Netasq U70s with OPNsense

Started by Crackgen, October 01, 2018, 09:05:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 01, 2018, 09:05:01 PM
Hi,

It Security is the first of my hobbies, and I want to recycle a Netasq U70s UTM without license.

Can you say me if it's possible to use this UTM hardware to install OPNSense?

You can find a link with the specs of hardware :

https://www.pc21.fr/fiche/na-u70s-netasq-u-series-u70s-dispositif-de-securite-8-ports-gige-1u-i2138320.html

Thanks for your advice!

OPNsense : My next Open Source Firewall !
October 02, 2018, 10:36:12 AM #1
I don't know Netsaq hw.
But if the UTM use an x86/x64 cpu and the nic interfaces are supported under FreeBSD the installation of OPNsense should work.

best regards
Dirk
October 02, 2018, 12:17:41 PM #2
Hi Monstermania,

Thanks for your reply !

Netasq U70S use FreeBSD OS.

With uname -an command, the result is :

NS-BSD  2.10.0- NS-BSD 2.10.0- #0: Mon Jan  8 12:16:59 CET 2018     build@buildmajsicilia32.labo.int:/usr/home/build/fw-PRETAG_2.10.0/firmware/sys-9.3/work/sys/i386/compile/NETASQ.S.NOSMP.HW.RELEASE  i386

I think it's possible ...
October 02, 2018, 03:54:46 PM #3 Last Edit: October 02, 2018, 04:04:23 PM by monstermania
@Crackgen
Hmm,
do you know this thread into pfsense-forum?
https://forum.netgate.com/topic/105839/netasq-u70-pfsense-2-3-2-install-network-interface-problem
or here into freebsd forum:
https://forums.freebsd.org/threads/nic-em-problem-on-freebsd-10.49677/
Don't know if netasq u70 and u70s is quite the same but this sounds not good for me.  :(
The cpu seems to be 32Bit. IMHO it is no good idea to start with 32Bit in 2018!

I'm running OPNsense on an older Ucopia device (Lexcom 3I525 barebone).
Some of them sold during past weeks on ebay for around 30€ (w/o RAM or HDD).
Quite a good entry for OPNsense.  ;)

best regards
Dirk
May 01, 2019, 03:53:10 PM #4 Last Edit: May 01, 2019, 04:23:19 PM by nsouch
Thanks to the precious help of the zrouter.org team

I succeeded in installing OPNSense on NetASQ U70. The internal switch is connected to the secondary RS232 port of the board.
So, consider the following procedure :

Define 2 VLAN at startup : VLAN 1 et VLAN 2 both on em0 interface then,
Assign em0_vlan1 to WAN
Assign em0_vlan2 to LAN
The switch configuration hereafter has to be respected to obtain :
port 1 = WAN
port 2 to 6 = LAN

Configuration of switch NetASQ_U70 :
cu -s 9600 -l /dev/ttyu1
> vlan
VLAN> aware 1 enable
VLAN> pvid 1 none
VLAN> frame type 1 Tagged
VLAN> aware 2-8 disable
VLAN> pvid 2 1
VLAN> pvid 3-8 2
VLAN> del 1-4094
VLAN> add 1 1-2
VLAN> add 2 1,3-8
VLAN> config
VLAN Configuration:
    Port  Aware    PVID  Ingress Filtering  Frame Type
     1:   enabled none       disabled          Tagged
     2:  disabled    1       disabled          All
     3:  disabled    2       disabled          All
     4:  disabled    2       disabled          All
     5:  disabled    2       disabled          All
     6:  disabled    2       disabled          All
     7:  disabled    2       disabled          All
     8:  disabled    2       disabled          All

    Entries in permanent table:
       1:  1,2
       2:  1,3,4,5,6,7,8
VLAN>
Use the cu(1) escape sequence <Enter> then ~ (tilde) followed by . (dot)

For further reading on the switch CLI : https://www.szafa-rackowa.pl/zalacznik/Instrukcja-obslugi-Lantech-LGS-2424C-1200.pdf

Have fun.

February 12, 2020, 11:29:43 AM #5
hy,

I tried it but when I execute the cu command, I can see "Connected" but there is no prompt after and I can't type anything :(

Have you an idea of why ?
May 25, 2020, 09:55:41 AM #6
Could you care to share how did you achieve this?  I went to zrouter.org and u70 wasn't listed as one of the supported devices.

Quote from: nsouch on May 01, 2019, 03:53:10 PM
Thanks to the precious help of the zrouter.org team

I succeeded in installing OPNSense on NetASQ U70. The internal switch is connected to the secondary RS232 port of the board.
So, consider the following procedure :

Define 2 VLAN at startup : VLAN 1 et VLAN 2 both on em0 interface then,
Assign em0_vlan1 to WAN
Assign em0_vlan2 to LAN
The switch configuration hereafter has to be respected to obtain :
port 1 = WAN
port 2 to 6 = LAN

Configuration of switch NetASQ_U70 :
cu -s 9600 -l /dev/ttyu1
> vlan
VLAN> aware 1 enable
VLAN> pvid 1 none
VLAN> frame type 1 Tagged
VLAN> aware 2-8 disable
VLAN> pvid 2 1
VLAN> pvid 3-8 2
VLAN> del 1-4094
VLAN> add 1 1-2
VLAN> add 2 1,3-8
VLAN> config
VLAN Configuration:
    Port  Aware    PVID  Ingress Filtering  Frame Type
     1:   enabled none       disabled          Tagged
     2:  disabled    1       disabled          All
     3:  disabled    2       disabled          All
     4:  disabled    2       disabled          All
     5:  disabled    2       disabled          All
     6:  disabled    2       disabled          All
     7:  disabled    2       disabled          All
     8:  disabled    2       disabled          All

    Entries in permanent table:
       1:  1,2
       2:  1,3,4,5,6,7,8
VLAN>
Use the cu(1) escape sequence <Enter> then ~ (tilde) followed by . (dot)

For further reading on the switch CLI : https://www.szafa-rackowa.pl/zalacznik/Instrukcja-obslugi-Lantech-LGS-2424C-1200.pdf

Have fun.
June 16, 2024, 07:31:44 PM #7 Last Edit: June 16, 2024, 07:33:37 PM by nsouch
Hello,

Back on the topic  8)
I succeeded using an "S" version of NETASQ U70S.

Consider the following: purchase a SSD SATA3 Disk Module 22-Pin/90 Degree MLC 16GB eg here https://www.mouser.fr/ProductDetail/Apacer/APSDM016G12AN-PTM1?qs=byeeYqUIh0Mv0jDFlzY06A%3D%3D&countryCode=DE&currencyCode=EUR

Dump an i386 nano version of opnsense on it with dd command or other like this. USB is really not bootable so you should perform this action on another SATA system.

The switch is on ttyu1 but at 19200 bauds:
Code Select

cu -s 19200 -l /dev/ttyu1


Leave ports unmodified:

Code Select

VLAN> config

VLAN Configuration:
===================

Port  PVID  Frame Type  Ingress Filter  Tx Tag      Port Type     
——  ——  —————  ———————  —————  —————— 
1     1     All         Disabled        Untag PVID  Unaware       
2     2     All         Disabled        Untag PVID  Unaware       
3     3     All         Disabled        Untag PVID  Unaware       
4     4     All         Disabled        Untag PVID  Unaware       
5     5     All         Disabled        Untag PVID  Unaware       
6     6     All         Disabled        Untag PVID  Unaware       
7     7     All         Disabled        Untag PVID  Unaware       
8     8     All         Disabled        Untag PVID  Unaware       
9     None  Tagged      Disabled        Untag PVID  C-Port


but setup 2 VLANs:

Code Select

VID   VLAN Name                         Ports
——  ————————————————  ——
1     default                           1,9
2                                       2-9


Nota: U70S port layout is different than U70. On the later, port 1 is for cpu but on U70S, cpu has a dedicated port namely 9
June 16, 2024, 07:35:57 PM #8
Oh and btw, it works even better with 4GB of 1333MHz DDR3 (PC10600)!
June 16, 2024, 07:37:13 PM #9
Quote from: xobix on February 12, 2020, 11:29:43 AM
hy,

I tried it but when I execute the cu command, I can see "Connected" but there is no prompt after and I can't type anything :(

Have you an idea of why ?
Yes, if it's a U70S and not a U70 you may try 19200 instead of 9600 bauds...
Print
Go Up Pages1
User actions