I test a lot of things in my lab. One project requires me to spin up an Active Directory domain. This necessitates me creating a virtual network that is separate from my home network since the domain will have its own subnet and DHCP server. There are many ways to segment the virtual network from your home network, such as creating a VLAN, however, we will be creating a router and having the virtual network behind a NAT.
I am using Hyper-V for this article, but the process is similar for other virtualization platforms. I won’t be going into too much depth here because the steps are basically the same as installing a custom firewall solution on hardware.
The first thing you will need to do is create a new virtual switch for the network. This can be done by opening the Virtual Switch Manager and creating a new virtual switch. Be sure to select Private network under the connection type. This will allow any device that is connected to that virtual switch to be on the same network.
If you don’t have one already, you will need to create another virtual switch, this one connecting to the external network. This network will serve as the WAN interface on our router.
Next, you will configure the virtual machine. If you’re using Hyper-V, you’ll want to make this a generation 1 machine. I gave my VM 2GB of RAM and made sure that Use Dynamic Memory fir the virtual machine is disabled. For the network, you’ll need to choose the private virtual network you created earlier. I had VHD files with the firewall OS installed so I mounted them to my VM.
After completing the wizard, you’ll need to change some settings. First, the automatic start action should be set to always start this virtual machine automatically. I like to set the automatic stop action to turn off the virtual machine. I gave the VM two virtual CPUs. Finally, you’ll need to add the second network adapter for the WAN interface.
Installing and Configuration
I went with Sophos XG for my firewall, however you can use any software firewall you wish. There are virtual appliances available for various platforms. I chose the one for Hyper-V since that’s what I run in my lab.
You’ll need to enter the default password of admin and accept the EULA. After that, you need to confirm the interfaces are properly configured. You’ll select option 1 then 1 again to configure the network interfaces. If you remember, you added the internal network adapter first then added the external interface. The reason was because the first network adapter added becomes eth0. Most firewalls use eth0 as the internal interface. If you configured everything properly, the interface PortA should have an IP address of 22.214.171.124 and be in the LAN zone.
Now, you need to configure the firewall. You’ll log into https://172.16.16.16:4444 and enter admin as the username and password. Enter the serial number that is provided to you and click on Activate Device then Register Device. If you have a Sophos ID, you can log in with that. Follow the on screen directions to complete registration.
The next step is to configure the device. There is a wizard that walks us through the configuration. In most cases, the defaults will be fine. You should only need to set the email and time settings.
Now you have a business grade router to serve our virtual networks. Adding additional networks is as simple as adding another virtual interface to the firewall virtual machine. When creating new virtual machines, you’ll need to be sure that you choose the same virtual switch as the interface on the firewall.
How do you network your virtual lab? Share it in the comments.