Azure IaaS Lab – Firewall – Part 2

This post is part of a series, for the series contents see:

With my Ubuntu VM built, the next step was to get Zentyal firewall installed and configured.

This was a right pain in the butt.  If ClearOS wasn’t a Market Place product (and therefore out of reach for my MSDN subscription) I would have just dumped Zentyal and gone for that instead.

  • First I thought I’d get the latest version (5.0 at the time of writing) installed on Ubuntu 16.04-LTS but it hit a load of dependency issues at install time.
  • Then I went old skool and tried to install version 3.5 on Ubuntu 14.04-LTS to no avail – same problems.
  • Eventually I got it working with 4.2 on Ubuntu 14.04-LTS.

Because I don’t have a site-to-site VPN, or ExpressRoute, I had to jump off of my management VM to hit the firewall box:

Once I had an SSH session, then installing Zentyal was as simple as these commands (credit to this blog post):

#Add the repository
deb 4.2 main

sudo apt-key adv --keyserver --recv-keys 10E239FF
wget -q -O- | sudo apt-key add -
#Apply updates and then install Zentyal
sudo apt-get update
sudo apt-get install zentyal

Once all the packages have been pulled down and the installer has kicked in you get asked to set a MySQL password:

Zentyal Setup SQL

Then you get prompted to set a port over which to access the Zentyal web interface.  I simply used the default of “8443”:

Zentyal Setup Port

With that all set, the next step is to hit that web interface.  I jumped onto my management server (mgmt-vm) and hit it from there:

Zentyal Login

After logging in with the “adminuser” credentials I setup the VM with, I was prompted to go through the initial setup:

Zentyal Initial Setup

Zentyal is actually a pretty feature rich piece of software but for the purposes of this lab I just need the firewall:

Zentyal Firewall Install

To get the firewall setup, the installer prompts you to specify which interfaces are internally or externally facing so I set my interface (eth0) as my internal side of the firewall and (eth1) as external:

Zentyal Firewall Interfaces

Next up, you have to choose the addressing of the interfaces.  As we’re in an Azure IaaS world “DHCP” is the right choice for each interface here but annoyingly the external interface doesn’t let you choose this option so I manually configured it to get me through the installer (later I went back changed it to be DHCP too):

Zentyal Firewall Interfaces 2

Then, ta da, it’s all done:

Zentyal Firewall Install Finished.PNG

Which leads to……

Zentyal Dashboard

Obviously, in the real world I would heed the warnings and get the box updated but after all the trouble getting this set up I can’t be bothered to risk breaking it so it can stay as is, which is to say “functioning”.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: