VirtualBox

1. Information

See https://www.nakivo.com/blog/virtualbox-network-setting-guide.
See https://forums.virtualbox.org/viewtopic.php?t=88463.

2. Sophos Firewall

Enter the following commands at a Command Prompt with administrative privileges.

cd "C:\Program Files\Oracle\VirtualBox"
VBoxManage.exe list dhcpservers
VBoxManage.exe dhcpserver remove --netname LAN-Default
VBoxManage.exe dhcpserver add --netname LAN-Default --ip 172.16.16.100 --netmask 255.255.255.0 --lowerip 172.16.16.101 --upperip 172.16.16.254 --enable
VBoxManage.exe list dhcpservers
VBoxManage.exe list intnets
home

Create a Sophos XGS Firewall vm connected to the following networks.
- Adapter 1: Internal network: LAN-Default
- Adapter 2: NAT
- Adapter 3: Internal network: DMZ
- Adapter 4: Not Attached
Create a Windows 10 Enterprise 22H2 vm connected to the DMZ internal network.
Create a Windows 10 Enterprise 22H2 vm connected to the LAN internal network.
Create a Windows 10 Enterprise 22H2 vm connected to the LAN-Default internal network.

Browse to https://www.sophos.com/en-us/products/next-gen-firewall/free-trial.

First Name              Douwe
Last Name               Kiestra
Business Email          douwe@shoklo-unit.com
Company                 SMRU
Number of Employees     101-250
Job role                IT Director/Manager
Phone number            12345678
Country                 Thailand
Province                Tak
■ I agree to all the terms and conditions in the Sophos End User Terms of Use

Click Submit.

You can start your 30-day free trial now.
Sophos Firewall Serial Number: V01001V2T3J3W69

Type AA for Device Activation and press Enter.
Type V01001V2T3J3W69 for the Serial Number and press Enter.
Type V01001V2T3J3W69 for the Confirm Serial Number and press Enter.
Press Enter.

Browse to https://172.16.16.16:4444.
Check I accept the Sophos End User Terms of Use.
Click Start setup.
Type the Sophos Firewall - Login password stored in the KeePass Password Manager in the Default administrator’s new password field.
Type the Sophos Firewall - Login password stored in the KeePass Password Manager in the Reenter the password field.
Check Install the latest firmware automatically during setup (recommended).
Click Continue.
Type the Sophos Firewall - Secure Storage Master Key key stored in the KeePass Password Manager in the Create secure storage master key field.
Type the Sophos Firewall - Secure Storage Master Key key stored in the KeePass Password Manager in the Repeat the master key field.
Check I have stored the master key in a password manager or another secure location.
Click Continue.

Type VBOX-SFW-MRM in the Firewall name field.
Select Asia/Bangkok for the Time zone.
Click Continue.

Choose I have an existing serial number.

Check I do not want to register now.

Register your firewall

Every firewall must have a serial number. We can get one for you automatically.
Alternatively, if you have an unused serial number, you can specify it here.

● I have an existing serial number
  V01001V2T3J3W69
  Once you register the firewall, you cannot change the serial number.
  If you have more than one serial number, make sure that you choose the correct one.
  Home users must use an Sophos Firewall Home Use serial number obtained from here
  https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx

○ I don’t have a serial number (start a trial).
  You will automatically receive a serial number and a 30-day trial period.
  During this period, you can test the full functionality of Sophos Firewall.
  Do not use this option for home use.

○ I would like to migrate my UTM 9 license now
  You will receive a serial number automatically.
  Your equivalent UTM 9 license will be converted and applied to the Sophos Firewall.
  This is not reversible. If you are not sure about migrating now, click "Start a trial".
  You can migrate the license after you test Sophos Firewall.

■ I do not want to register now
  You can skip registration for now.
  A reminder to register will appear during your next login.
  You can continue without registration for another 30 days.

Click Continue.

Xstream Protection bundle       Status          Expiraton date
Base Firewall                   Evaluating      -
Network Protection              Evaluating      -
Web Protection                  Evaluating      -
NDR Essentiald for Firewall     Evaluating      -
Zero-Day Protection             Evaluating      -
Central Orchestration           Evaluating      -
DNS Protection                  Evaluating      -

A-la-carte subscription modules Status          Expiration date
Email Protection                Evaluating      -
Web Server Protection           Evaluating      -
Enhanced Support                Not evaluating  -
Enhanced Plus Support           Not evaluating  -

Uncheck Opt in to the customer experience improvement program.
Click Continue.

Select Port1 in the Port dropdown list.
Select This firewall (route mode) in the Choose gateway dropdown list.
Type 10.20.1.170 in the LAN IP address field.
Check Enable DHCP.

Type 10.20.1.50 - 10.20.1.169 in DHCP lease range fields.

Port                    Port1

Choose gateway          This firewall (route mode)
LAN IP address          10.20.1.170/24

■ Enable DHCP
DHCP lease range        10.20.1.50 - 10.20.1.169

Click Continue.

□ Protect users from network threats
□ Protect users from the suspicious and malicious websites
□ Scan files that were downloaded from the web for malware
□ Send suspicious files to zero-day protection

Click Continue.

Type smru-it@shoklo-unit.com in the Recipient’s email address field.
Type vbox-sfw-mrm@shoklo-unit.com in Sender’s email address field.
Check Send configuration backup every week.
Type the Sophos Firewall - Backup Encryption Password password stored in the KeePass Password Manager in the Encryption password field.
Type the Sophos Firewall - Backup Encryption Password password stored in the KeePass Password Manager in the Confirm encryption password field.
Check Use external mail server.
Type eu-smtp-outbound-1.mimecast.com in the Mail server IPv4 address/FQDN.
Type 465 in the Port (Default - 25) field.
Check Requires an encrypted TLS connection.
Check Authentication required.
Type relay@shoklo-unit.com in Username field.

Type the Special Email Accounts > Office 365 - relay@shoklo-unit.com password stored in the KeePass Password Manager in the Password field.

Recipient’s email address                       smru-it@shoklo-unit.com
Sender’s email address                          vbox-sfw-mrm@shoklo-unit.com

■ Send configuration backup every week
Encryption password                             ********
Confirm encryption password                     ********

■ Use external mail server

Mail server IPv4 address/FQDN                   eu-smtp-outbound-1.mimecast.com
Port (Default - 465)                            465

□ Encrypt the connection when possible
■ Requires an encrypted TLS connection
■ Authentication required

Username                                        relay@shoklo-unit.com
Password                                        ********

Click Continue.
Click Finish.
Wait for the Sophos Firewall to apply its settings.
Wait for the Sophos Firewall to finish its restart.

Start a Windows 10 Enterprise 22H2 vm connected to the LAN internal network.
Browse to https://10.20.1.170:4444.