Problems:
1) Unprivileged VM windows always on top
2) The Firewall VM need to know details about the app trying to connect
The second one I think it can be solved by adding the infomations needed in the payload at the SourceVM and than let the FW remove them or by incapsulating the packets in an another IP layer.
Do you have some ideas?