Jump to:navigation, search
Wiki

Cloud Installation

From Securepoint Wiki

































































Installation of a Securepoint UTM in a cloud
Last adaption: 04.2024
New:
  • Description for setting up the internal network in the Hetzner Cloud added
notempty
This article refers to a Resellerpreview
 -
De.png
En.png
Fr.png

UTM in the Hetzner Cloud

Installation of the UTM as a VM

Thumbnail for

Load video
Vimeo

Video-Instructions
The interfaces used by the firmware available at the time of video creation, labeled as eth0, eth1 etc.,
have since been changed. The virtual machines now have the names LAN1, LAN2 etc., as stated in the text.
  
  1. Log in to the Hetzner Cloud administration
  2. Add a server (Consider the equipment)
  3. Select any type
  4. Add local network
  5. Assign a name
  6. Server Create for a fee
  7. Select server
  8. Integrate the Securepoint UTM Interactive Installer ISO image and restart the server
    Call up the console with button
    button Ctrl Alt Del
  9. Carry out installation
  10. When the message Installation done. Remove the install media now appears, Eject the ISO image and
  11. Complete the installation with < OK >(Firewall reboots)
  12. Log in with default login details
    Username: admin
    Password: insecure
      


  • Afterwards: Secure access, establish access to the Internet, enable administration from your own network:

Configuration of the external interface

  • The UTM is not reachable via the internal LAN2 interface.
    This is located within the Hetzner cloud in a private network. The administration is only possible via the public IP address on the external interface LAN1 and must be explicitly enabled there.

    • user get Note down Admin ID
    user set id xxx name admin password "strong_Password" Change password
































    Passwords must meet the following criteria:
    • at least 8 characters length
    • at least 3 of the following categories:
      • Upper case
      • Lower case
      • Special characters
      • Digits
    interface set name LAN1 flags [ DHCP DYNADDR ]
    system update interface    		 Enable DHCP
    route new dst 0.0.0.0/0 router LAN1
    system update route    		 Set default route
    Sometimes the following alternative may be necessary:

    interface address set id 1 address IP address
      (Set IP address manually)
    route new dst 172.16.1.1 router LAN1
    route new dst 0.0.0.0/0 router 172.16.1.1
    system update route
      (172.16.1.1 is the IP address of the Hetzner-Gateway)

    manager new hostlist 192.0.2.192/32
    system update rule    		 Own IP address / network IP or host name (DynDNS) from which administration is to take place
    (determine IP address e.g. with http://checkip4.spdyn.de/)
    interface address get Check whether the IP address of the external interface of the UTM corresponds with the address displayed during the installation of the VM
    https://$IP_der_UTM:11115 Open the web interface with a static IP address:
    • Finally:
    • Enter the login data
    • Accept the license agreement and privacy policy
    • Basic settings
    • Importing the license file
    notempty
    Update to the latest UTM firmware version under → Extras →Firmware Updates Button Download latest firmware

    Set up the internal network of the UTM

    • VMs in the Hetzner cloud always receive an IPv4 address in a 32-user network.
      All VMs therefore only communicate with the Hetzner switch (which in reality has routing functions).
    • In order for the UTM itself not to try to reach the VMs directly (but to ask the switch), the network of the UTM is limited so that only the UTM and the switch are in the same network.
    • The Hetzner switch receives a default route to the UTM
    • The other VMs in the private Hetzner network require a default route to the Hetzner switch
    Securepoint UTM VM interface address get Determine the ID of the IP address LAN2 (internal interface of the UTM)
    interface address set id 1 address 192.168.175.2/32
    system update interface    		 Changing the IP address
    The Hetzner switch always receives the a.b.c.1 as IP address!
    route new dst 192.168.175.0/28 router 192.168.175.1
    route new dst 192.168.175.1/32 router LAN2
    system update route0
    1. Route: All VMs in the private network should be addressed via the switch.
      The IP address and netmask must correspond to the details specified in the setup for the private network.
    2. Route: The switch is connected to the internal interface (here: LAN2).
  • The UTM still requires packet filter rules for network traffic.
    The default rules should be replaced by specific rules that only allow what is actually required.
    • Hetzner Cloud Menu Routes
    Destination 0.0.0.0 /0 Gateway:192.168.175.2 (IP address of the UTM)    		 The Hetzner switch receives a default route to the UTM
    The warning "You have selected your destination outside the network IP range" can be ignored
    VM in the Hetzner Cloud Example of a default route on a Debian VM
    ip route add default via 192.168.175.1    		 The other VMs in the private Hetzner network require a default route to the Hetzner switch
    Windows VM in the Hetzner Cloud Example of a default route on a Windows server
    Control Panel > Network and Internet > Network connections, select Network: Properties / Internet Protocol Version 4 (TCP/IPv4) / Properties / Default gateway: 192.168.175.1    		 IP address of the Hetzner switch as default gateway in the adapter settings
    Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/VM-Cloud&oldid=91045"