave this blank!

Continue pressing Next until you get asked “Do you wish to install all capabilities”, select Yes!
The final screen will show us that we can access the management UI on https://192.168.2.1:4444.
Remember this URL, since when we get another PC loaded onto the same subnet, we will be able to login to the Sophos and manage it.
Press the “Reboot” button, and wait for the appliance to reboot, and we will be ready to move onto the next step.

In the next blog post I go over how to configure the Sophos UTM, and how to setup a central management VM for our lab. Check it out here.