Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 8 subscribers
  • Views 10451 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM on ASRock Z170M-ITX

JeroenSchellart

Hi all,

I am new here and wanted to share my experience installing Sophos on my custom build PC. I have the following hardware:

ASRock Z170M-ITX/ac

i5-6400

8GB Memory

120GB 850 EVO

And this all is put in a LC Power 1400MI case. The machine is very quiet and started up correctly the first time :-)

I had an USB-drive prepared and the Sophos UTM install started without a problem. Having done some research before trying to install from USB I knew I needed to mount a partition before starting the install. After doing this I started the install. I got a message there was only one NIC detected and after confirming the install stopped at 66%.

A quick search learned me this happens more often and to me the most likely cause could be that I am installing with a DVI connection. Searching through the BIOS I could not find a setting to force the display to HDMI or DisplayPort so I had a problem. Not having a graphics lying around I decided to hook the HD up to my other pc and try installing from there. And luckily the installation continued beyond the 66%.

Yeah, victory I thought. But, The installation failed. On the log screen it showed a file was not found. A quick Google search gave me the answer. Due some strange behavior a couple of file names were incomplete in the installation directory. After checking all the files and renaming the incomplete ones I was able to finish the installation. When the system rebooted I turned of the PC and put HD back.

The system booted and I got the message to connect to the IP address with a browser to finish the installation. I noticed both NIC were up so I had good hopes the network part was working now. However, I was unable to connect to the admin page. Logging on to the UTM with a screen and keyboard I got access to the system. An "ifconfig" showed me there was no eth0 device up. Having some Linux experience I quickly typed "ifconfig eth0 192.168.2.100". After hitting enter no error message was displayed and another "ifconfig" showed that eth0 was up and running. A quick ping check confirmed there was network connectivity.

Going back to my other computer and reloading the webpage gave the certificate error. Yes, I was in. I was able to login but I got stuck again when the network needed to be configured. I got the message the setting for the active network card cannot be changed so I cancelled this part of the wizard and after logging in again the familiar admin page was showing.
The first thing I did was checking my network interface connection. It showed the network card but according to the page it was turned off. Trying to turn it on gave me an error messaging saying there was no hardware associated with the network config. Editing the configuration and selecting the hardware was not possible. So, back to Google.
After setting a password for the loiginuser (root was already done when I logged on to the console the first time) I chrooted to root and started to work form the command line.

The first thing I did was checking the file: /etc/udev/rules.d/70-persistent-net.rules. In this file it showed two configurations for eth0 (for my Intel I219-V I guess) using module e1000e and one for eth1 (for my Realtek) using module r8169. I changed the Realtek to eth0 and the Intel to eth1. Reboot and no luck. I kept my changes as I knew the I219-v has issues and the Realtek showed up as being recognized when I checked dmesg on the command line.

I quickly learned there is a tool that can be started with cc where you can do al sorts of config work from the command line. Following a guide I found through Google I was able to associate the correct hardware to the network configuration. I executed the following command:


cc
OBJS
interface
ethernet
<TAB> (if you have multiple network configurations it will cycle through the available ones if you keep hitting TAB. As I only had one configuration it was easy for me to select the correct one :-))
itfhw<TAB> (Again, if you keep hitting TAB it will cycle through the available NIC's. As there was only one recognized, the Realtek, is was an easy pick)
status=1 (this will enable the configuration)
w (this will save the configuration)
exit

Back to the admin page of the UTM and yes, the network configuration was ok now.
I am stuck with the issue that my other network card is not recognized. It is an Intel I219-V and should be able to work with the e1000e module. I did a "lspci" and the network controller showes up. I can also see that the e1000e module is loaded but the nic is just not recognized. Any advice or suggestions for this problem is much appreciated.
The most easy fix here is off course putting in a PCI card with a nic but hey, it is more fun trying to get the I219-V to work :-). My guess is that the e1000e module shipped with the UTM iso is too old so getting it to work would mean replacing it with a newer version. I found the sources for a newer driver but as there are no compile tools on the UTM I cannot build the driver. Does anyone know if I can compile it on a Linux machine with the same kernel and just copy it over to the UTM? Or do I need to do more?



This thread was automatically locked due to age.
Parents
  • 0
    Hi Jeroen,
    I have the same mainboard (only with H chipset) and I got the same Problem. I wasn't able to go beyond the 66% on the install. I tried HDMI, DVI and DVI to VGA adapter. For fun I tried to install the SF-OS (from XG firewall) and the installation went fine, but also just recognizing one nic.
    In the meantime I have bought an 20€ old dual GBE card with Intel chips (labeled as a HP nic) which is recognized without problems from SF-OS. I assume it would also get recognized if I had UTM running.
    But all in all I think we can only wait until Sophos change to a linux kernel with support for the I219 nic.

    But what hardware did you use for installing the UTM?
    Does it really work that well when changing the hardware after installation?
    Regards
    Christian
  • 0 in reply to ZeusDionysos
    Hi Christian,

    After I made the configuration changes everything worked fine for me. Up to now no issues.
    I also bought a GBNic with Intel chipset and that is working fine. Hopefully Sophos will indeed update the drivers so both my onboard nics will be recognized :-)

    The hardware I used to install is my home pc and it has a ROG Maximus VI motherboard with a GeForce GTX 780 Ti graphics card.

    I thought about installing the XG firewall version but I stick with UTM for now. When the product is a bit more mature I probably will switch over to XG but for now it's UTM.

    Regards,

    Jeroen
Reply
  • 0 in reply to ZeusDionysos
    Hi Christian,

    After I made the configuration changes everything worked fine for me. Up to now no issues.
    I also bought a GBNic with Intel chipset and that is working fine. Hopefully Sophos will indeed update the drivers so both my onboard nics will be recognized :-)

    The hardware I used to install is my home pc and it has a ROG Maximus VI motherboard with a GeForce GTX 780 Ti graphics card.

    I thought about installing the XG firewall version but I stick with UTM for now. When the product is a bit more mature I probably will switch over to XG but for now it's UTM.

    Regards,

    Jeroen
Children
No Data
Unfiltered HTML