today I will tell you how I configured my home server for a virtual Sophos UTM.
All configurations in ubuntu can also be used for a virtual Sophos XG.

In this article I assume that Ubuntu and virt manager are installed. The following link deals with the basic configuration of virt manager under ubuntu:

german https://wiki.ubuntuusers.de/virt-manager/
english https://www.howtogeek.com/117635/how-to-install-kvm-and-create-virtual-machines-on-ubuntu/

What do you need for this?

• A PC (AMD or Intel, what you like. A virt XG also runs under a AMD CPU)
• A Ubuntu System (with a GUI, it’s easier ;) )
• 3 NICs
  • I use the Mainboard NIC for the Server management
  • the second NIC in bridge mode for the VMs
  • and the last NIC via PCI Passthrough exclusive for the UTM WAN interface (you can’t use a dual NIC for this)
    • you need a pcie slot for the NIC where the PCIe lanes are not shared with the chipset or other components
• Sophos UTM ISO for Software Appliance

Why do I use PCI Passthrough? It is safer. With PCI Passthrough, all traffic goes directly to the virtual firewall and cannot escape from a virtual switch and has no logical contact with the hypervisor (the Ubuntu server).

OK,
we have been busy and now have a fully installed Ubuntu and Virt Manager and are starting to configure the virtual UTM.

• Install a new VM

• Adjust the new VM
• • activate auto start while booting of the hypervisor

• • activate the bridge mode for the “LAN NIC”
    I recommend virtio for NIC device model, because according to my own experience it offers the best data throughput.

• • insert the “WAN NIC” via PCI Passthrough
    Be sure if it is the right PCIe slot and NIC.

• Install the UTM
  When installing the UTM, you must select a LAN NIC. The LAN-NIC should be the first interface. If it was the wrong interface, restart the installation process and select the other NIC in the list for the LAN.
  After the installation, you have 2 hardware NICs in the UTM . On my UTM for LAN eth0 (virtio) and for WAN eth1(PCI Passtrough realtec NIC).

A nice feature. You can use vlan interfaces for eth0 without any setup by the hypervisor. But you need a vlan-enabled switch.
You can use it for guest wifi or whatever you want.

If you need inspiration for a home server. These are my server components:

Registration, Software Download and Installation

Feel free to comment the recommendation or ask for further installation help. If you want to support me, buy stuff over my Amazon links or click on an advertisement. Thank you very much!

Have a nice day!

The post Sophos UTM how to install a virtual home firewall under ubuntu via KVM appeared first on Network Guy.