The libvirt API that is used to manage KVM includes a host of tools that allow you to create and manage virtual machines. To install the VM-Series firewall on KVM you can use any of the following methods:
Manually create the XML definition of the VM-Series firewall, then use virsh to import the definition. Virsh is the most powerful tool that allows for full administration of the virtual machine.
Use virt-install to create the definition for the VM-Series firewall and install it.
Use the desktop user interface called virt-manager; virt-manager provides a convenient wizard to help you through the installation process.
The following procedure uses virt-manager to install the VM-Series firewall on a server running KVM on RHEL; the instructions for using virsh or virt-install are not included in this document.
On the Virt-manager, select
Create a new virtual machine.
Add a descriptive
for the VM-Series firewall.
Import existing disk image, browse to the image, and set the
OS Type: Linux and
Version: Red Hat Enterprise Linux 6.
If you prefer, you can leave the OS Type and Version as Generic.
to 4096 MB; or 5120 MB, if you have purchased the VM-1000-HV license.
to 2, 4, or 8.
Customize configuration before install.
Under Advanced options, select the bridge for the management interface, and accept the default settings.
To modify disk settings:
Disk, expand Advanced options and select
—Virtio or IDE, based on your set up.
If you want to use a SCSI disk bus, see
Enable the Use of a SCSI Controller.
Expand Performance options, and set
writethrough. This setting improves installation time and execution speed on the VM-Series firewall.
To add network adapters for the data interfaces:
On Ubuntu 16.04 LTS, to pass L2 traffic when using an Open vSwitch, you must set the interface type to bridge and the virtual port type to openvswitch
if you are using a software bridge such as the Linux bridge or the Open vSwitch.
Host Device, enter the name of the bridge or select it from the drop down list.
To specify the driver, set
to e-1000 or virtio. These are the only supported virtual interface types.
PCI Host Device
for PCI-passthrough or an SR-IOV capable device.
list, select the interface on the card or the virtual function.
Click Begin Installation
By default, the XML template for the VM-Series firewall is created and stored at etc/libvirt/qemu.
Wait 5-7 minutes for the installation to complete.
Configure the network access settings for the management interface.
Open a connection to the console.
Log into the firewall with username/password: admin/admin.
Enter configuration mode with the following command:
Use the following command to configure the management interface:
set deviceconfig system ip-address <Firewall-IP> netmask <netmask> default-gateway <gateway-IP> dns-setting servers primary <DNS-IP>
where <Firewall-IP> is the IP address you want to assign to the management interface, <netmask> is the subnet mask, <gateway-IP> is the IP address of the network gateway, and <DNS-IP> is the IP address of the DNS server.
To make sure that traffic is handled by the correct interface, use the following command to identify which ports on the host are mapped to the ports on the VM-Series firewall.
debug show vm-series interfaces all
Phoenix_interface Base-OS_port Base-OS_MAC PCI-ID
mgt eth0 52:54:00:d7:91:52 0000:00:03.0
Ethernet1/1 eth1 52:54:00:fe:8c:80 0000:00:06.0
Ethernet1/2 eth2 0e:c6:6b:b4:72:06 0000:00:07.0
Ethernet1/3 eth3 06:1b:a5:7e:a5:78 0000:00:08.0
Ethernet1/4 eth4 26:a9:26:54:27:a1 0000:00:09.0
Ethernet1/5 eth5 52:54:00:f4:62:13 0000:00:10.0
Access the web interface of the VM-Series firewall and configure the interfaces and define security rules and NAT rules to safely enable the applications that you want to secure.
VM-Series on KVM— Requirements and Prerequisites System Requirements Options for Attaching the VM-Series on the Network Prerequisites for VM-Series on KVM System Requirements Requirements Description ...
Set Up the VM-Series Firewall on KVM
Set Up the VM-Series Firewall on KVM Kernel-based Virtual Machine (KVM) is an open-source virtualization module for servers running Linux distributions. The VM-Series firewall can ...
Supported Deployments on KVM
Supported Deployments on KVM You can deploy a single instance of the VM-Series firewall per Linux host (single tenant) or multiple instances of the VM-Series ...
Components of the VM-Series for OpenStack Solution
Components of the VM-Series for OpenStack Solution The VM-Series firewall in an OpenStack environment has been tested with the following components. Component Description Software Hypervisor: ...
Bootstrap the VM-Series Firewall
Bootstrap the VM-Series Firewall Bootstrapping allows you to create a repeatable and streamlined process of deploying new VM-Series firewalls on your network because it allows ...
Bootstrap the VM-Series Firewall on KVM
Bootstrap the VM-Series Firewall on KVM Use these instructions to bootstrap the VM-Series firewall on a KVM server. Bootstrap the VM-Series Firewall in KVM Create ...
Deploy the VM-Series Firewall Before the NetScaler VPX
Deploy the VM-Series Firewall Before the NetScaler VPX The following example shows how to deploy the VM-Series firewall to process and secure traffic before it ...
Install a VM-Series firewall on VMware vSphere Hypervisor (ESXi)
Install a VM-Series firewall on VMware vSphere Hypervisor (ESXi) To install a VM-Series firewall you must have access to the Open Virtualization Alliance format (OVA) ...
Verify PCI-ID for Ordering of Network Interfaces on the VM-Series Firewall
Verify PCI-ID for Ordering of Network Interfaces on the VM-Series Firewall Regardless of whether you use a virtual interfaces (Linux/OVS bridge) or PCI devices (PCI-passthrough ...
Install the VM-Series Firewall on the SDX Server
Install the VM-Series Firewall on the SDX Server A support account and a valid VM-Series license are required to obtain the .xva base image file ...