Monday, February 17, 2020

Installing WatchGuard Dimension on Proxmox VE

WatchGuard Dimension is a virtual appliance that is designed to store firewall logging messages from WatchGuard XTM and Firebox products. It can also generate automated reports based on logged traffic and information, send the reports and other notifications through email, and even allows you to centrally manage multiple firewalls with the right licenses. It’s completely free to use with any WatchGuard firewall that runs Fireware OS v11.10.1 or newer as long as the firewall has an active support subscription for the logging and reporting components.

While WatchGuard only officially supports VMware ESXi and Microsoft Hyper-V as target platforms to run Dimension, it can run on other hypervisors, which people have had success with when the underlying hypervisor system is KVM-based. Proxmox VE allow you to make LXC and KVM virtual machines, so we’ll be using KVM for this instance.

Assuming you have a working Proxmox VE installation already set up, the first step is to download Dimension from here. You’ll want to download the VMware OVF template and extract it using something that can handle .tar files (as this is essentially what a .ova file is). Download and extract it.

Now, log into the Proxmox Web UI and create a new KVM container. You’ll want to give it a dual-core CPU with the default kvm64 CPU type, 2GB of RAM, a “e1000” network adapter with a static IP, and two virtual SATA disks to correspond to the two hard drive images which we’ll talk about later. I personally made these both 160GB with thin provisioning. You may need to increase these resources however if you plan to add more than one firewall for logging. Once the VM is created, SSH into the Proxmox server. With the virtual machine powered off, locate the path where the default .qcow2 files were created. This is configured in the storage settings of Proxmox, usually in /var/lib typically. Navigate to the images folder, then to the VM ID # assigned to the virtual machine and you’ll see two .qcow2 files. Keep this path in mind for later.

Once the download has finished and been extracted, you’ll have a few different files. The two of interest are the *.vmdk files. We will want to convert these to the qcow2 format as it will improve performance and has more native and full support under KVM as a disk image format, compared to vmdk. The best way to convert them is to upload them to your Proxmox server in the path we mentioned before using a SFTP client, rsync, or however you prefer, then running the following command:

qemu-img convert -f vmdk -O qcow2 (filename).vmdk vm-(VM ID #)-disk-(disk number).qcow2

The first disk contains the OS, which should be disk 1. Disk 2 will be the data disk where Dimension’s PostgreSQL log database lives by default. You will be overwriting the existing qcow2 files which are empty at this point.

Now that this is done, start up the VM and get into the Dimension console by opening it with SPICE or noVNC through the Proxmox interface, and set the static IP per the official instructions here. Once that’s done, go to https://(static IP you set on Dimension) and go through the setup wizard as described here. You’re done!

It should be noted: This is not an officially supported setup by WatchGuard! You WILL be on your own if it’s not working correctly! That being said, I have been running it personally for almost 6 months now and it’s been completely transparent without any needed maintenance. If you do need help with Dimension I recommend the excellent documentation provided by WatchGuard themselves, which you can search for using their Technical Search here!