Installation and configuration of FireboxV , Watchguard Firewall virtual appliance

lanima_deli

Member
Sep 8, 2021
5
2
8
35
Rome
Installation and configuration of FireboxV , Watchguard Firewall appliance FireboxV.

Download the virtual appliance from the Watchguard official site: https://software.watchguard.com
Save the OVF version, checking the file with the checksum linux utility

You can do it from the shell by going to the iso directory:
root@pve:# cd /var/lib/vz/template/iso/
and then downloading the file locally
root@pve:/var/lib/vz/template/iso# wget [direct link]
file integrity check
root@pve:/var/lib/vz/template/iso# sha1sum FireboxV_12_7_1.ova
67670411a6b4dc8e82742fccc7283577961495fd FireboxV_12_7_1.ova

compare the number 6767 .. with that of the official site, if they are the same ok ,otherwise re-download the file

we will have an .ova file that will be unpacked with the command:

root@pve:/var/lib/vz/template/iso# tar -xvf FireboxV_12_7_1.ova
FireboxV_12_7_1_signed.ovf
FireboxV_12_7_1_signed.mf
FireboxV_12_7_1_signed.cert
FireboxV_12_7_1_signed-disk1.vmdk


let's convert the file from vmdk to qemu

root@pve:/var/lib/vz/template/iso# qemu-img convert -f vmdk -O qcow2 FireboxV_12_7_1_signed-disk1.vmdk FireboxV_12_7_1_signed-disk1.qcow2

create a basic virtual machine, following the specs recommended by watcghguard:
https://www.watchguard.com/help/doc...t/en-US/Fireware/firebox_v/fbv_setup_kvm.html

---------------------------------------------------------
Operating System — Linux with a KVM hypervisor
Disk Space — 5 GB for each FireboxV virtual machine

Model Memory vCPUs
Small 2048 MB* 2
Medium 4096 MB 4
Large 4096 MB 8
Extra Large 4096 MB 16

*4096 MB memory is required to enable IntelligentAV.
-----------------------------------------------------------

create vm
general: anything you want, just care about the VM ID number
os: Do not use any media - linux kernel
system: all default but tick qemu agent
hard disk: bus device sata, size 5gb,cache write back,tick discard
cpu: cores 2
memory: 4096
network: vmbr0 (that one bridged with ur network host network card)
confirm without boot vm.

Before starting the firewall we add a second network card to the firewall from the hardware menu
which will be attached to another linux bridge created to configure an internal lan, vmbr1 for example.

Still on hardware detach the created hard disk and then remove it
pay attention where the disk is saved, usually on "local-lvm" but it can also be just "local"
just simulate adding a disk and see where the storage records.
Register the FireboxV_12_7_1_signed-disk1.qcow2 disk with our machine via its VM ID via shell, 100 in this case
(be careful to do it from inside the folder where the file is present):

root@pve:/var/lib/vz/template/iso# qm importdisk 100 FireboxV_12_7_1_signed-disk1.qcow2 local-lvm
importing disk 'FireboxV_12_7_1_signed-disk1.qcow2' to VM 100 ...
Rounding up size to full physical extent <4.41 GiB
Logical volume "vm-100-disk-0" created.
transferred 0.0 B of 4.4 GiB (0.00%)
transferred 45.6 MiB of 4.4 GiB (1.01%)
transferred 102.8 MiB of 4.4 GiB (2.28%)
transferred 420.4 MiB of 4.4 GiB (9.32%)
.
.
.
transferred 4.4 GiB of 4.4 GiB (100.00%)
Successfully imported disk as 'unused0:local-lvm:vm-100-disk-0'


An Unused disk will appear on vm hardware, double click and ADD as a SATA.
Configure the virtual machine to boot from the newly recorded disk first.

Boot vm and login with default watchguard logins

In my case (ovhcloud), to reserve a public ip dedicated to the wan interface of the firewall I had to buy the ip,
create a virtual mac -address from the OVH control panel associated with the public ip, and change from the proxmox settings
the mac address of the firewall wan interface which must be the same as the mac address created on ovh.
at that point configure the wan interface in bridge on the same vmbr where the promox mgmt ip appears


enjoy !
Christian
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!