Jump to content
RESET Forums (homeservershow.com)

Sophos in Hyper-V - Connection issue


bigyin
 Share

Recommended Posts

Hi Guys,

 

Hoping some of you may be able to help me. I have an issue with Sophos UTM in a VM on my Hyper-V host. Recently I retired my two old ESXi servers and migrated my VM's to a brand new Single Hyper-V host. In my old setup I used pfSense as my router firewall which worked great. Up until the change, I wanted to play about with Sophos as I heard many great things about it, Endpoint, Strict firewall rules, HTML5 Gateway etc...

So I've had it running in a stand alone box until recently and loved it. I have now got it installed on my Hyper-V host, working however I cannot get internet connection through it at all! Very frustrated!

 

I have to have my firewall configured as a bridge as I have a router elsewhere at home. So everything is on the same subnet IP wise, which works fine on the physical box, but not the VM?! So obviously it's a Hyper-V issue.... I think.

 

I have 5 Nics on my host:

1 Hyper-V management

2/3/4 Teamed for VM's

5 WAN for Firewall (Shared management unticked)

 

2-5 Is a Intel Pro Quad nic card just FYI

OS is Server 2012 R2 Standard

 

What I've found so far is that I cannot ping out from my bridged adapter to anything! However, from the Host or anything else, I can ping Sophos.

On the dashboard, the State & Link are up, with minimal traffic going through. I've even added a rule for testing to allow everything through to anywhere, no change. I also tested Sophos as a Router, giving out a different internal subnet - no change.

 

I tried another third party network card as the wan port. No change.

I have also tested untangle, which I know has a built-in transparent mode - same result as Sophos.

 

I'm hoping at least somebody has faced this issue before, because I'm kinda at a loss now.

 

Any help would be appreciated. 

 

Thanks

Link to comment
Share on other sites

What type of network adapter are you using? Legacy or "normal"?

 

Also, have you completed the initial configuration wizard?

Link to comment
Share on other sites

Subscribing to this thread. I am curious as to how this is resolved.

 

A few months ago, I also attempted a WinSvr 2012R2 + Hyper-V role build having pfSense as the lone guest VM. I also noted significant performance hit on network throughput. I can no longer remember the settings I used (legacy or whatnot), nor can I quantify the actual throughput.

 

The host is an N40L with 10GB RAM with 4GB allocated to the guest. The NIC is an HP quad-gigabit (Broadcom chipset).

 

After switching to ESXi using the same hardware, I no longer run into any network issues.

 

I'd very much like to switch back to Windows Server + Hyper-V, but until the said issues are resolved, I'm staying with ESXi. About two weeks ago, I replaced my hardware pfSense with this and it's been working smoothly.

Link to comment
Share on other sites

@Drahsna I've tried both Legacy and Normal. Yes I've completed the initial configuration, I think you have to without choice anyway.

 

Strange thing is as I mentioned, I installed it on a stand alone box with like for like config which works fine! I've even been testing the adapters on my host and they appear fine. It seems like a weird DNS issue to me.

 

@oj88 I was in the same position with you, as I was running ESXi before which worked fine. I wanted to change to Hyper-V as I wanted more experience with it as we are switching from ESXi to Hyper-V at work over the next couple of months. I can see quirks like this may lead to premature hairloss! :wacko:

Link to comment
Share on other sites

  • 2 weeks later...

What, what device are you trying to ping, and how is everything connected (from client to destination.

 

 

I ask, because the firewall may be blocking the ICMP communications (ping and the like).  Check the settings, and make sure it allows ICMP packets through the gateway. 

 

 

(and yes, I fell victim to this myself on my recent reinstall) 

Link to comment
Share on other sites

I have already checked that from a suggestion on another forum.

 

When Sophos is running either in Bridged or seperate adapters, I cannot ping the gateway(router).

 

In Bridged mode, I can ping everything else locally, servers, PC's, AP's which are all connected to a switch. From the switch to another room in my house is the router which carries my internet. When I swap the cable to the WAN Nic on my hyper-v host, I get nothing from Lan to Router.

 

I have just tested when I seperate the Nic's on Sophos, I can ping from the WAN to anything I select! When I ping from the Lan, again I get nothing. I know the WAN port is working and get's an IP address from the router. Its the connection between LAN-WAN is the issue.

Almost at the verge of giving up and setting up another box. I'm going to hate having to do this as the amount of time I've spent converting two ESXi hosts and various other machines to one brilliant Hyper-V host would mean this is a step backwards.

 

I thoroughly believe it's a Hyper-V issue. As I Mentioned, I tried installing Untangle as transparent mode which is so easy to configure, doesn't work either with same symptoms. I tested a stand alone box with Sophos, Bare bones install and worked like a charm. It's like there is a problem with two external vSwitches talking to each other.

 

Any suggestions?

Link to comment
Share on other sites

Check the settings here:

LekATM5.png

 

 

I'm pretty sure this is what the issue is.

Link to comment
Share on other sites

Already tried that. The main issue is still that I don't get any internet connection through Sophos in a VM on Hyper-V. Not being able to ping the gateway is where I've able to find where I believe the networking problem is. Anything you could recommend I try within Hyper-V?

Link to comment
Share on other sites

Just came across this thread. Just thought I would mention that I had this problem when running in ESXi and after setting the network adapters to promiscuous mode in ESXi everything worked fine.

 

Skickat från min LG-D855 via Tapatalk

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...