Smoothwall on XenServer 7.1
-
Instead of SmoothWall, have you considered VyOS?
-
Thanks for the suggestion, but we're stuck with Smoothwall, mostly for the content filtering and we've allready paid them for about 100 years of support (well not really, but definitely for the next 3 yrs).
-
Are you using
-- quiet console=hvc0
in the vm setup in XS?
I always have a problem with Debian if i dont do this. -
@momurda said in Smoothwall on XenServer 7.1:
-- quiet console=hvc0
I am not getting the option to enter that, though I suspect that has to to with it being in HVM mode (rather than PV mode). From what I found in the net, it needs to be in HVM mode.
-
HVM is needed. I remember that PV support is not included.
-
You would set this during vm creation not after it is built. It is the option for XS puts in for most Debian based templates, i suspect for this very reason you are having.
Also, using the Other Install Media option template usually fixes most problems in my experience.
Disclaimer: i am still on 6.5 -
I agree. The Debian template might be part of the cause here.
-
I used the Debian 8 template and the Other templates, both had the same effect. The Debian 8 Template does not give me the option to out that string in that field nor the Other Install template, but both result in no HDD controller found.
Both the Debian 6 and 7 (I tried the 64bit and 32bit templates) create a PV VM and that fails to boot from the CD (though it does give me the option to add -- quiet console=hvc0).
-
Even if you get it to install, it will lack drivers making it terrible for firewall performance. I'd drop Smoothwall, looks like they don't support this. Too many better options out there. If their paid support isn't resolving this for you it's just money lost. Look at VyOS or maybe pfSense.
-
In a perfect world this is what I'd do. However, neither VyOS or pfSense offer a solid web filter, which is the primary reason we went with Smoothwall.
Their support told me that they run it on VMWare all the time, and could not think of any reason why Xen would be an issue, though they have not done it, nor have certified it.
That said, I have not called them to ask just yet, I thought I'd see if anyone else has had any ideas about it first.
-
The issue that their support should have told you appears to be that they strip out the Xen PV kernel as well as the necessary drivers to work on Xen. I don't know what Os they build upon, but whatever they are using they are removing the Xen components.
-
I think you will need to use the older templates for this. Debian 8 was not released in 2014, which is when the final release of smoothwall 3.1 was finished.
-
Nope, that's the community (free) version, it is actually significantly different from the commercial version.
@Reid-Cooper said in Smoothwall on XenServer 7.1:
The issue that their support should have told you appears to be that they strip out the Xen PV kernel as well as the necessary drivers to work on Xen. I don't know what Os they build upon, but whatever they are using they are removing the Xen components.
Right, that is what I was worried about. It is based on Debian and it would not surprise me that they would have done that. I'll check in with them on it, but this maybe the end of my testing on this and if so, then I'll need to stick with a physical Smoothwall server.
-
I had to look up about their web filtering. Looks like it is nothing like it was in the past. New product that they've added in that they did not used to have.
-
Couldn't something like Untangle work for you?
-
-
@NerdyDad said in Smoothwall on XenServer 7.1:
Couldn't something like Untangle work for you?
SmoothWall has a new and proprietary web filtering technology. Untangle and those others don't offer a competitive service.
-
@scottalanmiller said in Smoothwall on XenServer 7.1:
@NerdyDad said in Smoothwall on XenServer 7.1:
Couldn't something like Untangle work for you?
SmoothWall has a new and proprietary web filtering technology. Untangle and those others don't offer a competitive service.
Precisely. SmoothWall's filtering is heuristic based rather than a traditional blacklist/whitelist type thing.
Plus we've paid them, a lot, so switching now is not really a possibility.
The frustrating thing here is that they have built in support for VMWare, but not Xen.
-
@jrc Yes that is weird. It means that nobody that use their own version of Xen or those that use XS can use Smoothwall. It is severely limiting their potential customer base. I understand XS only has like 3% market share vs VMWare and HyperV, but Xen/Xenserver users really like it.
I still think you could get this going with one of the templates in XS with a bit of work.
-
@jrc said in Smoothwall on XenServer 7.1:
Plus we've paid them, a lot, so switching now is not really a possibility.
This part undermines your other arguments. This is the sunk cost fallacy and should have no effect on a business decision. The other bit, about the quality of the filtering, is important. This, however, cannot be. Even if you paid them a billion dollars, that money is lost and no longer a factor going forward.