NG Firewall Virtual Appliance on VMware
Untangle can be virtualized through a virtual appliance running on VMware ESX or ESXi.
The virtual appliance can also be used in for demonstrations in VMware player, workstation, fusion, or server, but it is not recommended run a production installation in these environments. Support will help with Untangle configuration but configuration of the virtualization hypervisor is beyond the scope of Untangle support.
- Demo virtual appliance: suitable for installation on a laptop or desktop in order to have a working instance of the platform running inside your Window, OS X, or Linux OS for testing or demonstration purposes. This is supported using VMware Player, Fusion, Server, or Workstation and requires only one physical network interface. Use this mode if you have only one physical network interface in your VMware host machine.
- Production virtual appliance: to be used as a network gateway. This mode requires at least two physical network interfaces (three if you want or need an external DMZ). We recommend you use either VMware ESX or ESXi Server. Use this mode if you have two or more physical network interfaces that you can connect to external, internal and (optionally) DMZ networks.
Untangle Support and VMware
Untangle wants you to have a successful deployment. Unfortunately, our support staff doesn't have the expertise in VMware ESX to ensure that we can help you with installing and configuring VMware. We will certainly help you with your Untangle configuration, provided it's running on ESX.
That being said, we'd like to make you aware that systems like Untangle that require a lot of real time processing aren't great candidates for virtualization. VMware works by "time-slicing" the physical CPUs in the host system. While the VMware server is off processing other virtual machines, the Untangle server is unable to process traffic. At the same time, network traffic continues to arrive. This traffic stacks up and presents itself to the Untangle VM as "bursty." This exacerbates any high load issues that may be present. The exact threshold of where it will be unsuitable is hard to say. It is a combination of traffic level, types of traffic, and user expectations.
In summary: We do not recommend virtualizing Untangle. If you choose to install Untangle in a virtual environment, the support team will assist you with any issues related to the Untangle and its applications, but they will not help with virtualization set up/connectivity issues or issues caused by virtualization (high load, slow speeds, etc).
To ease deployment, Untangle provides a Virtual Application for VMware with pre-compiled VM tools. Many thanks to Webfool for his help in creating the Virtual Appliance and the screenshots in this guide.
How to install on ESX or ESXi
Before we get started
Requirements:
- Installed and configured VMware ESX server with one virtual NIC and vSwitch per Untangle Interface
- A sense of adventure!
Download the Untangle Virtual Machine
- Download the Untangle Virtual Appliance here: http://sourceforge.net/projects/untangle/files/. If you plan on allocating more than 4GB of RAM to your virtual machine, download the 64bit version, otherwise, use the 32bit version.
Deploy OVA file to ESX server
- Once the OVA file is downloaded, open your VMware vSphare Client and login to your server.
- Once you are logged in, click File -> “Deploy OVF Template…”
- In the “Deploy OVF Template” wizard mark “Deploy from file:” And hit “Browse…”
- Browse to the location where you saved your OVA file and click "Open".
- Then hit “Next”
- Read The Template Details and click “Next”.
- In the “Name and Location screen” you may either change the name or leave it at the default. Click “Next”.
- In the “Resource Pool screen” If you use Resource Pools, select the appropriate pool for the new Untangle VM and click "Next". Note: You can always move the VM to another Resource Pool after it's installed.
- In the “Datastore screen” Select what datastore you want use click “Next”.
- In the “Ready to Complete” screen, verify that everything looks OK and click “Finish”
- Wait for the “Deploying” Progress Meter.
- When it is done, Click "Close".
Verify/Configure Physical NIC to vSwitch mappings
- Setup/confirm your vSwitch Settings. Click on the ESX host, then select “Configuration" tab and "Hardware -> Networking”
- It is best practice to place your “Management Network “ is on a own vSwitch. (This is not a Must but if you can make sure that Untangle does not exist on the same vSwitch as any Management Interface)
- On the vSwitches that Untangle will connect to activate “promiscuous mode” click on “Properties…”
- Ensure that Promiscuous has status “Accept” otherwise hit "Edit" and go to the “Security “ Tab and change “Reject” to “Accept”. You will need to do this on all vSwitches that Untangle Virtual Machine connects to!
Configure the Virtual Machine for your Network
- Right click on the new Virtual Machine and select “Edit Settings”.
- You will need to add new virtual NICs and connect them to the appropriate vSwitches. Warning! Two Bridged Interfaces to the same vSwitch will crash your ESX server. Each Untangle NIC should be connected to it's own vSwitch. Each vSwitch should be connected to it's own Physical NIC, or at least be separated by VLAN tagging at the physical NIC level.
- In this example, you can see that the new NICs are connected to different vSwitches labeled LAN and DMZ.
- Under “Options”->“VMware Tools” make sure to check the “Synchronize guest time with host” and click "OK"
Celebrate! You're at the end
Now you are ready to Power on your Untangle VM.
More Info and Troubleshooting
For more information on the underlying issues, please see the following:
- Kernel documentation
- VMware documentation
- Microsoft Virtual Server documentation
- Untangle Community Support
- Untangle Live Support
For information about using your new Untangle software, see our Untangle Server User's Guide.
Happy virtual Untangling!