Sophos UTM in Hyperv

Question

Hi 
 
 I have Sophos UTM running in Hyperv. The os that hyperv runs on is Windows 10 Professional. 
 
 Can somebody please advise on a initial setup and firewall rules/nat etc so that I can accomplish the following:- 
 
 Within the Hyperv environment - I have the following virtual switches 
 
 Internal - for the VM's one of them being Windows 10 Virtual Machine running via hyperv 
 External - this is the connection from hyperv going back to my physical Windows 10 Professional PC which connects into a switch which onwards connects into my broadband router 
 
 I have built the UTM on Hyperv , assigning it both the internal Virtual NIC , with a range of 192.168.2.x /24 
 The internal management IP for the UTM is 192.168.2.100 
 I have a Windows 10 VIrtual machine on Hyperv which is able to connect via the browser to 192.168.2.100 on port 4444 
 I have the UTM box also configured to pickup the external Hyperv NIC , which gets a dynamic address from my broadband router IP pool 
 Everything appears to work ok , I can open up a browser on my Hyper V Windows 10 machine and go through the UTM as a transparent proxy or by changing the default gateway of the NIC to the Internal IP for the UTM. 
 What I cannot get to work is the following and I am left wondering whether my logic is correct or faulty 
 I want my Physical Windows 10 PC which is on a different subnet to be able to route traffic via the Browser through to the UTM for inspection and then out again back to the INternet . Basically I want anyone who is connecting to my Physical Windows PC (which is on a 192.168.0.x /24 network) to be subject to the webfilter rules. 
 Can anyone advise on whether the above is correct or suggest a recommended way for getting this to work the way I need it to? 
 
 Thank you all.

JW0914 · Answer

I'm not altogether sure if it's possible to run Sophos UTM as a firewall OS on Windows 10 PC with the purpose of using it to protect the host OS (Windows 10). 
 
 In order for the above to work, network traffic would have to be first directed to the Sophos VM, without Windows having any access to it, otherwise the traffic bypasses the security of the Sophos VM. 
 It could potentially be possible by configuring vLAN IDs on all Windows network interfaces, but something says to me this would not result with the end result one would need in order to make this work. 
 
 Client Hyper-V (the Hyper-V version used in Windows 8+) is, I believe, a Type 2 hypervisor, versus that of a Type 1 (ESXi, Hyper-V Server editions, etc.) . This means a lot of things, however I believe it also means all virtual network traffic on all external virtual NICs are transparent to the host (Windows 10) , and if this is the case, a router OS cannot be used in a VM to protect the underlying host OS (Windows 10) . 
 
 Now, if you were to install Sophos UTM in a VM, you could use it to protect traffic on another VM by creating a private switch(es)... private switches prevent the Host from accessing the traffic, but private switches are only for network traffic between VMs. However, all outbound traffic exiting the Sophos VM will be transparently seen by the host (Windows 10) . 
 
 For example, I run Sophos UTM in a VM on ESXi as my WAN facing router, and you can prevent ESXi from accessing network traffic on any of the 5 Ethernet ports on the motherboard, something that cannot be done with Client Hyper-V (or at least that I'm aware of) .