Hello,
I have a Sophos XG appliance and an ESXi 7.0 host directly connected to the appliance (i.e. no physical switches in between).
I want to isolate the VMs on the ESXi host so that they should not be able to communicate internally unless explicitly allowed. The VMs should only be able to connect to internet.
On the ESXi side each VM has been assigned to a separate Port Group with a different VLAN ID and those port groups are connected to a common Standard vSwitch. The vSwitch has is connected to a physical NIC which links directly to Port 1 of Sophos XG appliance.
On Sophos side, I have setup NAT rules to forward HTTP & HTTPs ports from WAN IPs to individual VMs. With this setup the neither are the VMs able to connect to internet nor are they accessible from internet. If I remove VLAN Ids from PortGroups of VMs, then internet starts working.
The question is, what configuration needs to be done in Sophos XG in order to allow internet to VMs but isolate the traffic across VLANs.
Note: I am new to VMWare as well as VLAN configuration in Sophos. I have experience in managing NAT and simple firewall rules.
This thread was automatically locked due to age.
