RE: Sophos UTM in Hyperv

JW0914 — Mon, 05 Jun 2017 14:08:19 GMT

I'm not altogether sure if it's possible to run Sophos UTM as a firewall OS on Windows 10 PC with the purpose of using it to protect the host OS (Windows 10).

In order for the above to work, network traffic would have to be first directed to the Sophos VM, without Windows having any access to it, otherwise the traffic bypasses the security of the Sophos VM.
It could potentially be possible by configuring vLAN IDs on all Windows network interfaces, but something says to me this would not result with the end result one would need in order to make this work.

Client Hyper-V (the Hyper-V version used in Windows 8+) is, I believe, a Type 2 hypervisor, versus that of a Type 1 (ESXi, Hyper-V Server editions, etc.). This means a lot of things, however I believe it also means all virtual network traffic on all external virtual NICs are transparent to the host (Windows 10), and if this is the case, a router OS cannot be used in a VM to protect the underlying host OS (Windows 10).

Now, if you were to install Sophos UTM in a VM, you could use it to protect traffic on another VM by creating a private switch(es)... private switches prevent the Host from accessing the traffic, but private switches are only for network traffic between VMs. However, all outbound traffic exiting the Sophos VM will be transparently seen by the host (Windows 10).

For example, I run Sophos UTM in a VM on ESXi as my WAN facing router, and you can prevent ESXi from accessing network traffic on any of the 5 Ethernet ports on the motherboard, something that cannot be done with Client Hyper-V (or at least that I'm aware of).