You can configure multiple sys-net VMs. I started with the base and added one that has a manual OpenVPN config on it.
You can attach one or more firewalls to network VMs.
There is an article about creating a ProxyVM - basically a shim between things you use and network or firewall. This article references some very old Fedora links that are now missing. I would like to fix this, but I’m new here, and I can only move just so fast when it comes to new stuff.
Things I have not seen with Qubes yet - the VirtualBox notion of a “Host-Only Network”. I do not know how to take a /24 of private space and let multiple VMs talk to each other. I also have not yet seen how to configure a VM to provide a daemon, but there are articles about implementing Pi-hole for use with VMs, so I believe it’s possible.
Be prepared to hear “Can’t do that with Qubes because of security concern X”, I’ve now encountered this a couple times. Qubes only looks like Linux, there is a “Qubes Way” to get things done, takes a bit to digest.