I recently setup the Sophos firewall as a VM in VMware ESXi 8. Sophos offers this for free for home users with limitations around how much memory and CPUs can be used.
When deploying this, or really any other virtual firewall in VMware, there are a few things to consider. First, just like a physical firewall appliance, you’ll want at least a minimum of two physical ethernet ports on the VMware host. This will allow you to use a traditional “inside” and “outside” interface. Next, if your VMware host has multiple ethernet ports, it is worth identifying what those ports are ahead of time before deploying the VM. This can be done by plugging in each cable on the physical host and checking what port lights up in the VMware console under the Network Management settings. Make a note of which ports they are.
Before deploying the VM, you can prepare the network settings in VMware for this. You’ll want to have two separate virtual switches, each associated with their own physical ethernet port. I created one vswitch for “inside” and another for “outside”. Next, I created two ports groups, also one for inside and outside and attached them to the appropriate virtual switch.
Here are the virtual switches:
Here are the Port Groups:
Now, when deploying the VM, add two network adapters and assign one to the inside port group and the other to the outside port group.