I am running Sophos-UTM in Hyper-V and i needed a TRUNK port to the virtual machine so i can do vlan tagging. Here is the powershell code to implement it.
Example with Place Holders
get-vmnetworkadapter -vmname NAME_OF_VM | where-object -property MacAddress -eq "MAC_ADDR_OF_NIC" | set-vmnetworkadaptervlan -Trunk -AllowedVlanIdList Start-End NativeVlanID DEFAULT_VLAN
Example with Real Data
get-vmnetworkadapter -vmname Sophos-UTM | where-object -property MacAddress -eq "1234567890AB" | set-vmnetworkadaptervlan -Trunk -AllowedVlanIdList 10-20 NativeVlanID 10
Hi there,
I used a very similar technique to set-up a Sophos UTM HA Cluster as a back-end firewall, separating internal networks using VLANs, with the internal VLAN interface on the Sophos UTM as the default gateway for each network.
This all work very well indeed once I got it working using powershell – but using Windows 2012 R2 Hyper-V I find that the UTM fail-over for MASTER -> SLAVE on the UTM seems to be erratic in terms of reliability when using this configuration. I find that I have to go to the settings of the UTM that should now be MASTER, then disconnect the VLAN network adapter and then reconnect it for the network connectivity to be restored/failed over to that node…. if I don’t do that then although the SLAVE becomes the MASTER the internal VMs cannot see the UTM (now MASTER) on it’s gateway address, thus losing connectivity – somewhat defeating the purpose of the fail-over.
Not fully sure what is causing it but 2012 R2 is not officially supported so I can’t get any help from Sophos – straight refusal. A shame. (I didn’t get this using ESXi)
I don’t suppose you have seen anything like this in your work with VLANing with Hyper-V?
Cheers
James
I only have a single unit so i have not tested HA or failover.