diff --git a/salt/salt/cloud/cloud.profiles.d/socloud.conf.jinja b/salt/salt/cloud/cloud.profiles.d/socloud.conf.jinja
index 20c12d28f..00b1a76c1 100644
--- a/salt/salt/cloud/cloud.profiles.d/socloud.conf.jinja
+++ b/salt/salt/cloud/cloud.profiles.d/socloud.conf.jinja
@@ -44,10 +44,12 @@ sool9-{{host}}:
   # if calling states with pillar values, need to pass them in since minion pillars are not set until setup.virt.sominion state runs
   inline_script:
     - |
-      sudo salt-call state.apply salt.mine_functions \
+      salt-call state.apply salt.mine_functions \
+        pillar='{"host": {"mainint": "enp1s0"}}'
+    - salt-call mine.update
+    - |
+      salt-call state.apply setup.virt \
         pillar='{"host": {"mainint": "enp1s0"}}'
-    - 'sudo salt-call mine.update'
-    - 'sudo salt-call state.apply setup.virt'
   # grains to add to the minion
 
 {%-   endfor %}
diff --git a/salt/sensor/init.sls b/salt/sensor/init.sls
index 730a7c7ad..4008879e9 100644
--- a/salt/sensor/init.sls
+++ b/salt/sensor/init.sls
@@ -1,3 +1,21 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{% if 'hvn' in salt['pillar.get']('features') and salt['grains.get']('salt-cloud', {}) %}
+
+include:
+  - sensor.vm.network
+
+{% endif %}
+
 offload_script:
   file.managed:
     - name: /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable
diff --git a/salt/sensor/vm/network.sls b/salt/sensor/vm/network.sls
new file mode 100644
index 000000000..f056e307a
--- /dev/null
+++ b/salt/sensor/vm/network.sls
@@ -0,0 +1,70 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{% if 'hvn' in salt['pillar.get']('features', []) %}
+
+{% set mainint = salt['pillar.get']('host:mainint', 'enp1s0') %}
+{% set interfaces = salt['network.interfaces']() %}
+{% set non_enp1s0_interfaces = [] %}
+{% for iface, data in interfaces.items() %}
+  {% if iface != mainint and not iface.startswith(('veth', 'docker', 'lo', 'br', 'sobridge', 'bond')) %}
+    {% do non_enp1s0_interfaces.append(iface) %}
+  {% endif %}
+{% endfor %}
+
+# Create bond0 interface with NetworkManager
+bond0_interface:
+  cmd.run:
+    - name: |
+        nmcli con add type bond \
+          con-name bond0 \
+          ifname bond0 \
+          mode 0 \
+          miimon 100 \
+          ipv4.method disabled \
+          ipv6.method ignore \
+          ipv6.addr-gen-mode default \
+          connection.autoconnect yes
+        nmcli con mod bond0 ethernet.mtu 9000
+        nmcli con up bond0
+{% if non_enp1s0_interfaces|length > 0 %}
+    - require_in:
+{% for iface in non_enp1s0_interfaces %}
+      - cmd: {{ iface }}_slave
+{% endfor %}
+{% endif %}
+
+# Configure non-enp1s0 interfaces as bond slaves first
+{% if non_enp1s0_interfaces|length > 0 %}
+{% for iface in non_enp1s0_interfaces %}
+{{ iface }}_slave:
+  cmd.run:
+    - name: |
+        nmcli con add type ethernet \
+          con-name bond0-slave-{{ iface }} \
+          ifname {{ iface }} \
+          master bond0 \
+          slave-type bond \
+          ethernet.mtu 9000
+        nmcli con up bond0-slave-{{ iface }}
+
+{% endfor %}
+{% endif %}
+
+{% else %}
+{{sls}}_no_license_detected:
+  test.fail_without_changes:
+    - name: {{sls}}_no_license_detected
+    - comment:
+      - "Hypervisor nodes are a feature supported only for customers with a valid license.
+      Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com
+      for more information about purchasing a license to enable this feature."
+{% endif %}
diff --git a/salt/setup/virt/init.sls b/salt/setup/virt/init.sls
index 9c173a78e..65a514ae8 100644
--- a/salt/setup/virt/init.sls
+++ b/salt/setup/virt/init.sls
@@ -1,5 +1,9 @@
+{% set role = grains.id.split("_") | last %}
 include:
   - setup.virt.setHostname
   - setup.virt.sominion
   - common.packages # python3-dnf-plugin-versionlock
+{% if role in ['sensor', 'heavynode'] %}
+  - sensor.vm.network
+{% endif %}
   - setup.virt.setSalt