Jump to content
gacpac

Solved | Wanted to install Sophos home Firewall in Unraid

26 posts in this topic Last Reply

Recommended Posts

I tried setting up Sophos to try it out, but then the stupid KVM doesn't detect the virtual network cards. Can somebody help me a little bit with this?

Edited by gacpac
Topic solved

Share this post


Link to post

are the cards set as virtio or did you specify e1000? I know for OSX you need to change the type for it to work.

 

 <interface type='bridge'>
      <mac address='xx:xx:xx:xx:xx:xx'/>
      <source bridge='br0'/>
      <model type='e1000-82545em'/>
      <address type='pci' domain='0x0000' bus='0x09' slot='0x01' function='0x0'/>
    </interface>

Share this post


Link to post

I set the VM settings to be OVMF and it picked it up. But I had another problem that for some reason after it installs the default password doesn't work. And that truly doesn't make sense. 

 

If somebody have some quick instructions or something special please let me know

Share this post


Link to post

I'm trying to login using the https://x.x.x.x which is what I've read. The problem I have is that no matter what I do, I can't go to the default https://172.16.16.16:4444/ and no matter what I do. 

Share this post


Link to post

Maybe a silly question, but you have changed your IP to be able to access the 172.16.16.16?

 

You can try ping it first, to know that is accessible...

Share this post


Link to post

Try also deleting the browser cache or using an incognito tab...

Check also you're using the Lan side, because the Wan side doesn't allow access to :4444 port...

Edited by thomas

Share this post


Link to post
30 minutes ago, thomas said:

Try also deleting the browser cache or using an incognito tab...

Check also you're using the Lan side, because the Wan side doesn't allow access to :4444 port...

I'm trying to set it up with Virtual interfaces, which technically are both Lan interfaces. I know I've done it before in VMware

Share this post


Link to post

They are both on LAN, but the WAN side will get an IP from the DHCP server that you have, while the other one will be 172.16.16.16. So you have to change your IP to be in the same subnet to be able to connect. 

Also you can connect with VNC and change the LAN side IP from the VM terminal. Default password is admin...

Share this post


Link to post

I made a test install for Sophos XG Firewall, but for me it only booted with Seabios, not OVMF. After install, I changed my computer's IP to 172.16.16.5 255.255.255.0 and I could access the https://172.16.16.16:4444 and do all the configuration...

Share this post


Link to post
1 minute ago, gacpac said:

If you use Seabios. What drivers you use for the disks? That's where I have issues 

I don't recall if I had to switch the disks from Virtio to SATA, but you can try it. I can check later today to see...

Share this post


Link to post

Omg, I set up as SeaBios using Machine i440fx-3.0 and the system was detected as a KVM Virtual Machine. Then everything in SATA port.  I've also spin up a Windows 10 VM.

 

Setup my IP as you said and bro it worked perfect. Now I can play with it, set it up as a bridge or maybe firewall in the future. 

Share this post


Link to post

Another question if possible. How did you setup your network cards for the VM. Because I set them on bridge and my whole network went down.  

Share this post


Link to post
8 hours ago, gacpac said:

Another question if possible. How did you setup your network cards for the VM. Because I set them on bridge and my whole network went down.  

I left them default, the only change I made is the type to "e1000-82545em" and everything works properly.

 

Add Solved to the topic name, if there are no more issues...

 

Share this post


Link to post

I left everything default to. Well, I wanted the bridge functionality, but I had to change one of the network cards to vbr0 in the settings. 

 

Today I'll work on it but at least I got it to install. Even though I have to go to the https://ipaddress:4444 

 

I guess the other side is for user access only. 

Share this post


Link to post

Could I please ask someone to post a working VM.xml file? I have got pfsense currently and would like to try Sophos UTM but I can not for the life of me get it to work. I have tried a number of vm variations but I can not get it to see the hardware during the setup.

 

Can anyone help?

Share this post


Link to post
Posted (edited)

Find below an xml file. There is nothing fancy about it; choose Linux as VM, Machine Q35, BIOS SeaBIOS, OS Install CDROM set to SATA, Primary Disk set to SATA 10GB, VNC and 2 virtual NICs changed from virtio to e1000-82545em. You must remove the virtual NICs and use the pass-through ones if that's the case.

 

 

Quote

<domain type='kvm' id='3'>
  <name>Linux</name>
  <uuid>02836ca4-3c5c-2aa1-04b1-78d09038e17d</uuid>
  <metadata>
    <vmtemplate xmlns="unraid" name="Linux" icon="linux.png" os="linux"/>
  </metadata>
  <memory unit='KiB'>2097152</memory>
  <currentMemory unit='KiB'>2097152</currentMemory>
  <memoryBacking>
    <nosharepages/>
  </memoryBacking>
  <vcpu placement='static'>2</vcpu>
  <cputune>
    <vcpupin vcpu='0' cpuset='3'/>
    <vcpupin vcpu='1' cpuset='7'/>
  </cputune>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='x86_64' machine='pc-q35-3.1'>hvm</type>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <cpu mode='host-passthrough' check='none'>
    <topology sockets='1' cores='1' threads='2'/>
  </cpu>
  <clock offset='utc'>
    <timer name='rtc' tickpolicy='catchup'/>
    <timer name='pit' tickpolicy='delay'/>
    <timer name='hpet' present='no'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/local/sbin/qemu</emulator>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source file='/mnt/user/isos/yourISO.iso'/>
      <backingStore/>
      <target dev='hda' bus='sata'/>
      <readonly/>
      <boot order='2'/>
      <alias name='sata0-0-0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw' cache='writeback'/>
      <source file='/mnt/user/domains/Linux/vdisk1.img'/>
      <backingStore/>
      <target dev='hdc' bus='sata'/>
      <boot order='1'/>
      <alias name='sata0-0-2'/>
      <address type='drive' controller='0' bus='0' target='0' unit='2'/>
    </disk>
    <controller type='usb' index='0' model='ich9-ehci1'>
      <alias name='usb'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci1'>
      <alias name='usb'/>
      <master startport='0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci2'>
      <alias name='usb'/>
      <master startport='2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci3'>
      <alias name='usb'/>
      <master startport='4'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/>
    </controller>
    <controller type='sata' index='0'>
      <alias name='ide'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
    </controller>
    <controller type='pci' index='0' model='pcie-root'>
      <alias name='pcie.0'/>
    </controller>
    <controller type='pci' index='1' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='1' port='0x10'/>
      <alias name='pci.1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
    </controller>
    <controller type='pci' index='2' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='2' port='0x11'/>
      <alias name='pci.2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
    </controller>
    <controller type='pci' index='3' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='3' port='0x12'/>
      <alias name='pci.3'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
    </controller>
    <controller type='pci' index='4' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='4' port='0x13'/>
      <alias name='pci.4'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
    </controller>
    <controller type='pci' index='5' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='5' port='0x14'/>
      <alias name='pci.5'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <alias name='virtio-serial0'/>
      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
    </controller>
    <interface type='bridge'>
      <mac address='52:54:00:16:2d:cf'/>
      <source bridge='br0'/>
      <target dev='vnet1'/>
      <model type='e1000-82545em'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='52:54:00:2e:b6:24'/>
      <source bridge='br0'/>
      <target dev='vnet2'/>
      <model type='e1000-82545em'/>
      <alias name='net1'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/1'/>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/1'>
      <source path='/dev/pts/1'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <channel type='unix'>
      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-3-Linux/org.qemu.guest_agent.0'/>
      <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/>
      <alias name='channel0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
      <address type='usb' bus='0' port='1'/>
    </input>
    <input type='mouse' bus='ps2'>
      <alias name='input1'/>
    </input>
    <input type='keyboard' bus='ps2'>
      <alias name='input2'/>
    </input>
    <graphics type='vnc' port='5901' autoport='yes' websocket='5700' listen='0.0.0.0' keymap='en-us'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
    <video>
      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
    </memballoon>
  </devices>
  <seclabel type='dynamic' model='dac' relabel='yes'>
    <label>+0:+100</label>
    <imagelabel>+0:+100</imagelabel>
  </seclabel>
</domain>


 

Edited by thomas

Share this post


Link to post

I am migrating my SophosUTM from ESXi vmdk to Unraid VM. I followed these steps:

ESXi VMDK to Unraid KVM VM

1)  Stop the VM in ESXI
2)  Export the VM as an OVF template
3)  Make a folder on your unraid box called /mnt/user/domains/<NameOfVM>
4)  Copy the VMDK file from the export folder to the folder you created in step 3
5)  Run the following command:  "qemu-img convert -p -f vmdk -O raw <vmdkfile> <vmdkfilename>.img".  This will convert the file to the KVM/OVirt format. 
6)  Create a new VM, change the bios to "SeaBIOS", and choose the .img file created in step #5 for the first hard drive.

At this point, if it's a linux machine, you can boot it and it pretty much Just Works (tm).  If it's a windows box, you've got a couple more steps.

 

I'm using the aforementioned Linux VM settings. BUT during boot it hangs at "could not find /dev/disk/by-label/root", please see screenshot.

The disk type is SATA which points to my .img file.

Can someone help me get past this?

2019-04-30_12-01-15.png

Share this post


Link to post
Posted (edited)
On 11/14/2018 at 11:29 PM, gacpac said:

Omg, I set up as SeaBios using Machine i440fx-3.0 and the system was detected as a KVM Virtual Machine. Then everything in SATA port.  I've also spin up a Windows 10 VM.

 

Setup my IP as you said and bro it worked perfect. Now I can play with it, set it up as a bridge or maybe firewall in the future. 

This resolved my issue NIC detection too!

My problem was I was going with the default machine type after changing it to: i440fx-3.0. Also I changed VM settings interface model type:

<model type='e1000-82545em'/>

 

Now the Sophos UTM 9.5 is seeing at least one network card during installation. At least now I can complete the install and then figure out what I want to use as my second NIC.

Thanks!!!

 

BUT, now I get an RPM error 3/4 through the installation and it aborts.

 

2019-04-30_17-57-03.png

To get past this error, I re-ran the installer as 32bit kernel and opting out of the Enterprise tools option.

Not out of the woods yet! Now that install finished, it boots to Grub prompt.... 😞

Edited by guruleenyc

Share this post


Link to post
On 4/30/2019 at 5:24 PM, guruleenyc said:

This resolved my issue NIC detection too!

My problem was I was going with the default machine type after changing it to: i440fx-3.0. Also I changed VM settings interface model type:

<model type='e1000-82545em'/>

 

Now the Sophos UTM 9.5 is seeing at least one network card during installation. At least now I can complete the install and then figure out what I want to use as my second NIC.

Thanks!!!

 

BUT, now I get an RPM error 3/4 through the installation and it aborts.

 

2019-04-30_17-57-03.png

To get past this error, I re-ran the installer as 32bit kernel and opting out of the Enterprise tools option.

Not out of the woods yet! Now that install finished, it boots to Grub prompt.... 😞

Something is off. I didn't got that error. If you want I can try installing sophos again and then let you know what I did. Have you checked the iso?

Share this post


Link to post

You ran out of space. If you press ALT+F4, you'll see the log. I tried with 10GB and it's too small. Increasing the disk space to 20GB fixed it. I used UTM 9.6 with 64bit and Enterprise.

Share this post


Link to post
On 5/1/2019 at 9:16 PM, thomas said:

You ran out of space. If you press ALT+F4, you'll see the log. I tried with 10GB and it's too small. Increasing the disk space to 20GB fixed it. I used UTM 9.6 with 64bit and Enterprise.

@thomas Thank you!!!! I del the SophosUTM 9 VM and rebuilt it as generic Linux, machine type: i440fx-3.0, increased hdd to 30G sata and changed VM settings interface model type: "<model type='e1000-82545em'/>" in form view after creation.

The VM is up and running with once NIC/br0, now I need to see what I am going to use as a WAN NIC for it.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.