Tuesday, 2 December 2008

Working with Untangle (OSS Firewall) as a Hyper-V Guest

There are some caveats when working with non-Windows OSs as Hyper-V guests.

In the case of the Untangle VM, there is no way to install the Hyper-V Integration Services into the VM. As a result, there is no mouse capture in the VM when opened via the Hyper-V Manager (gives console access) if connected to the Hyper-V management system via a RDP session.

For some systems, keyboard shortcuts may suffice to get about the OS and its management features. In the case of the Untangle VM we were not able to do so. Thus, we needed to be at a physical workstation whenever we needed to manage the VM directly.

The Untangle product does allow HTTPS connectivity to the machine for management purposes once everything has been set up though. This management will need to be accomplished via a workstation as the security settings in IE on the SBS box will not allow the Untangle management features to initialize.

The other caveat when setting up the Untangle product in a Hyper-V based VM is the NIC setup. We set up static MAC addresses for both NICs with the intent of setting the External NIC MAC address up with a static IP reservation in our own SBS server's DHCP.

During the Untangle setup routine and subsequently the Untangle Setup Wizard the NICs were reversed. How the setup routine decides which NIC is Internal and which NIC is external is not known. But, once the NICs were reversed in the Interface Management post OS install, the correct Internal static IP was set in place and DNS was set to the SPRINGERS' SBS VM everything fell into place nicely.

For the book we were working with version 5.x of the Untangle product. Untangle has just released version 6 of the product. From our conversations with Untangle the step up to version 6 is quite significant.

BTW, if you are used to working with ISA and its rule structures, Untangle and its management features should come fairly natural when it comes to the learning curve.

Yesterday's article: Installing Untangle (OSS Firewall) as a Hyper-V Guest

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.


Anonymous said...

Philip: Did you pass the beta SBS 2008 exam? I just got a letter today (12/4/08) saying I passed! I was typing to you on experts exchange and back in the end of October you thought you didn't pass because it wasn't in our profiles on the MCP website. I guess they were really slow in grading it?

Anonymous said...

My transcript says I am a Microsoft Certified Technology Specialist now! Is that to distinguish between MCSE (which I have for win 2000) and / or to get away from the word engineer, which some states I heard were complaining that Microsoft can't use in a title because professional engineer is a state issued title?

Philip E. said...

As I recall, the IEEE was the organization that caused the most noise about the term "Engineer". Ain't got the pinky ring? Then you ain't one was essentially the stance.

Makes no difference in the long run, we still "engineer" solutions for our clients ... or "architect" them which is the term I prefer to use: Technical Architect is my catch line on the business card.

Depending on how things work out over this next year, I am hoping to challenge a few more exams ... we shall see!


krib said...

Hi Phillip,

Any chance to upload somewhere VHD of configured Untangle, it would save many of us :)

Also just tell us what do we need to change (IPs, etc) in order to get it working in our environments.