Prerequisites:<\/strong><\/p>\n\n\n\n I have a bunch of VLANs created for my physical Home Lab as I’ve yet to deploy NSX-T in there, but once I do, I’ll be removing the majority of said VLANs and only keeping the required ones needed to run the lab. With that said, one of the VLANs I have is for “Development” work, such as this so I’ll be connecting one uplink from the router to this VLAN which will serve as the WAN interface while the other uplink will be connected to the new nested portgroup to serve as the LAN for the nested lab. I’ll describe the basics for deploying the Sophos XG firewall, but will not go into full detail as this is pretty trivial and can be deployed using the following guide<\/a> as a reference.<\/p>\n\n\n\n Once the VM has been deployed, the Sophos XG will be configured with a 172.16.1.1<\/strong> address by default. This will need to be changed to the subnet you’re using for your nested LAN interface. Login to the console with the default (admin – admin<\/strong>) credentials, and choose the option for Network Configuration to change the IP for your nested LAN port.<\/p>\n\n\n\n Once this is done, you would normally navigate to that address on port 4444<\/strong> to access the admin GUI. Unfortunately, this will not work since the LAN side has no physical uplinks. So what do we do? We need to run a command to enable admin access on the WAN port. To do so, choose option 4<\/strong> to enter the device console and enter the following command:<\/p>\n\n\n\n The WAN port is set to grab an address from DHCP so you’ll need to determine which IP address this is either by going into your physical router, or using a tool like Angry IP. Once in the Admin GUI, navigate to Administration > Device Access<\/strong> and tick the box for WAN under the HTTPS column. See this post<\/a> for reference.<\/p>\n\n\n\n Now, we can create our VLANs for our nested environment. I’m using the following for my lab:<\/p>\n\n\n\n\n
\n
![\"\"](\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2019\/01\/2019-01-21_11-16-07-1024x559.png?resize=640%2C349\")
<\/a><\/figure>\n\n\n\n![\"\"](\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2019\/01\/2019-01-21_10-08-39.png?resize=640%2C702\")
<\/a><\/figure>\n\n\n\n![\"\"](\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2019\/01\/2019-01-20_23-11-09.png?resize=640%2C416\")
<\/a><\/figure>\n\n\n\nsystem appliance_access enable<\/pre>\n\n\n\n
![\"\"](\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2019\/01\/2019-01-20_17-23-05-1024x559.png?resize=640%2C349\")
<\/a><\/figure>\n\n\n\n
![\"\"](\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2019\/01\/2019-01-20_23-05-52-1024x559.png?resize=640%2C349\")
<\/a><\/figure>\n\n\n\n![\"\"](\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2019\/01\/2019-01-20_23-02-09-1024x559.png?resize=640%2C349\")
<\/a><\/figure>\n\n\n\n![\"\"](\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2019\/01\/2019-01-21_11-37-19-1024x559.png?resize=640%2C349\")
<\/a><\/figure>\n\n\n\n![\"\"](\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2019\/01\/2019-01-21_14-08-49.png?resize=570%2C343\")
<\/figure>\n\n\n\n