NG Firewall Virtual Appliance on VMware: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
(No difference)

Revision as of 22:27, 14 June 2013

Untangle can be virtualized through a virtual appliance running on VMware ESX or ESXi.

The virtual appliance can also be used in for demonstrations in VMware player, workstation, fusion, or server, but it is not recommended run a production installation in these environments. Support will help with Untangle configuration but configuration of the virtualization hypervisor is beyond the scope of Untangle support.

  • Demo virtual appliance: suitable for installation on a laptop or desktop in order to have a working instance of the platform running inside your Window, OS X, or Linux OS for testing or demonstration purposes. This is supported using VMware Player, Fusion, Server, or Workstation and requires only one physical network interface. Use this mode if you have only one physical network interface in your VMware host machine.
  • Production virtual appliance: to be used as a network gateway. This mode requires at least two physical network interfaces (three if you want or need an external DMZ). We recommend you use either VMware ESX or ESXi Server. Use this mode if you have two or more physical network interfaces that you can connect to external, internal and (optionally) DMZ networks.


Untangle Support and VMware

Untangle wants you to have a successful deployment. Unfortunately, our support staff doesn't have the expertise in VMware ESX to ensure that we can help you with installing and configuring VMware. We will certainly help you with your Untangle configuration, provided it's running on ESX.

That being said, we'd like to make you aware that systems like Untangle that require a lot of real time processing aren't great candidates for virtualization. VMware works by "time-slicing" the physical CPUs in the host system. While the VMware server is off processing other virtual machines, the Untangle server is unable to process traffic. At the same time, network traffic continues to arrive. This traffic stacks up and presents itself to the Untangle VM as "bursty." This exacerbates any high load issues that may be present. The exact threshold of where it will be unsuitable is hard to say. It is a combination of traffic level, types of traffic, and user expectations.

In summary: We do not recommend virtualizing Untangle. If you choose to install Untangle in a virtual environment, the support team will assist you with any issues related to the Untangle and its applications, but they will not help with virtualization set up/connectivity issues or issues caused by virtualization (high load, slow speeds, etc).

To ease deployment, Untangle provides a Virtual Application for VMware with pre-compiled VM tools. Many thanks to Webfool for his help in creating the Virtual Appliance and the screenshots in this guide.

How to install on ESX or ESXi

Before we get started

Requirements:

  1. Installed and configured VMware ESX server with one virtual NIC and vSwitch per Untangle Interface
  2. A sense of adventure!

Download the Untangle Virtual Machine

Deploy OVA file to ESX server

  • Once the OVA file is downloaded, open your VMware vSphare Client and login to your server.
vCenter Login
vCenter Login
  • Once you are logged in, click File -> “Deploy OVF Template…”
vCenter File->Deploy
vCenter File->Deploy
  • In the “Deploy OVF Template” wizard mark “Deploy from file:” And hit “Browse…”
vCenter Deploy Wizard 1
vCenter Deploy Wizard 1
  • Browse to the location where you saved your OVA file and click "Open".
  • Then hit “Next”
vCenter Deploy Wizard 2
vCenter Deploy Wizard 2
  • Read The Template Details and click “Next”.
vCenter Deploy Wizard 3
vCenter Deploy Wizard 3
  • In the “Name and Location screen” you may either change the name or leave it at the default. Click “Next”.
vCenter Deploy Wizard 4
vCenter Deploy Wizard 4
  • In the “Resource Pool screen” If you use Resource Pools, select the appropriate pool for the new Untangle VM and click "Next". Note: You can always move the VM to another Resource Pool after it's installed.
vCenter Deploy Wizard 5
vCenter Deploy Wizard 5
  • In the “Datastore screen” Select what datastore you want use click “Next”.
vCenter Deploy Wizard 6
vCenter Deploy Wizard 6
  • In the “Ready to Complete” screen, verify that everything looks OK and click “Finish”
vCenter Deploy Wizard 7
vCenter Deploy Wizard 7
  • Wait for the “Deploying” Progress Meter.
vCenter Deploy Progress Meter
vCenter Deploy Progress Meter
  • When it is done, Click "Close".
vCenter Deployment Completed
vCenter Deployment Completed

Verify/Configure Physical NIC to vSwitch mappings

  • Setup/confirm your vSwitch Settings. Click on the ESX host, then select “Configuration" tab and "Hardware -> Networking”
vCenter Hardware->Networking
vCenter Hardware->Networking
  • It is best practice to place your “Management Network “ is on a own vSwitch. (This is not a Must but if you can make sure that Untangle does not exist on the same vSwitch as any Management Interface)
  • On the vSwitches that Untangle will connect to activate “promiscuous mode” click on “Properties…”
vCenter vSwitch Properties
vCenter vSwitch Properties
  • Ensure that Promiscuous has status “Accept” otherwise hit "Edit" and go to the “Security “ Tab and change “Reject” to “Accept”. You will need to do this on all vSwitches that Untangle Virtual Machine connects to!
vCenter vSwitch Properties2
vCenter vSwitch Properties2

Configure the Virtual Machine for your Network

  • Right click on the new Virtual Machine and select “Edit Settings”.
vCenter Edit Settings
vCenter Edit Settings
  • You will need to add new virtual NICs and connect them to the appropriate vSwitches. Warning! Two Bridged Interfaces to the same vSwitch will crash your ESX server. Each Untangle NIC should be connected to it's own vSwitch. Each vSwitch should be connected to it's own Physical NIC, or at least be separated by VLAN tagging at the physical NIC level.
  • In this example, you can see that the new NICs are connected to different vSwitches labeled LAN and DMZ.
vCenter VM properties
vCenter VM properties
  • Under “Options”->“VMware Tools” make sure to check the “Synchronize guest time with host” and click "OK"
vCenter VM properties/tools options
vCenter VM properties/tools options

Celebrate! You're at the end

Now you are ready to Power on your Untangle VM.

More Info and Troubleshooting

For more information on the underlying issues, please see the following:

For information about using your new Untangle software, see our Untangle Server User's Guide.

Happy virtual Untangling!