Smoothwall on XenServer 7.1
-
Even if you get it to install, it will lack drivers making it terrible for firewall performance. I'd drop Smoothwall, looks like they don't support this. Too many better options out there. If their paid support isn't resolving this for you it's just money lost. Look at VyOS or maybe pfSense.
-
In a perfect world this is what I'd do. However, neither VyOS or pfSense offer a solid web filter, which is the primary reason we went with Smoothwall.
Their support told me that they run it on VMWare all the time, and could not think of any reason why Xen would be an issue, though they have not done it, nor have certified it.
That said, I have not called them to ask just yet, I thought I'd see if anyone else has had any ideas about it first.
-
The issue that their support should have told you appears to be that they strip out the Xen PV kernel as well as the necessary drivers to work on Xen. I don't know what Os they build upon, but whatever they are using they are removing the Xen components.
-
I think you will need to use the older templates for this. Debian 8 was not released in 2014, which is when the final release of smoothwall 3.1 was finished.
-
Nope, that's the community (free) version, it is actually significantly different from the commercial version.
@Reid-Cooper said in Smoothwall on XenServer 7.1:
The issue that their support should have told you appears to be that they strip out the Xen PV kernel as well as the necessary drivers to work on Xen. I don't know what Os they build upon, but whatever they are using they are removing the Xen components.
Right, that is what I was worried about. It is based on Debian and it would not surprise me that they would have done that. I'll check in with them on it, but this maybe the end of my testing on this and if so, then I'll need to stick with a physical Smoothwall server.
-
I had to look up about their web filtering. Looks like it is nothing like it was in the past. New product that they've added in that they did not used to have.
-
Couldn't something like Untangle work for you?
-
-
@NerdyDad said in Smoothwall on XenServer 7.1:
Couldn't something like Untangle work for you?
SmoothWall has a new and proprietary web filtering technology. Untangle and those others don't offer a competitive service.
-
@scottalanmiller said in Smoothwall on XenServer 7.1:
@NerdyDad said in Smoothwall on XenServer 7.1:
Couldn't something like Untangle work for you?
SmoothWall has a new and proprietary web filtering technology. Untangle and those others don't offer a competitive service.
Precisely. SmoothWall's filtering is heuristic based rather than a traditional blacklist/whitelist type thing.
Plus we've paid them, a lot, so switching now is not really a possibility.
The frustrating thing here is that they have built in support for VMWare, but not Xen.
-
@jrc Yes that is weird. It means that nobody that use their own version of Xen or those that use XS can use Smoothwall. It is severely limiting their potential customer base. I understand XS only has like 3% market share vs VMWare and HyperV, but Xen/Xenserver users really like it.
I still think you could get this going with one of the templates in XS with a bit of work.
-
@jrc said in Smoothwall on XenServer 7.1:
Plus we've paid them, a lot, so switching now is not really a possibility.
This part undermines your other arguments. This is the sunk cost fallacy and should have no effect on a business decision. The other bit, about the quality of the filtering, is important. This, however, cannot be. Even if you paid them a billion dollars, that money is lost and no longer a factor going forward.
-
@momurda said in Smoothwall on XenServer 7.1:
@jrc Yes that is weird. It means that nobody that use their own version of Xen or those that use XS can use Smoothwall. It is severely limiting their potential customer base. I understand XS only has like 3% market share vs VMWare and HyperV, but Xen/Xenserver users really like it.
I still think you could get this going with one of the templates in XS with a bit of work.
I don't know how much that affects them. Virtualizing firewalls is rare enough, Xen is not the top hypervisor and SmoothWall is so small that I'm surprised they are still around. All around, probably not a big deal to them.
-
@jrc said in Smoothwall on XenServer 7.1:
The frustrating thing here is that they have built in support for VMWare, but not Xen.
That's minor. The REALLY frustrating part is that they REMOVED support for Xen!
-
I completely agree.
However in Education you have to work with what you've got and convincing the board to scrap a $10k licence to shell out for a different $10k one would be kind of hard without serious compelling reason. Lack of Xenserver support would not be compelling enough I think.
-
@NerdyDad Untangle has this exact issue in Citrix Xenserver 6.5 and 7.1, been here before. Was going to virtualize Untangle. It didn't work, so I left it on its own box as it was working fine. Once the need arises for me to get it to work I will tackle it. Reid Cooper hit it on the head the Xen PV kernel is stripped out of Untangle too. Works fine in VMWare, and KVM.
-
@PenguinWrangler said in Smoothwall on XenServer 7.1:
@NerdyDad Untangle has this exact issue in Citrix Xenserver 6.5 and 7.1, been here before. Was going to virtualize Untangle. It didn't work, so I left it on its own box as it was working fine. Once the need arises for me to get it to work I will tackle it. Reid Cooper hit it on the head the Xen PV kernel is stripped out of Untangle too. Works fine in VMWare, and KVM.
Should, in theory, be able to get it working with HVM. But it still needs drivers.
-
@jrc said in Smoothwall on XenServer 7.1:
However in Education you have to work with what you've got and convincing the board to scrap a $10k licence to shell out for a different $10k one would be kind of hard without serious compelling reason.
Compelling reason is "best meets our needs." Saying that educators are too uneducated to understand high school level math and economics is a sad state of affairs. They teach why they should not even consider that in high school
Maybe they need to start back over in ninth grade before being in these decision making positions. -
@scottalanmiller said in Smoothwall on XenServer 7.1:
@PenguinWrangler said in Smoothwall on XenServer 7.1:
@NerdyDad Untangle has this exact issue in Citrix Xenserver 6.5 and 7.1, been here before. Was going to virtualize Untangle. It didn't work, so I left it on its own box as it was working fine. Once the need arises for me to get it to work I will tackle it. Reid Cooper hit it on the head the Xen PV kernel is stripped out of Untangle too. Works fine in VMWare, and KVM.
Should, in theory, be able to get it working with HVM. But it still needs drivers.
True, but as it was running fine on the hardware they had. I couldn't justify the time and cost to my client. I honestly want to move them off of Untangle. It is fine but their upgrade process has made me very upset. That though should be an entirely different thread.
-
Aren't PV templates rare at this point?
