Netasq U70s with OPNsense

[Crackgen]

Hi,

It Security is the first of my hobbies, and I want to recycle a Netasq U70s UTM without license.

Can you say me if it's possible to use this UTM hardware to install OPNSense?

You can find a link with the specs of hardware :

https://www.pc21.fr/fiche/na-u70s-netasq-u-series-u70s-dispositif-de-securite-8-ports-gige-1u-i2138320.html

Thanks for your advice!

OPNsense : My next Open Source Firewall !

[monstermania]

I don't know Netsaq hw.
But if the UTM use an x86/x64 cpu and the nic interfaces are supported under FreeBSD the installation of OPNsense should work.

best regards
Dirk

[Crackgen]

Hi Monstermania,

Thanks for your reply !

Netasq U70S use FreeBSD OS.

With uname -an command, the result is :

NS-BSD  2.10.0- NS-BSD 2.10.0- #0: Mon Jan  8 12:16:59 CET 2018     build@buildmajsicilia32.labo.int:/usr/home/build/fw-PRETAG_2.10.0/firmware/sys-9.3/work/sys/i386/compile/NETASQ.S.NOSMP.HW.RELEASE  i386

I think it's possible ...

[monstermania]

@Crackgen
Hmm,
do you know this thread into pfsense-forum?
https://forum.netgate.com/topic/105839/netasq-u70-pfsense-2-3-2-install-network-interface-problem
or here into freebsd forum:
https://forums.freebsd.org/threads/nic-em-problem-on-freebsd-10.49677/
Don't know if netasq u70 and u70s is quite the same but this sounds not good for me. 
The cpu seems to be 32Bit. IMHO it is no good idea to start with 32Bit in 2018!

I'm running OPNsense on an older Ucopia device (Lexcom 3I525 barebone).
Some of them sold during past weeks on ebay for around 30€ (w/o RAM or HDD).
Quite a good entry for OPNsense. 

best regards
Dirk

[nsouch]

Thanks to the precious help of the zrouter.org team

I succeeded in installing OPNSense on NetASQ U70. The internal switch is connected to the secondary RS232 port of the board.
So, consider the following procedure :

Define 2 VLAN at startup : VLAN 1 et VLAN 2 both on em0 interface then,
Assign em0_vlan1 to WAN
Assign em0_vlan2 to LAN
The switch configuration hereafter has to be respected to obtain :
port 1 = WAN
port 2 to 6 = LAN

Configuration of switch NetASQ_U70 :
cu -s 9600 -l /dev/ttyu1
> vlan
VLAN> aware 1 enable
VLAN> pvid 1 none
VLAN> frame type 1 Tagged
VLAN> aware 2-8 disable
VLAN> pvid 2 1
VLAN> pvid 3-8 2
VLAN> del 1-4094
VLAN> add 1 1-2
VLAN> add 2 1,3-8
VLAN> config
VLAN Configuration:
    Port  Aware    PVID  Ingress Filtering  Frame Type
     1:   enabled none       disabled          Tagged
     2:  disabled    1       disabled          All
     3:  disabled    2       disabled          All
     4:  disabled    2       disabled          All
     5:  disabled    2       disabled          All
     6:  disabled    2       disabled          All
     7:  disabled    2       disabled          All
     8:  disabled    2       disabled          All

    Entries in permanent table:
       1:  1,2
       2:  1,3,4,5,6,7,8
VLAN>
Use the cu(1) escape sequence <Enter> then ~ (tilde) followed by . (dot)

For further reading on the switch CLI : https://www.szafa-rackowa.pl/zalacznik/Instrukcja-obslugi-Lantech-LGS-2424C-1200.pdf

Have fun.

[xobix]

hy,

I tried it but when I execute the cu command, I can see "Connected" but there is no prompt after and I can't type anything

Have you an idea of why ?

[intelliop]

Could you care to share how did you achieve this?  I went to zrouter.org and u70 wasn't listed as one of the supported devices.

Thanks to the precious help of the zrouter.org team

I succeeded in installing OPNSense on NetASQ U70. The internal switch is connected to the secondary RS232 port of the board.
So, consider the following procedure :

Define 2 VLAN at startup : VLAN 1 et VLAN 2 both on em0 interface then,
Assign em0_vlan1 to WAN
Assign em0_vlan2 to LAN
The switch configuration hereafter has to be respected to obtain :
port 1 = WAN
port 2 to 6 = LAN

Configuration of switch NetASQ_U70 :
cu -s 9600 -l /dev/ttyu1
> vlan
VLAN> aware 1 enable
VLAN> pvid 1 none
VLAN> frame type 1 Tagged
VLAN> aware 2-8 disable
VLAN> pvid 2 1
VLAN> pvid 3-8 2
VLAN> del 1-4094
VLAN> add 1 1-2
VLAN> add 2 1,3-8
VLAN> config
VLAN Configuration:
    Port  Aware    PVID  Ingress Filtering  Frame Type
     1:   enabled none       disabled          Tagged
     2:  disabled    1       disabled          All
     3:  disabled    2       disabled          All
     4:  disabled    2       disabled          All
     5:  disabled    2       disabled          All
     6:  disabled    2       disabled          All
     7:  disabled    2       disabled          All
     8:  disabled    2       disabled          All

    Entries in permanent table:
       1:  1,2
       2:  1,3,4,5,6,7,8
VLAN>
Use the cu(1) escape sequence <Enter> then ~ (tilde) followed by . (dot)

For further reading on the switch CLI : https://www.szafa-rackowa.pl/zalacznik/Instrukcja-obslugi-Lantech-LGS-2424C-1200.pdf

Have fun.

[nsouch]

Hello,

Back on the topic 
I succeeded using an "S" version of NETASQ U70S.

Consider the following: purchase a SSD SATA3 Disk Module 22-Pin/90 Degree MLC 16GB eg here https://www.mouser.fr/ProductDetail/Apacer/APSDM016G12AN-PTM1?qs=byeeYqUIh0Mv0jDFlzY06A%3D%3D&countryCode=DE&currencyCode=EUR

Dump an i386 nano version of opnsense on it with dd command or other like this. USB is really not bootable so you should perform this action on another SATA system.

The switch is on ttyu1 but at 19200 bauds:

Code: [Select]

cu -s 19200 -l /dev/ttyu1

Leave ports unmodified:

Code: [Select]

VLAN> config

VLAN Configuration:
===================

Port  PVID  Frame Type  Ingress Filter  Tx Tag      Port Type     
——  ——  —————  ———————  —————  —————— 
1     1     All         Disabled        Untag PVID  Unaware       
2     2     All         Disabled        Untag PVID  Unaware       
3     3     All         Disabled        Untag PVID  Unaware       
4     4     All         Disabled        Untag PVID  Unaware       
5     5     All         Disabled        Untag PVID  Unaware       
6     6     All         Disabled        Untag PVID  Unaware       
7     7     All         Disabled        Untag PVID  Unaware       
8     8     All         Disabled        Untag PVID  Unaware       
9     None  Tagged      Disabled        Untag PVID  C-Port

but setup 2 VLANs:

Code: [Select]

VID   VLAN Name                         Ports
——  ————————————————  ——
1     default                           1,9
2                                       2-9

Nota: U70S port layout is different than U70. On the later, port 1 is for cpu but on U70S, cpu has a dedicated port namely 9

[nsouch]

Oh and btw, it works even better with 4GB of 1333MHz DDR3 (PC10600)!

[nsouch]

hy,

I tried it but when I execute the cu command, I can see "Connected" but there is no prompt after and I can't type anything

Have you an idea of why ?

Yes, if it's a U70S and not a U70 you may try 19200 instead of 9600 bauds...