diff --git a/qubesmanager/settings.py b/qubesmanager/settings.py
index e17a9f6..6d267b1 100644
--- a/qubesmanager/settings.py
+++ b/qubesmanager/settings.py
@@ -317,10 +317,15 @@ class VMSettingsWindow(ui_settingsdlg.Ui_SettingsDialog, QtWidgets.QDialog):
 
     def check_network_availability(self):
         netvm = self.vm.netvm
-        self.no_netvm_label.setVisible(netvm is None)
+        try:
+            provides_network = self.vm.provides_network
+        except AttributeError:
+            provides_network = False
+        self.no_netvm_label.setVisible(netvm is None and not provides_network)
         self.netvm_no_firewall_label.setVisible(
             netvm is not None and
             not netvm.features.check_with_template('qubes-firewall', False))
+        self.sysnet_warning_label.setVisible(netvm is None and provides_network)
 
     def current_tab_changed(self, idx):
         if idx == self.tabs_indices["firewall"]:
diff --git a/ui/settingsdlg.ui b/ui/settingsdlg.ui
index e834443..5a7da54 100644
--- a/ui/settingsdlg.ui
+++ b/ui/settingsdlg.ui
@@ -907,6 +907,67 @@ The qube must be running to disable seamless mode; this setting is not persisten
          <string>Firewall rules</string>
         </attribute>
         <layout class="QGridLayout" name="gridLayout_8">
+         <item row="9" column="0">
+          <widget class="QWidget" name="tempFullAccessWidget" native="true">
+           <property name="enabled">
+            <bool>true</bool>
+           </property>
+           <layout class="QGridLayout" name="gridLayout_6">
+            <property name="leftMargin">
+             <number>0</number>
+            </property>
+            <property name="topMargin">
+             <number>0</number>
+            </property>
+            <property name="bottomMargin">
+             <number>0</number>
+            </property>
+            <item row="1" column="0">
+             <widget class="QCheckBox" name="temp_full_access">
+              <property name="text">
+               <string>Allow full access for </string>
+              </property>
+             </widget>
+            </item>
+            <item row="1" column="1">
+             <widget class="QSpinBox" name="temp_full_access_time">
+              <property name="suffix">
+               <string> min</string>
+              </property>
+              <property name="value">
+               <number>5</number>
+              </property>
+             </widget>
+            </item>
+            <item row="1" column="2">
+             <spacer name="horizontalSpacer_2">
+              <property name="orientation">
+               <enum>Qt::Horizontal</enum>
+              </property>
+              <property name="sizeHint" stdset="0">
+               <size>
+                <width>40</width>
+                <height>20</height>
+               </size>
+              </property>
+             </spacer>
+            </item>
+           </layout>
+          </widget>
+         </item>
+         <item row="10" column="0" colspan="2">
+          <widget class="QLabel" name="label_22">
+           <property name="text">
+            <string>NOTE:  To block all network access, set Networking to (none) on the Basic settings tab. This tab provides a very simplified firewall configuration. All DNS requests and ICMP (pings) will be allowed. For more granular control, use the command line tool qvm-firewall.</string>
+           </property>
+           <property name="alignment">
+            <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter</set>
+           </property>
+           <property name="wordWrap">
+            <bool>true</bool>
+           </property>
+          </widget>
+         </item>
          <item row="0" column="0">
           <widget class="QLabel" name="no_netvm_label">
            <property name="palette">
@@ -961,6 +1022,20 @@ The qube must be running to disable seamless mode; this setting is not persisten
            </property>
           </widget>
          </item>
+         <item row="6" column="0" colspan="2">
+          <widget class="Line" name="line">
+           <property name="orientation">
+            <enum>Qt::Horizontal</enum>
+           </property>
+          </widget>
+         </item>
+         <item row="7" column="0">
+          <widget class="QLabel" name="firewal_rules_label">
+           <property name="text">
+            <string>List of allowed (whitelisted) addresses:</string>
+           </property>
+          </widget>
+         </item>
          <item row="1" column="0">
           <widget class="QLabel" name="netvm_no_firewall_label">
            <property name="palette">
@@ -1063,42 +1138,7 @@ The qube must be running to disable seamless mode; this setting is not persisten
            </property>
           </widget>
          </item>
-         <item row="3" column="0">
-          <layout class="QHBoxLayout" name="horizontalLayout_5">
-           <item>
-            <widget class="QRadioButton" name="policy_allow_radio_button">
-             <property name="text">
-              <string>Allow all outgoing Internet connections</string>
-             </property>
-            </widget>
-           </item>
-           <item>
-            <widget class="QRadioButton" name="policy_deny_radio_button">
-             <property name="toolTip">
-              <string>Changing firewall settings does NOT affect existing connections.</string>
-             </property>
-             <property name="text">
-              <string>Limit outgoing Internet connections to ...</string>
-             </property>
-            </widget>
-           </item>
-          </layout>
-         </item>
-         <item row="5" column="0" colspan="2">
-          <widget class="Line" name="line">
-           <property name="orientation">
-            <enum>Qt::Horizontal</enum>
-           </property>
-          </widget>
-         </item>
-         <item row="6" column="0">
-          <widget class="QLabel" name="firewal_rules_label">
-           <property name="text">
-            <string>List of allowed (whitelisted) addresses:</string>
-           </property>
-          </widget>
-         </item>
-         <item row="7" column="0" colspan="2">
+         <item row="8" column="0" colspan="2">
           <layout class="QHBoxLayout" name="firewallRulesLayout">
            <property name="sizeConstraint">
             <enum>QLayout::SetMaximumSize</enum>
@@ -1211,64 +1251,75 @@ The qube must be running to disable seamless mode; this setting is not persisten
            </item>
           </layout>
          </item>
-         <item row="8" column="0">
-          <widget class="QWidget" name="tempFullAccessWidget" native="true">
-           <property name="enabled">
-            <bool>true</bool>
-           </property>
-           <layout class="QGridLayout" name="gridLayout_6">
-            <property name="leftMargin">
-             <number>0</number>
-            </property>
-            <property name="topMargin">
-             <number>0</number>
-            </property>
-            <property name="bottomMargin">
-             <number>0</number>
-            </property>
-            <item row="1" column="0">
-             <widget class="QCheckBox" name="temp_full_access">
-              <property name="text">
-               <string>Allow full access for </string>
-              </property>
-             </widget>
-            </item>
-            <item row="1" column="1">
-             <widget class="QSpinBox" name="temp_full_access_time">
-              <property name="suffix">
-               <string> min</string>
-              </property>
-              <property name="value">
-               <number>5</number>
-              </property>
-             </widget>
-            </item>
-            <item row="1" column="2">
-             <spacer name="horizontalSpacer_2">
-              <property name="orientation">
-               <enum>Qt::Horizontal</enum>
-              </property>
-              <property name="sizeHint" stdset="0">
-               <size>
-                <width>40</width>
-                <height>20</height>
-               </size>
-              </property>
-             </spacer>
-            </item>
-           </layout>
-          </widget>
+         <item row="4" column="0">
+          <layout class="QHBoxLayout" name="horizontalLayout_5">
+           <item>
+            <widget class="QRadioButton" name="policy_allow_radio_button">
+             <property name="text">
+              <string>Allow all outgoing Internet connections</string>
+             </property>
+            </widget>
+           </item>
+           <item>
+            <widget class="QRadioButton" name="policy_deny_radio_button">
+             <property name="toolTip">
+              <string>Changing firewall settings does NOT affect existing connections.</string>
+             </property>
+             <property name="text">
+              <string>Limit outgoing Internet connections to ...</string>
+             </property>
+            </widget>
+           </item>
+          </layout>
          </item>
-         <item row="9" column="0" colspan="2">
-          <widget class="QLabel" name="label_22">
+         <item row="3" column="0">
+          <widget class="QLabel" name="sysnet_warning_label">
+           <property name="palette">
+            <palette>
+             <active>
+              <colorrole role="WindowText">
+               <brush brushstyle="SolidPattern">
+                <color alpha="255">
+                 <red>239</red>
+                 <green>41</green>
+                 <blue>41</blue>
+                </color>
+               </brush>
+              </colorrole>
+             </active>
+             <inactive>
+              <colorrole role="WindowText">
+               <brush brushstyle="SolidPattern">
+                <color alpha="255">
+                 <red>239</red>
+                 <green>41</green>
+                 <blue>41</blue>
+                </color>
+               </brush>
+              </colorrole>
+             </inactive>
+             <disabled>
+              <colorrole role="WindowText">
+               <brush brushstyle="SolidPattern">
+                <color alpha="255">
+                 <red>190</red>
+                 <green>190</green>
+                 <blue>190</blue>
+                </color>
+               </brush>
+              </colorrole>
+             </disabled>
+            </palette>
+           </property>
+           <property name="font">
+            <font>
+             <weight>75</weight>
+             <italic>true</italic>
+             <bold>true</bold>
+            </font>
+           </property>
            <property name="text">
-            <string>NOTE:  To block all network access, set Networking to (none) on the Basic settings tab. This tab provides a very simplified firewall configuration. All DNS requests and ICMP (pings) will be allowed. For more granular control, use the command line tool qvm-firewall.</string>
-           </property>
-           <property name="alignment">
-            <set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter</set>
-           </property>
-           <property name="wordWrap">
-            <bool>true</bool>
+            <string>This qube has direct network access and Qubes Firewall settings will not be used. Configure other qubes' network access in their network settings or in a dedicated firewall qube.</string>
            </property>
           </widget>
          </item>