Sophos UTM how to install a virtual home firewall under ubuntu via KVM

Hello guys!

today I will tell you how I configured my home server for a virtual Sophos UTM.
All configurations in ubuntu can also be used for a virtual Sophos XG.

In this article I assume that Ubuntu and virt manager are installed. The following link deals with the basic configuration of virt manager under ubuntu:

german https://wiki.ubuntuusers.de/virt-manager/
english https://www.howtogeek.com/117635/how-to-install-kvm-and-create-virtual-machines-on-ubuntu/

What do you need for this?

  • A PC (AMD or Intel, what you like. A virt XG also runs under a AMD CPU)
  • A Ubuntu System (with a GUI, it’s easier 😉 )
  • 3 NICs
    • I use the Mainboard NIC for the Server management
    • the second NIC in bridge mode for the VMs
    • and the last NIC via PCI Passthrough exclusive for the UTM WAN interface (you can’t use a dual NIC for this)
      • you need a pcie slot for the NIC where the PCIe lanes are not shared with the chipset or other components
  • Sophos UTM ISO for Software Appliance

Why do I use PCI Passthrough? It is safer. With PCI Passthrough, all traffic goes directly to the virtual firewall and cannot escape from a virtual switch and has no logical contact with the hypervisor (the Ubuntu server).

OK,
we have been busy and now have a fully installed Ubuntu and Virt Manager and are starting to configure the virtual UTM.

  • Install a new VM

 

  • Adjust the new VM
    • activate auto start while booting of the hypervisor

    • activate the bridge mode for the “LAN NIC”
      I recommend virtio for NIC device model, because according to my own experience it offers the best data throughput.

    • insert the “WAN NIC” via PCI Passthrough
      Be sure if it is the right PCIe slot and NIC.

  • Install the UTM
    When installing the UTM, you must select a LAN NIC. The LAN-NIC should be the first interface. If it was the wrong interface, restart the installation process and select the other NIC in the list for the LAN.
    After the installation, you have 2 hardware NICs in the UTM . On my UTM for LAN eth0 (virtio) and for WAN eth1(PCI Passtrough realtec NIC).

A nice feature. You can use vlan interfaces for eth0 without any setup by the hypervisor. But you need a vlan-enabled switch.
You can use it for guest wifi or whatever you want.

If you need inspiration for a home server. These are my server components:

CPU AMD Ryzen 3400G
mainboard Gigabyte B450 Aorus M
RAM Corsair 32GB DDR4-3000
PSU be quiet! System Power 9 400W
SSD 1TB SanDisk SSD
HDD 4x Toshiba X300 4 TB as RAID 5
NIC 2x TP-Link TG-3468
case Zalman Z1
case fan 2x be Quiet Pure Wings 2 (case back and for the hdd’s) 

Registration, Software Download and Installation

Sophos UTM Sophos XG
Account registration Account registration
ISO file download ISO file download

Feel free to comment the recommendation or ask for further installation help. If you want to support me, buy stuff over my Amazon links or click on an advertisement. Thank you very much!

 

Have a nice day!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.