{"id":1794,"date":"2023-04-23T17:03:00","date_gmt":"2023-04-23T21:03:00","guid":{"rendered":"https:\/\/ithinkvirtual.com\/?p=1794"},"modified":"2023-04-26T18:57:39","modified_gmt":"2023-04-26T22:57:39","slug":"nested-vsphere-home-lab-part-1-sophos-firewall","status":"publish","type":"post","link":"https:\/\/ithinkvirtual.com\/2023\/04\/23\/nested-vsphere-home-lab-part-1-sophos-firewall\/","title":{"rendered":"Nested vSphere Home Lab \u2013 Part 1 \u2013 Sophos Firewall"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">intro<\/h2>\n\n\n\n<p>Welcome to Part 1 of my Nested vSphere Home Lab Series.&nbsp; In my <a href=\"https:\/\/ithinkvirtual.com\/2023\/03\/24\/nested-vsphere-home-lab-series-2023\/\">previous post<\/a>, I went over the gist of what I plan to do for my nested&nbsp;Nested <a href=\"https:\/\/www.vmware.com\/products\/vsphere.html\">vSphere<\/a> Home Lab.&nbsp; In this post, I will cover the setup and configuration of a <a href=\"https:\/\/www.sophos.com\/en-us\/products\/free-tools\/sophos-xg-firewall-home-edition.aspx\">Sophos XG Firewall Home Edition<\/a> which will serve as the router for my nested lab environment.&nbsp; My physical Home Lab is configured with Virtual Distributed Switches, or VDS (sometimes seen as DVS) for short, and since this is a nested lab environment that will not have any physical uplinks connected, I will need to create a new VDS without physical uplinks connected to it along with a portgroup for the nested environment and then configure access to the environment from my LAN.&nbsp; This can also be configured on a Virtual Standard Switch, or VSS for short, in the same fashion.&nbsp; All network traffic will flow through the virtual router\/firewall to communicate to and from the nested lab.&nbsp; Afterward, I&#8217;ll cover the Active Directory Server setup.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Router<\/h3>\n\n\n\n<p><strong>Prerequisites:<\/strong><\/p>\n\n\n\n<ul>\n<li>VDS and portgroup without physical uplinks\n<ul>\n<li>Set the VLAN type for this portgroup to VLAN Trunking with the range of 0-4094 to allow all VLANs to trunk through<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Static route to access the nested lab from my LAN\n<ul>\n<li>Once you determine the subnets you\u2019d like to use for the nested lab, add a static route summary on your physical router<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-03-24_14-34-35.png?ssl=1\" data-rel=\"lightbox-image-0\" data-magnific_type=\"image\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"372\" src=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-03-24_14-34-35.png?resize=640%2C372&#038;ssl=1\" alt=\"\" class=\"wp-image-1797\" srcset=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-03-24_14-34-35.png?w=1024&amp;ssl=1 1024w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-03-24_14-34-35.png?resize=300%2C174&amp;ssl=1 300w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-03-24_14-34-35.png?resize=768%2C447&amp;ssl=1 768w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-03-24_14-34-35.png?resize=1536%2C893&amp;ssl=1 1536w\" sizes=\"(max-width: 640px) 100vw, 640px\" data-recalc-dims=\"1\" \/><\/a><\/figure><\/div>\n\n\n<p>I have a bunch of VLANs created for my physical Home Lab along with a little VMware <a href=\"https:\/\/www.vmware.com\/products\/nsx.html\">NSX<\/a> in there as well, serving physical and virtual network portgroups\/segments to my lab.&nbsp; With that said, one of the VLANs I have is for \u201clab\u201d work, such as this so I\u2019ll be connecting one uplink from the router to this VLAN which will serve as the WAN interface while the other uplink will be connected to the new nested portgroup to serve as the LAN for the nested lab.&nbsp; I\u2019ll describe the basics for deploying the Sophos XG firewall, but will not go into full detail as this is pretty trivial and can be deployed using the following <a href=\"https:\/\/www.linkedin.com\/pulse\/configuring-sophos-xg-firewall-vmware-esxi-kelvin-charles?trk=pulse_spock-articles\">guide<\/a>&nbsp;as a reference.<\/p>\n\n\n\n<ul>\n<li>OS: Other 6.x or later Linux<\/li>\n\n\n\n<li>CPU: 1 (add more as needed \u2013 max supported is 4 in the home edition)<\/li>\n\n\n\n<li>RAM: 4GB (add more as needed \u2013 max supported is 6GB in the home edition)<\/li>\n\n\n\n<li>Disk: 16GB thin (you may make this smaller if you\u2019d like)<\/li>\n\n\n\n<li>Network Adapter 1: LAN portgroup (nested)<\/li>\n\n\n\n<li>Network Adapter 2: WAN portgroup<\/li>\n\n\n\n<li>Boot: BIOS (will not boot if you keep as EFI)<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-15-53.png?ssl=1\" data-rel=\"lightbox-image-1\" data-magnific_type=\"image\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"524\" src=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-15-53.png?resize=640%2C524&#038;ssl=1\" alt=\"\" class=\"wp-image-1800\" srcset=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-15-53.png?w=877&amp;ssl=1 877w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-15-53.png?resize=300%2C246&amp;ssl=1 300w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-15-53.png?resize=768%2C629&amp;ssl=1 768w\" sizes=\"(max-width: 640px) 100vw, 640px\" data-recalc-dims=\"1\" \/><\/a><\/figure><\/div>\n\n\n<p>Once the VM has been deployed, the Sophos XG will be configured with a&nbsp;<strong>172.16.16.1<\/strong>6&nbsp;address by default.&nbsp; This will need to be changed to the subnet you\u2019re using for your nested LAN interface.&nbsp; Login to the console with the default (<strong>admin \u2013 admin<\/strong>) credentials, and choose the option for Network Configuration to change the IP for your nested LAN port.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-19-50.png?ssl=1\" data-rel=\"lightbox-image-2\" data-magnific_type=\"image\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"417\" src=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-19-50.png?resize=640%2C417&#038;ssl=1\" alt=\"\" class=\"wp-image-1801\" srcset=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-19-50.png?w=737&amp;ssl=1 737w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-19-50.png?resize=300%2C195&amp;ssl=1 300w\" sizes=\"(max-width: 640px) 100vw, 640px\" data-recalc-dims=\"1\" \/><\/a><\/figure><\/div>\n\n\n<p>Once this is done, you would normally navigate to that address on port&nbsp;<strong>4444<\/strong>&nbsp;to access the admin GUI.&nbsp; Unfortunately, this will not work since the LAN side has no physical uplinks.&nbsp; So what do we do?&nbsp; We need to run a command to enable admin access on the WAN port.&nbsp; To do so, choose&nbsp;<strong>option 4<\/strong>&nbsp;to enter the device console and enter the following command:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" style=\"font-size:.875rem;line-height:1.25rem\"><span role=\"button\" tabindex=\"0\" data-code=\"system appliance_access enable\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\"><code><span class=\"line\"><span style=\"color: #D4D4D4\">system <\/span><span style=\"color: #CE9178\">appliance_access<\/span><span style=\"color: #D4D4D4\"> <\/span><span style=\"color: #CE9178\">enable<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#1E1E1E;color:#c7c7c7;font-size:12px;line-height:1;position:relative\">ShellScript<\/span><\/div>\n\n\n\n<p>The WAN port is set to grab an address from DHCP so you\u2019ll need to determine which IP address this is either by going into your physical router, or using a tool like Angry IP.&nbsp; Once in the Admin GUI, navigate to&nbsp;<strong>Administration &gt; Device Access<\/strong>&nbsp;and tick the box for WAN under the HTTPS column.&nbsp; See this&nbsp;<a href=\"https:\/\/community.sophos.com\/kb\/en-us\/123542\">post<\/a>&nbsp;for reference.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-48-22.png?ssl=1\" data-rel=\"lightbox-image-3\" data-magnific_type=\"image\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"372\" src=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-48-22.png?resize=640%2C372&#038;ssl=1\" alt=\"\" class=\"wp-image-1802\" srcset=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-48-22.png?w=1024&amp;ssl=1 1024w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-48-22.png?resize=300%2C174&amp;ssl=1 300w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-48-22.png?resize=768%2C447&amp;ssl=1 768w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_22-48-22.png?resize=1536%2C893&amp;ssl=1 1536w\" sizes=\"(max-width: 640px) 100vw, 640px\" data-recalc-dims=\"1\" \/><\/a><\/figure><\/div>\n\n\n<p>Now, we can create our VLANs for our nested environment.&nbsp; I\u2019m using the following for my lab:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>VLAN<\/strong><\/td><td><strong>Subnet<\/strong><\/td><td><strong>Purpose<\/strong><\/td><\/tr><tr><td>0<\/td><td>10.100.1.1\/24<\/td><td>Management<\/td><\/tr><tr><td>1010<\/td><td>10.100.10.1\/24<\/td><td>vMotion<\/td><\/tr><tr><td>1020<\/td><td>10.100.20.1\/24<\/td><td>VSAN<\/td><\/tr><tr><td>1030<\/td><td>10.100.30.1\/24<\/td><td>TEP<\/td><\/tr><tr><td>1040<\/td><td>10.100.40.1\/24<\/td><td>Uplink<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Navigate to&nbsp;<strong>Networking<\/strong>&nbsp;and select&nbsp;<strong>Add Interface &gt; VLAN<\/strong>&nbsp;to create each of your networks.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-05-50.png?ssl=1\" data-rel=\"lightbox-image-4\" data-magnific_type=\"image\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"372\" src=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-05-50.png?resize=640%2C372&#038;ssl=1\" alt=\"\" class=\"wp-image-1803\" srcset=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-05-50.png?w=1024&amp;ssl=1 1024w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-05-50.png?resize=300%2C174&amp;ssl=1 300w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-05-50.png?resize=768%2C447&amp;ssl=1 768w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-05-50.png?resize=1536%2C893&amp;ssl=1 1536w\" sizes=\"(max-width: 640px) 100vw, 640px\" data-recalc-dims=\"1\" \/><\/a><\/figure><\/div>\n\n\n<p>With our VLANs created, we\u2019ll need to create two firewall rules to allow traffic from the WAN port to access the LAN, as well as to allow traffic from LAN to LAN. Navigate to&nbsp;<strong>Rules and policies &gt; Add firewall rule<\/strong> and create the following rules.&nbsp; Choose something easy to label them as which makes sense to you.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-09-20.png?ssl=1\" data-rel=\"lightbox-image-5\" data-magnific_type=\"image\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"372\" src=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-09-20.png?resize=640%2C372&#038;ssl=1\" alt=\"\" class=\"wp-image-1804\" srcset=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-09-20.png?w=1024&amp;ssl=1 1024w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-09-20.png?resize=300%2C174&amp;ssl=1 300w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-09-20.png?resize=768%2C447&amp;ssl=1 768w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-09-20.png?resize=1536%2C893&amp;ssl=1 1536w\" sizes=\"(max-width: 640px) 100vw, 640px\" data-recalc-dims=\"1\" \/><\/a><\/figure><\/div>\n\n\n<p>This is where the static route will now be useful to access your nested lab.&nbsp; I\u2019ve configured a route summary of&nbsp;<strong>10.100.0.0\/16<\/strong>&nbsp;to go through the IP address of the WAN interface as the gateway so that I can access the Admin UI at&nbsp;<strong>https:\/\/10.100.1.1:4444<\/strong>&nbsp;as well.&nbsp; I\u2019ll now also be able to access the ESXi UI and VCSA UI, once they are stood up.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"314\" src=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-23-44.png?resize=640%2C314&#038;ssl=1\" alt=\"\" class=\"wp-image-1806\" srcset=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-23-44.png?w=1024&amp;ssl=1 1024w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-23-44.png?resize=300%2C147&amp;ssl=1 300w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-23-44.png?resize=768%2C377&amp;ssl=1 768w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-23-44.png?resize=1536%2C754&amp;ssl=1 1536w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-23-44.png?resize=2048%2C1005&amp;ssl=1 2048w\" sizes=\"(max-width: 640px) 100vw, 640px\" data-recalc-dims=\"1\" \/><\/figure><\/div>\n\n\n<p>The final thing I will be doing is enabling the native&nbsp;<strong>MAC Learning<\/strong> functionality that was introduced in vSphere 6.7, so that I do not need to enable Promiscuous Mode, which has normally been a requirement for the Nested portgroup and nested labs in general&#8230;and in some cases it still is!&nbsp; To learn more about how to do this, see this <a href=\"https:\/\/www.virtuallyghetto.com\/2018\/04\/native-mac-learning-in-vsphere-6-7-removes-the-need-for-promiscuous-mode-for-nested-esxi.html\">thread<\/a>.&nbsp; In my setup, I ran the following to enable this on my nested VDS portgroup:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" data-code-block-pro-font-family=\"\" style=\"font-size:.875rem;line-height:1.25rem\"><span role=\"button\" tabindex=\"0\" data-code=\"Set-MacLearn -DVPortgroupName @(&quot;vds1-nested-trunk&quot;) -EnableMacLearn $true -EnablePromiscuous $false -EnableForgedTransmit $true -EnableMacChange $false\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\"><code><span class=\"line\"><span style=\"color: #DCDCAA\">Set-MacLearn<\/span><span style=\"color: #D4D4D4\"> -DVPortgroupName <\/span><span style=\"color: #569CD6\">@<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #CE9178\">&quot;vds1-nested-trunk&quot;<\/span><span style=\"color: #D4D4D4\">) -EnableMacLearn <\/span><span style=\"color: #569CD6\">$true<\/span><span style=\"color: #D4D4D4\"> -EnablePromiscuous <\/span><span style=\"color: #569CD6\">$false<\/span><span style=\"color: #D4D4D4\"> -EnableForgedTransmit <\/span><span style=\"color: #569CD6\">$true<\/span><span style=\"color: #D4D4D4\"> -EnableMacChange <\/span><span style=\"color: #569CD6\">$false<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#1E1E1E;color:#c7c7c7;font-size:12px;line-height:1;position:relative\">PowerShell<\/span><\/div>\n\n\n\n<p>To check that it was indeed set correctly, I ran the following:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled\" style=\"font-size:.875rem;line-height:1.25rem\"><span role=\"button\" tabindex=\"0\" data-code=\"Get-MacLearn -DVPortgroupName @(&quot;vds1-nested-trunk&quot;)\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\"><code><span class=\"line\"><span style=\"color: #DCDCAA\">Get-MacLearn<\/span><span style=\"color: #D4D4D4\"> -DVPortgroupName <\/span><span style=\"color: #569CD6\">@<\/span><span style=\"color: #D4D4D4\">(<\/span><span style=\"color: #CE9178\">&quot;vds1-nested-trunk&quot;<\/span><span style=\"color: #D4D4D4\">)<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#1E1E1E;color:#c7c7c7;font-size:12px;line-height:1;position:relative\">PowerShell<\/span><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-40-06.png?ssl=1\" data-rel=\"lightbox-image-6\" data-magnific_type=\"image\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"205\" src=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-40-06.png?resize=640%2C205&#038;ssl=1\" alt=\"\" class=\"wp-image-1810\" srcset=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-40-06.png?w=994&amp;ssl=1 994w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-40-06.png?resize=300%2C96&amp;ssl=1 300w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-40-06.png?resize=768%2C246&amp;ssl=1 768w\" sizes=\"(max-width: 640px) 100vw, 640px\" data-recalc-dims=\"1\" \/><\/a><\/figure><\/div>\n\n\n<p>Alternatively &#8211; now available in vSphere 8.0, you have the ability to enable MAC Leaning directly via the vCenter UI as well!!<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><a href=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-28-52.png?ssl=1\" data-rel=\"lightbox-image-7\" data-magnific_type=\"image\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"372\" src=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-28-52.png?resize=640%2C372&#038;ssl=1\" alt=\"\" class=\"wp-image-1807\" srcset=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-28-52.png?w=1024&amp;ssl=1 1024w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-28-52.png?resize=300%2C174&amp;ssl=1 300w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-28-52.png?resize=768%2C447&amp;ssl=1 768w, https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-21_23-28-52.png?resize=1536%2C893&amp;ssl=1 1536w\" sizes=\"(max-width: 640px) 100vw, 640px\" data-recalc-dims=\"1\" \/><\/a><\/figure><\/div>\n\n\n<p>&nbsp;And there you have it!&nbsp; In the next post, I will go over configuring an Active Directory server for the nested lab!<\/p>\n\n\n\n<p>&#8211;virtualex<\/p>\n<div class=\"pvc_clear\"><\/div><p id=\"pvc_stats_1794\" class=\"pvc_stats all  \" data-element-id=\"1794\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif?resize=16%2C16&#038;ssl=1\" border=0 data-recalc-dims=\"1\" \/><\/p><div class=\"pvc_clear\"><\/div>","protected":false},"excerpt":{"rendered":"<p>intro Welcome to Part 1 of my Nested vSphere Home Lab Series.&nbsp; In my previous post, I went over the gist of what I plan to do for my nested&nbsp;Nested vSphere Home Lab.&nbsp; In this post, I will cover the setup and configuration of a Sophos XG Firewall Home Edition which will serve as the&#8230;<\/p>\n<div class=\"pvc_clear\"><\/div>\n<p id=\"pvc_stats_1794\" class=\"pvc_stats all  \" data-element-id=\"1794\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/ithinkvirtual.com\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"author":1,"featured_media":1832,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"Check out my latest post in my nested @VMwarevSphere #homelab series. @vExpert #vexpert","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[2,9],"tags":[4,11,43,19,33,52,55],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/i0.wp.com\/ithinkvirtual.com\/wp-content\/uploads\/2023\/04\/2023-04-23_15-09-59.png?fit=1024%2C595&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p7k0Z6-sW","jetpack-related-posts":[],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/ithinkvirtual.com\/wp-json\/wp\/v2\/posts\/1794"}],"collection":[{"href":"https:\/\/ithinkvirtual.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ithinkvirtual.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ithinkvirtual.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ithinkvirtual.com\/wp-json\/wp\/v2\/comments?post=1794"}],"version-history":[{"count":26,"href":"https:\/\/ithinkvirtual.com\/wp-json\/wp\/v2\/posts\/1794\/revisions"}],"predecessor-version":[{"id":1885,"href":"https:\/\/ithinkvirtual.com\/wp-json\/wp\/v2\/posts\/1794\/revisions\/1885"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ithinkvirtual.com\/wp-json\/wp\/v2\/media\/1832"}],"wp:attachment":[{"href":"https:\/\/ithinkvirtual.com\/wp-json\/wp\/v2\/media?parent=1794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ithinkvirtual.com\/wp-json\/wp\/v2\/categories?post=1794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ithinkvirtual.com\/wp-json\/wp\/v2\/tags?post=1794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}