Solved | Wanted to install Sophos home Firewall in Unraid


gacpac

Recommended Posts

are the cards set as virtio or did you specify e1000? I know for OSX you need to change the type for it to work.

 

 <interface type='bridge'>
      <mac address='xx:xx:xx:xx:xx:xx'/>
      <source bridge='br0'/>
      <model type='e1000-82545em'/>
      <address type='pci' domain='0x0000' bus='0x09' slot='0x01' function='0x0'/>
    </interface>

  • Like 1
Link to comment
  • 2 weeks later...
30 minutes ago, thomas said:

Try also deleting the browser cache or using an incognito tab...

Check also you're using the Lan side, because the Wan side doesn't allow access to :4444 port...

I'm trying to set it up with Virtual interfaces, which technically are both Lan interfaces. I know I've done it before in VMware

Link to comment

They are both on LAN, but the WAN side will get an IP from the DHCP server that you have, while the other one will be 172.16.16.16. So you have to change your IP to be in the same subnet to be able to connect. 

Also you can connect with VNC and change the LAN side IP from the VM terminal. Default password is admin...

Link to comment

Omg, I set up as SeaBios using Machine i440fx-3.0 and the system was detected as a KVM Virtual Machine. Then everything in SATA port.  I've also spin up a Windows 10 VM.

 

Setup my IP as you said and bro it worked perfect. Now I can play with it, set it up as a bridge or maybe firewall in the future. 

  • Upvote 1
Link to comment
8 hours ago, gacpac said:

Another question if possible. How did you setup your network cards for the VM. Because I set them on bridge and my whole network went down.  

I left them default, the only change I made is the type to "e1000-82545em" and everything works properly.

 

Add Solved to the topic name, if there are no more issues...

 

Link to comment

I left everything default to. Well, I wanted the bridge functionality, but I had to change one of the network cards to vbr0 in the settings. 

 

Today I'll work on it but at least I got it to install. Even though I have to go to the https://ipaddress:4444 

 

I guess the other side is for user access only. 

Link to comment
  • 3 months later...

Could I please ask someone to post a working VM.xml file? I have got pfsense currently and would like to try Sophos UTM but I can not for the life of me get it to work. I have tried a number of vm variations but I can not get it to see the hardware during the setup.

 

Can anyone help?

Link to comment

Find below an xml file. There is nothing fancy about it; choose Linux as VM, Machine Q35, BIOS SeaBIOS, OS Install CDROM set to SATA, Primary Disk set to SATA 10GB, VNC and 2 virtual NICs changed from virtio to e1000-82545em. You must remove the virtual NICs and use the pass-through ones if that's the case.

 

 

Quote

<domain type='kvm' id='3'>
  <name>Linux</name>
  <uuid>02836ca4-3c5c-2aa1-04b1-78d09038e17d</uuid>
  <metadata>
    <vmtemplate xmlns="unraid" name="Linux" icon="linux.png" os="linux"/>
  </metadata>
  <memory unit='KiB'>2097152</memory>
  <currentMemory unit='KiB'>2097152</currentMemory>
  <memoryBacking>
    <nosharepages/>
  </memoryBacking>
  <vcpu placement='static'>2</vcpu>
  <cputune>
    <vcpupin vcpu='0' cpuset='3'/>
    <vcpupin vcpu='1' cpuset='7'/>
  </cputune>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='x86_64' machine='pc-q35-3.1'>hvm</type>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <cpu mode='host-passthrough' check='none'>
    <topology sockets='1' cores='1' threads='2'/>
  </cpu>
  <clock offset='utc'>
    <timer name='rtc' tickpolicy='catchup'/>
    <timer name='pit' tickpolicy='delay'/>
    <timer name='hpet' present='no'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/local/sbin/qemu</emulator>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source file='/mnt/user/isos/yourISO.iso'/>
      <backingStore/>
      <target dev='hda' bus='sata'/>
      <readonly/>
      <boot order='2'/>
      <alias name='sata0-0-0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw' cache='writeback'/>
      <source file='/mnt/user/domains/Linux/vdisk1.img'/>
      <backingStore/>
      <target dev='hdc' bus='sata'/>
      <boot order='1'/>
      <alias name='sata0-0-2'/>
      <address type='drive' controller='0' bus='0' target='0' unit='2'/>
    </disk>
    <controller type='usb' index='0' model='ich9-ehci1'>
      <alias name='usb'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci1'>
      <alias name='usb'/>
      <master startport='0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci2'>
      <alias name='usb'/>
      <master startport='2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci3'>
      <alias name='usb'/>
      <master startport='4'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/>
    </controller>
    <controller type='sata' index='0'>
      <alias name='ide'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
    </controller>
    <controller type='pci' index='0' model='pcie-root'>
      <alias name='pcie.0'/>
    </controller>
    <controller type='pci' index='1' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='1' port='0x10'/>
      <alias name='pci.1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
    </controller>
    <controller type='pci' index='2' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='2' port='0x11'/>
      <alias name='pci.2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
    </controller>
    <controller type='pci' index='3' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='3' port='0x12'/>
      <alias name='pci.3'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
    </controller>
    <controller type='pci' index='4' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='4' port='0x13'/>
      <alias name='pci.4'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
    </controller>
    <controller type='pci' index='5' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='5' port='0x14'/>
      <alias name='pci.5'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <alias name='virtio-serial0'/>
      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
    </controller>
    <interface type='bridge'>
      <mac address='52:54:00:16:2d:cf'/>
      <source bridge='br0'/>
      <target dev='vnet1'/>
      <model type='e1000-82545em'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='52:54:00:2e:b6:24'/>
      <source bridge='br0'/>
      <target dev='vnet2'/>
      <model type='e1000-82545em'/>
      <alias name='net1'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/1'/>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/1'>
      <source path='/dev/pts/1'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <channel type='unix'>
      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-3-Linux/org.qemu.guest_agent.0'/>
      <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/>
      <alias name='channel0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
      <address type='usb' bus='0' port='1'/>
    </input>
    <input type='mouse' bus='ps2'>
      <alias name='input1'/>
    </input>
    <input type='keyboard' bus='ps2'>
      <alias name='input2'/>
    </input>
    <graphics type='vnc' port='5901' autoport='yes' websocket='5700' listen='0.0.0.0' keymap='en-us'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
    <video>
      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
    </memballoon>
  </devices>
  <seclabel type='dynamic' model='dac' relabel='yes'>
    <label>+0:+100</label>
    <imagelabel>+0:+100</imagelabel>
  </seclabel>
</domain>


 

Edited by thomas
Link to comment
  • 1 month later...

I am migrating my SophosUTM from ESXi vmdk to Unraid VM. I followed these steps:

ESXi VMDK to Unraid KVM VM

1)  Stop the VM in ESXI
2)  Export the VM as an OVF template
3)  Make a folder on your unraid box called /mnt/user/domains/<NameOfVM>
4)  Copy the VMDK file from the export folder to the folder you created in step 3
5)  Run the following command:  "qemu-img convert -p -f vmdk -O raw <vmdkfile> <vmdkfilename>.img".  This will convert the file to the KVM/OVirt format. 
6)  Create a new VM, change the bios to "SeaBIOS", and choose the .img file created in step #5 for the first hard drive.

At this point, if it's a linux machine, you can boot it and it pretty much Just Works (tm).  If it's a windows box, you've got a couple more steps.

 

I'm using the aforementioned Linux VM settings. BUT during boot it hangs at "could not find /dev/disk/by-label/root", please see screenshot.

The disk type is SATA which points to my .img file.

Can someone help me get past this?

2019-04-30_12-01-15.png

Link to comment
On 11/14/2018 at 11:29 PM, gacpac said:

Omg, I set up as SeaBios using Machine i440fx-3.0 and the system was detected as a KVM Virtual Machine. Then everything in SATA port.  I've also spin up a Windows 10 VM.

 

Setup my IP as you said and bro it worked perfect. Now I can play with it, set it up as a bridge or maybe firewall in the future. 

This resolved my issue NIC detection too!

My problem was I was going with the default machine type after changing it to: i440fx-3.0. Also I changed VM settings interface model type:

<model type='e1000-82545em'/>

 

Now the Sophos UTM 9.5 is seeing at least one network card during installation. At least now I can complete the install and then figure out what I want to use as my second NIC.

Thanks!!!

 

BUT, now I get an RPM error 3/4 through the installation and it aborts.

 

2019-04-30_17-57-03.png

To get past this error, I re-ran the installer as 32bit kernel and opting out of the Enterprise tools option.

Not out of the woods yet! Now that install finished, it boots to Grub prompt.... 😞

Edited by guruleenyc
Link to comment
On 4/30/2019 at 5:24 PM, guruleenyc said:

This resolved my issue NIC detection too!

My problem was I was going with the default machine type after changing it to: i440fx-3.0. Also I changed VM settings interface model type:

<model type='e1000-82545em'/>

 

Now the Sophos UTM 9.5 is seeing at least one network card during installation. At least now I can complete the install and then figure out what I want to use as my second NIC.

Thanks!!!

 

BUT, now I get an RPM error 3/4 through the installation and it aborts.

 

2019-04-30_17-57-03.png

To get past this error, I re-ran the installer as 32bit kernel and opting out of the Enterprise tools option.

Not out of the woods yet! Now that install finished, it boots to Grub prompt.... 😞

Something is off. I didn't got that error. If you want I can try installing sophos again and then let you know what I did. Have you checked the iso?

  • Upvote 1
Link to comment
  • 2 weeks later...
On 5/1/2019 at 9:16 PM, thomas said:

You ran out of space. If you press ALT+F4, you'll see the log. I tried with 10GB and it's too small. Increasing the disk space to 20GB fixed it. I used UTM 9.6 with 64bit and Enterprise.

@thomas Thank you!!!! I del the SophosUTM 9 VM and rebuilt it as generic Linux, machine type: i440fx-3.0, increased hdd to 30G sata and changed VM settings interface model type: "<model type='e1000-82545em'/>" in form view after creation.

The VM is up and running with once NIC/br0, now I need to see what I am going to use as a WAN NIC for it.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.