Cloud OSS - Cloudworks Service Manager | How to create a Cloud Gateway (CGW) Template in VMware |
|---|
Table of Contents
Table of Contents maxLevel 2 minLevel 2 indent 10px style none
1. Introduction
| Info | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
See also:
|
...
1) Open VMWare vSphere Client and login.
Fig 1. Logging in to the vSphere Client
...
2) Click View -> Inventory -> Datastores and Datastore Clusters.
Fig 2. Navigating to view Datastores and Datastore Clusters
3) Select a datastore.
Fig 3. Selecting a datastore
...
4) Click on "Browse this datastore".
Fig 4. Browsing a datastore
...
5) Select a folder from the list, in which you will upload the pfsense ISO image. Else, you can create a new folder should you wish so.
Fig 5. Selecting a folder in the datastore
...
6) Click on the upload icon.
Fig 6. Clicking the upload button
7) Select "Upload File".
Fig 7. Selecting to upload a file
...
8) Browse for the pfsense ISO image file, select the file and click on Open. Click on Yes in the appearing warning message.
Fig 8. Browsing for the pfsense ISO image
...
9) Wait for the file to be uploaded. When the upload process is finished, the file should appear in the folder that you have selected in step 6. Close the Datastore Browser window.
Fig 9. The pfsense ISO image has been uploaded
...
10) We will now create a Virtual Machine (VM) based on the uploaded ISO image. On vSphere client click View->Inventory->VMs and Templates.
Fig 10. Navigating to VMs and Templates
...
11) Right click on a Datacenter and select "New Virtual Machine".
Fig 11. Creating a new virtual machine
...
12) Select "Custom configuration" and click on Next.
Fig 12. Selecting custom configuration
...
13) Type in a name and select a location for the new VM. Click on Next.
Fig 13. Typing a name for the new VM
...
14) Select a host or cluster for the new VM. Click on Next.
Fig 14. Selecting a host or cluster
...
15) Select a datastore where the new VM will be stored. Click on Next.
Fig 15. Selecting a datastore
...
16) Select the latest Virtual Machine Version. Click on Next.
Fig 16. Selecting the virtual machine version
...
17) In order to choose an OS type, click on Other and select FreeBSD (64 bit) from the drop down list. Click on Next.
Fig 17. Selecting an OS type
...
18) Set the minimum recommended resources for running a Cloud Gateway VM (1 processor / 1core / 512 MB Memory / 5 GB hard disk).
Fig18. Selecting the number of sockets and cores per socket. Fig 19. Selecting the amount of memory
...
19) A CGW has three network interfaces, so, select 3 and connect the virtual networks as shown below. Click on Next.
Fig 20. Defining the network interfaces
...
20) Leave the SCSI controller selection as is and click on Next.
Fig 21. SCSI controller selection
...
21) Leave the selection as is to Create a new virtual disk and click on Next.
Fig 22. Selecting to create a new virtual disk
...
22) Type in 5 to select 5 GB of storage and select "Thin Provision". Click on Next.
Fig 23. Selecting disk type and provisioning
...
23) Leave the default options as they are. Click on Next.
Fig 24. Choosing the virtual controller on which to connect the new virtual disk
...
24) Click "Edit the virtual machine settings before completion" and click on Continue.
Fig 25. Reviewing the settings and selecting to edit them before completion
...
25) A new window with all the VM settings is displayed.
Fig 26. Viewing all VM settings
26) Select "New CD/DVD".
Fig 27. Installing a new CD/DVD drive
...
27) Select "Datastore ISO File" and click on Browse.
Fig 28. Selecting a datastore
...
28) Navigate to find the ISO image that you uploaded earlier. Click on OK.
Fig 29. Navigating the datastore to find the pfsense ISO image
...
29) Click "Connect at power on". Click on Finish.
Fig 30. Having chosen the datastore ISO file
...
30) Click on "Apply Recommendations".
Fig 31. Viewing and applying recommendations for VM placement
...
32) Right click on the VM and click "Open Console".
Fig 32. Opening the VM console
...
33) Click on the green arrow to start the VM.
Fig 33. Starting the VM
...
34) Now we have opened VM console.
Fig 34. The VM console
...
35) Wait until the following screen shows up during boot process and type "i" to install pfSense on the VM hard disk.
Fig 35. Selecting installation on the local VM hard disk
...
36) Select "Accept these Settings" via the keyboard arrows and press Enter.
Fig 36. Accepting the default console settings
...
37) Select "Quick/Easy Install" and press Enter.
Fig 37. Selecting installation type
...
38) Select OK and press Enter.
Fig 38. Installation approval
...
39) Wait until the set up process of pfSense is completed.
Fig 39. Waiting for the installation to complete
...
40) Select "Standard Kernel" and press Enter.
Fig 40. Selecting kernel type
...
41) Select "Return to Select Task" and press Enter.
Fig 41. Returning from installation
...
42)Select Exit and press Enter.
Fig 42. Exiting installation
...
43) Wait for the VM to reboot.
Fig 43. pfSense rebooting upon installation process completion
...
44) Click VM->Power->Power Off to stop the VM.
Fig 44. Powering off
...
46) Right click on the VM and click on "Edit Settings".
Fig 45. Navigating to edit the VM settings
...
47) Select the DVD drive, uncheck "Connect at power on", select "Client Device" and click on OK.
Fig 46. Disconnecting the CD/DVD virtual drive
...
48) Power on the VM and connect to its console as previously. Wait for the following screen to appear:
Fig 47. Powering up for the first time after the OS installation
...
49) Type 1 and press Enter to assign names to the network interfaces.
Fig 48. Assigning names to the network interfaces
...
50) VLAN configuration is not required at this point, therefore type "n" and press Enter.
Fig 49. Denying VLAN setup
...
- Type em0 and press Enter.
Fig 50. Assigning name to WAN interface
...
- Type em1 and press Enter.
Fig 51. Assigning name to LAN interface
- Type em1 and press Enter.
- Type em2 and press Enter.
Fig 52. Assigning name to OPT1 interface
- Type em2 and press Enter.
- There are no more network interfaces, so, press Enter to continue.
Fig 53. Finished naming network interfaces
- There are no more network interfaces, so, press Enter to continue.
...
- Type "y" and press Enter to accept interface assignments.
Fig 54. Saving network interface name assignments
- Type "y" and press Enter to accept interface assignments.
...
- Allow the VM to proceed until the screen below appears:
Fig 55. The pfsense basic options console menu
- Allow the VM to proceed until the screen below appears:
...
- Type "2" and press Enter.
Fig 56. pfSense basic options console menu
...
- Type "1" to select the WAN interface and press Enter.
Fig 57. Choosing to configure WAN interface
...
- Type "n" and press Enter when asked to configure the interface via DHCP. Type in the WAN interface IP address and press Enter.
Fig 58. Configuring an IP Address for the WAN interface
...
- Type in the subnet mask for WAN interface and press Enter.
Fig 59. Configuring a subnet mask for the WAN interface
...
- Press Enter without setting a gateway IP address for the WAN interface.
Fig 60. Skipping gateway configuration for the WAN interface
...
- Type "n" and press Enter in order to skip DHCP for IPv6 addresses.
Fig 61. Skipping DHCP IPv6 configuration for the WAN interface
...
- Press Enter to skip IPv6 address configuration.
Fig 62. Skipping IPv6 address configuration for the WAN interface
...
- Type "n" and press Enter.
Fig 63. Choosing not to revert webConfigurator to HTTP
- Press Enter to continue.
Fig 64. Finishing WAN interface configuration
...
- Type "2" and press Enter.
- Type "2" and press Enter.
- Enter the IP address and press Enter.
- Enter the subnet mask and press Enter.
- Enter the gateway IP address and press Enter.
- Press Enter.
- Type "n" and press Enter.
- Type "n" and press Enter.
- Press Enter to continue.
...
- Type "2" and press Enter.
- Type "3" and press Enter.
- Enter the OPT1 interface IP address and press Enter.
- Enter the subnet mask and press Enter.
- Enter the gateway address and press Enter.
- Press Enter.
...
- Type "n" and press Enter.
- Type "n" and press Enter.
- Press Enter to continue.
...
56) Rename the OPT1 interface to MGMT by clicking on Interfaces -> OPT1 and changing the Description field to MGMT. Save and Apply.
Fig 68. Navigating to the OPT1 interface settings Fig 69. Renaming the OPT1 interface
...
Fig 74. Configuring a gateway for the WAN interface
Click on Apply changes.
Fig 75. Applying gateway configuration changes
...
58) Add the required static Routes by selecting the Routes tab and by clicking on the plus icon at the bottom right.
Fig 76. Selecting to add a route
...
Fill in the appropriate fields as shown below, click Save and Apply.
Fig 77. Configuring an additional static route.
...
Click on the plus icon at the bottom right and fill in the required fields as shown below. Click Save and Apply.
Fig 78. Configuring an additional static route.
...
Select "Manual Outbound NAT rule generation" and click on Save.
Fig 80. Selecting manual outbound rule generation
...
Fill in the appropriate fields as shown below and click on Save.
Fig 83. Configuring the additional firewall rule on the WAN interface
...
Fill in the appropriate fields as shown below and click on Save.
Fig 85. Configuring the additional firewall rule on the WAN interface Fig 86. Applying changes
...
Remove the last two rules by selecting them and clicking on the "x" sign at the bottom right. Approve removal when asked. Click on the "plus" sign icon to add a rule.
Fig 88. Removing existing LAN interface firewall rules
...
Fill in the appropriate fields as shown below and click on Save and Apply changes.
Fig 89. Configuring the additional firewall rule on the WAN interface Fig 90. Applying changes
...
...
...
...
Fill in the appropriate fields as shown in the image below. Select the users group in the text box on the left and click on the "right arrow" sign to move it to the right.
Save the form when ready.
Fig 100. Configuring 'fwadmin' user
...
65) Go to System -> Advanced and Enable Secure Shell. Then click on Disable HTTP_REFERER enforcement check. Click on Save.
Fig 101a. Enabling secure shell access Fig 101b. Disabling HTTP_REFERER enforcement check
...
removeNotAllowedItems($system_menu, $menuAllowedItems);
removeNotAllowedItems($interfaces_menu, $menuAllowedItems);
removeNotAllowedItems($firewall_menu, $menuAllowedItems);
removeNotAllowedItems($services_menu, $menuAllowedItems);
removeNotAllowedItems($vpn_menu, $menuAllowedItems);
removeNotAllowedItems($status_menu, $menuAllowedItems);
removeNotAllowedItems($diagnostics_menu, $menuAllowedItems);
This can be done by using WinSCP (click here to download) for accessing pfSense via SFTP. You may use Notepad++ editor or any other editor that you prefer.
...
Fig 102. Accessing pfSense with WinSCP
On the right side of the monitor you can browse pfSense filesystem. Open /usr/local/www/ folder.
Fig 103. /usr/local/www pfSense folder
Right click on file fbegin.inc and click on Edit.
Fig 104. Editing file fbegin.inc
Move to line 262.
Fig 105. fbegin.inc, line 262
Copy the additional lines of code below line 262. Save the file and close the editor.
...
76) You will now need to disable the LAN and WAN interfaces prior to creating a VM Template based on the CGW VM. Gain console access to Cloud Gateway (CGW) via the vSphere console.
Fig 110. Connecting to CGW console
...
In order to disable the WAN and LAN interfaces, type "2" and press Enter.
Configure the WAN interface by typing "1" and press Enter.
Type "n" at IPv4 DHCP configuration and press Enter.
Press Enter at WAN IPv4 address for no IP address.
...
Type "n" at IPv6 DHCP configuration and press Enter.
Press Enter at WAN IPv6 address for no IP address.
...
Type "n" at HTTP for webConfigurator and press Enter.
Press Enter to continue.
...
The WAN interface is now disabled. To continue with disabling the LAN interface, type "2" and press Enter.
Type "2" to configure the LAN interface and press Enter. Disable the LAN interface following the same steps provided in this paragraph for the WAN interface.
77) After disabling the LAN and WAN interface, type "6" in basic menu and press Enter, then press "y" in order to shut down the Cloud Gateway. Wait for the VM to shut down.
Fig 111. Shutting down pfsense
...
78) Return to the vSphere client, find the new VM, right click on it, and go to Template->Clone to Template to create the new template.
Fig 112. Navigating to clone the template
...
79) Type in a name for the new template
Fig 113. Naming the template
...
80) Select a location to save the template and click on Next.
Fig 114. Selecting a location to save the template
...
81) Select a cluster in which you will store this template and click on Next.
Fig 115. Selecting a cluster to store the template
...
82) Select "Thin Provision" as a virtual disk format.
Fig 116. Selecting a virtual disk format
...
83) Select a datastore for the template.
Fig 117. Selecting a datastore for the template
84) Click on Next.
Fig 118. Viewing all the previous selections
85) Click on Finish.
Fig 119. Finishing the template creation wizard
...
86) Wait until the creation Tasks are completed.
Fig 120. Viewing the progress of the tasks that lead to the template creation
...
87) The new template should now exist in the folder where we created it.
Fig 121. Viewing the new template in its folder
...