Hi,
It Security is the first of my hobbies, and I want to recycle a Netasq U70s UTM without license.
Can you say me if it's possible to use this UTM hardware to install OPNSense?
You can find a link with the specs of hardware :
https://www.pc21.fr/fiche/na-u70s-netasq-u-series-u70s-dispositif-de-securite-8-ports-gige-1u-i2138320.html
Thanks for your advice!
OPNsense : My next Open Source Firewall !
I don't know Netsaq hw.
But if the UTM use an x86/x64 cpu and the nic interfaces are supported under FreeBSD the installation of OPNsense should work.
best regards
Dirk
Hi Monstermania,
Thanks for your reply !
Netasq U70S use FreeBSD OS.
With uname -an command, the result is :
NS-BSD 2.10.0- NS-BSD 2.10.0- #0: Mon Jan 8 12:16:59 CET 2018 build@buildmajsicilia32.labo.int:/usr/home/build/fw-PRETAG_2.10.0/firmware/sys-9.3/work/sys/i386/compile/NETASQ.S.NOSMP.HW.RELEASE i386
I think it's possible ...
@Crackgen
Hmm,
do you know this thread into pfsense-forum?
https://forum.netgate.com/topic/105839/netasq-u70-pfsense-2-3-2-install-network-interface-problem
or here into freebsd forum:
https://forums.freebsd.org/threads/nic-em-problem-on-freebsd-10.49677/
Don't know if netasq u70 and u70s is quite the same but this sounds not good for me. :(
The cpu seems to be 32Bit. IMHO it is no good idea to start with 32Bit in 2018!
I'm running OPNsense on an older Ucopia device (Lexcom 3I525 barebone).
Some of them sold during past weeks on ebay for around 30€ (w/o RAM or HDD).
Quite a good entry for OPNsense. ;)
best regards
Dirk
Thanks to the precious help of the zrouter.org team
I succeeded in installing OPNSense on NetASQ U70. The internal switch is connected to the secondary RS232 port of the board.
So, consider the following procedure :
Define 2 VLAN at startup : VLAN 1 et VLAN 2 both on em0 interface then,
Assign em0_vlan1 to WAN
Assign em0_vlan2 to LAN
The switch configuration hereafter has to be respected to obtain :
port 1 = WAN
port 2 to 6 = LAN
Configuration of switch NetASQ_U70 :
cu -s 9600 -l /dev/ttyu1
> vlan
VLAN> aware 1 enable
VLAN> pvid 1 none
VLAN> frame type 1 Tagged
VLAN> aware 2-8 disable
VLAN> pvid 2 1
VLAN> pvid 3-8 2
VLAN> del 1-4094
VLAN> add 1 1-2
VLAN> add 2 1,3-8
VLAN> config
VLAN Configuration:
Port Aware PVID Ingress Filtering Frame Type
1: enabled none disabled Tagged
2: disabled 1 disabled All
3: disabled 2 disabled All
4: disabled 2 disabled All
5: disabled 2 disabled All
6: disabled 2 disabled All
7: disabled 2 disabled All
8: disabled 2 disabled All
Entries in permanent table:
1: 1,2
2: 1,3,4,5,6,7,8
VLAN>
Use the cu(1) escape sequence <Enter> then ~ (tilde) followed by . (dot)
For further reading on the switch CLI : https://www.szafa-rackowa.pl/zalacznik/Instrukcja-obslugi-Lantech-LGS-2424C-1200.pdf
Have fun.
hy,
I tried it but when I execute the cu command, I can see "Connected" but there is no prompt after and I can't type anything :(
Have you an idea of why ?
Could you care to share how did you achieve this? I went to zrouter.org and u70 wasn't listed as one of the supported devices.
Quote from: nsouch on May 01, 2019, 03:53:10 PM
Thanks to the precious help of the zrouter.org team
I succeeded in installing OPNSense on NetASQ U70. The internal switch is connected to the secondary RS232 port of the board.
So, consider the following procedure :
Define 2 VLAN at startup : VLAN 1 et VLAN 2 both on em0 interface then,
Assign em0_vlan1 to WAN
Assign em0_vlan2 to LAN
The switch configuration hereafter has to be respected to obtain :
port 1 = WAN
port 2 to 6 = LAN
Configuration of switch NetASQ_U70 :
cu -s 9600 -l /dev/ttyu1
> vlan
VLAN> aware 1 enable
VLAN> pvid 1 none
VLAN> frame type 1 Tagged
VLAN> aware 2-8 disable
VLAN> pvid 2 1
VLAN> pvid 3-8 2
VLAN> del 1-4094
VLAN> add 1 1-2
VLAN> add 2 1,3-8
VLAN> config
VLAN Configuration:
Port Aware PVID Ingress Filtering Frame Type
1: enabled none disabled Tagged
2: disabled 1 disabled All
3: disabled 2 disabled All
4: disabled 2 disabled All
5: disabled 2 disabled All
6: disabled 2 disabled All
7: disabled 2 disabled All
8: disabled 2 disabled All
Entries in permanent table:
1: 1,2
2: 1,3,4,5,6,7,8
VLAN>
Use the cu(1) escape sequence <Enter> then ~ (tilde) followed by . (dot)
For further reading on the switch CLI : https://www.szafa-rackowa.pl/zalacznik/Instrukcja-obslugi-Lantech-LGS-2424C-1200.pdf
Have fun.
Hello,
Back on the topic 8)
I succeeded using an "S" version of NETASQ U70S.
Consider the following: purchase a SSD SATA3 Disk Module 22-Pin/90 Degree MLC 16GB eg here https://www.mouser.fr/ProductDetail/Apacer/APSDM016G12AN-PTM1?qs=byeeYqUIh0Mv0jDFlzY06A%3D%3D&countryCode=DE¤cyCode=EUR
Dump an i386 nano version of opnsense on it with dd command or other like this. USB is really not bootable so you should perform this action on another SATA system.
The switch is on ttyu1 but at 19200 bauds:
cu -s 19200 -l /dev/ttyu1
Leave ports unmodified:
VLAN> config
VLAN Configuration:
===================
Port PVID Frame Type Ingress Filter Tx Tag Port Type
—— —— ————— ——————— ————— ——————
1 1 All Disabled Untag PVID Unaware
2 2 All Disabled Untag PVID Unaware
3 3 All Disabled Untag PVID Unaware
4 4 All Disabled Untag PVID Unaware
5 5 All Disabled Untag PVID Unaware
6 6 All Disabled Untag PVID Unaware
7 7 All Disabled Untag PVID Unaware
8 8 All Disabled Untag PVID Unaware
9 None Tagged Disabled Untag PVID C-Port
but setup 2 VLANs:
VID VLAN Name Ports
—— ———————————————— ——
1 default 1,9
2 2-9
Nota: U70S port layout is different than U70. On the later, port 1 is for cpu but on U70S, cpu has a dedicated port namely 9
Oh and btw, it works even better with 4GB of 1333MHz DDR3 (PC10600)!
Quote from: xobix on February 12, 2020, 11:29:43 AM
hy,
I tried it but when I execute the cu command, I can see "Connected" but there is no prompt after and I can't type anything :(
Have you an idea of why ?
Yes, if it's a U70S and not a U70 you may try 19200 instead of 9600 bauds...