ASG V6 Virtual Appliance Readme

Overview

   Welcome! This note is about how to get Astaro Security Gateway V6 (ASG V6)
   running as a virtual appliance in any VMware virtualization product.

   You can download the ASG Virtual Appliance image from
   http://www.astaro.com/vmware. New customers are requested to fill
   out the registration form to obtain a free 30 day trial license. The
   required license key will be sent to the e-mail address you provided
   within a few minutes. Already registered users can directly download
   the virtual appliances from one of the following locations:
   
     * ftp://ftp.astaro.com/pub/Astaro_Virtual_Appliance/
     * http://download.astaro.com/Astaro_Virtual_Appliance/

   In addition, Astaro offers a free home use license including all base
   level components of ASG at no cost for home users for personal,
   non-commercial and non-revenue generating use.

   Once Astaro Security Gateway virtual appliance is installed and
   running, please refer to the ASG End User Manual and Getting Started
   Guide for further usage information.
   
Installation

   Have any VMware virtualization product installed. Supported VMware
   virtualization software is:
     * VMware Player
     * VMware Server
     * VMware Workstation
     * VMware ESX Server

   If you just want to glance at ASG Virtual Appliance to get a first
   impression of what ASG really does, we recommend using VMware Player
   for its ease-of-use. However, if you are considering using ASG Virtual
   Appliance in a production environment, or if you would like to conduct
   performance or load testing with ASG, we recommend using VMware ESX
   Server, because its network performance is much better.

   Download the ASG Virtual Appliance image from
   (http://www.astaro.com/vmware). If you are using VMware ESX Server,
   make sure to get one of the ESX optimized images depending on your ESX
   Server version (supported are ESX Server v2 and v3).
     * ESX Server v2: astaro-security-gateway-ESX_v2-va-6_303.zip
     * ESX Server v3: astaro-security-gateway-ESX_v3-va-6_303.zip
     * All other VMware virtualization software:
       astaro-security-gateway-va-6_303.zip


Using VMware Player

   1. Open the image in your VMware product and boot it. If you are using
   ESX, please follow the instructions below.

   ASG has a network interface card pre-configured as eth0, whose IP
   address is 192.168.150.5 by default.

   2. System boot was successful when you hear 5 beeps in a row and when
   the command-line login screen appears.
  
   3. Configure your Vmnet8 network adapter with the IP address
   192.168.150.1 and the subnet 255.255.255.0.

   In Windows, this can be done in the Network Connections menu. To open
   Network Connections, click Start, click Control Panel, and then
   double-click Network Connections. Select VMware Network Adapter VMnet8
   and change its IP address to 192.168.150.1.
  
   4. Then point your browser to https://192.168.150.5, accept the SSL
   certificate, and you are ready to go. From here on configuring Astaro
   Security Gateway Virtual Appliance is like working with any Astaro
   Security Gateway.

   5. The first time you start ASG's Web frontend (called "WebAdmin"), the
   Setting System Passwords and License Agreement page will open. Agree to
   the terms of use and enter the passwords as required. Note that
   passwords must comply with certain security requirements (be at least
   eight characters long, contain one or more lowercase characters, one or
   more uppercase characters, one or more numerical digits, and one or
   more non-alphanumeric characters).

   6. In the System >> Licensing menu of WebAdmin, upload the 30 day trial
   license (see Figure 3) or register at https://my.astaro.com to
   obtain a free home use license including all base level components of
   ASG at no cost for home users for personal, non-commercial and
   non-revenue generating use.
   
Using VMware ESX Server

 
ESX Server Version 2

   Note: The following instructions assume that you have VMware
   VirtualCenter installed. Alternative ways to install ASG for VMware ESX
   Server are neither supported nor documented.

   1. Add the Astaro Security Gateway virtual appliance image as a new
   template and follow the instructions in the wizard.
   
   First, specify the path to the configuration file for this template.
   Second, type in the name for this template and a brief description. In
   the Location of Template Files dialog, please select the option Use the
   virtual machine's files as template files.

   2. Deploy a virtual machine from this template and
   follow the instructions in the wizard.
   
   First, choose a name for the new virtual machine. Second, select the
   destination farm or virtual machine group for the deployed virtual
   machine. Third, select the host that this virtual machine will reside
   on. Then enter the locations on the destination host to place the
   virtual machine's configuration and disk files. Assign each network
   interface card to a network.

   3. In the Assign Resources dialog assign sufficient memory for the
   virtual machine: 256 MB are recommended.

   4. In the Guest Operating System Customization dialog select Do not
   customize the guest operating system.

   5. ASG has a network interface card (NIC) pre-configured as eth0, whose
   IP address is 192.168.150.5 by default. However, a default gateway is
   not configured. Therefore you have to configure a network interface
   within your ESX server that allows you to connect to ASG using this IP
   address.

   6. System boot was successful when you hear 5 beeps in a row and when
   the command-line login screen appears. Then point your browser to
   https://192.168.150.5, accept the SSL certificate, and you are ready to
   go.

   Note: Please note that the network interface of the client system onto
   which the browser runs must be connected to the correct ESX server
   interface, having an IP address of the same subnet, for example
   192.168.150.2.

   From here on configuring Astaro Security Gateway Virtual Appliance is
   like working with any Astaro Security Gateway.

   7. The first time you start ASG's Web frontend (called "WebAdmin"), the
   Setting System Passwords and License Agreement page will open. Agree to
   the terms of use and enter the passwords as required. Note that
   passwords must comply with certain security requirements (be at least
   eight characters long, contain one or more lowercase characters, one or
   more uppercase characters, one or more numerical digits, and one or
   more non-alphanumeric characters).

   8. In the System >> Licensing menu of WebAdmin, upload the 30 day trial
   license or register at https://my.astaro.com to obtain a free home
   use license including all base level components of ASG at no cost for
   home users for personal, non-commercial and non-revenue generating use.
  
ESX Server Version 3

   For the ESX v3 management software (Virtual Infrastructure Client)
   there is no template import as for ESX v2. Therefore, the installation
   of ASG Virtual Appliance must partly be installed via the command-line
   interface.

   The following describes one possible way of installing ASG Virtual
   Appliance on the console.

   1. Copy the ZIP archive containing ASG Virtual Appliance to a directory
   of your choice.

   2. Unpack the downloaded ZIP archive to an appropriate location. Note
   that you might need administrator privileges to do so.

   3. Change into the directory ASG_6.303_esx_v3

   4. Start the Shell script astaro_va_install_ESX_v3.sh
 
      [root@dell2 ASG_6.303_esx_v3]# ./astaro_va_install_ESX_v3.sh

   This will convert the VMDK image and register the ASG Virtual
   Appliance.
      
      Converting VMDK image:
      Destination disk format: VMFS thick
      Cloning disk 'tmp_12150/ASG_6.303_esx_v3.vmdk'...
      Clone: 100% done.
      Registering ASG/ACC Virtual Appliance...
      register(/vmfs/volumes/storage1/ASG_6.303_esx_v3/ASG_6.303_esx_v3.vmx) = 1
      All done, have fun!

   After the script is finished, the ASG Virtual Appliance image will be
   displayed in the Virtual Infrastructure Client program under the
   Inventory tab in the folder Virtual Machines and Templates >> New
   Folder >> New Datacenter >> Discovered Virtual Machines.
   The ASG Virtual Appliance can be used right away or be converted to a
   Template, which can then be used to deploy a Virtual Appliance from it.
   
   After the ASG Virtual Appliance has been registered, adjust your
   network adapter settings. Make sure that you have selected both 
   checkboxes in the Device Status area. From the Network label 
   drop-down list in the Network Connection area, select VM
   Network. Click OK to save your settings.
   
Additional Information

   Once Astaro Security Gateway virtual appliance is installed and
   running, please refer to the ASG End User Manual and Getting Started
   Guide for further usage information, both of which are available at our
   knowledgebase http://www.astaro.com/kb/.
     * Getting Started Guide
       (http://portal.knowledgebase.net/display/2n/kb/article.asp?aid=190959)
       Available at http://www.astaro.com/kb >> Astaro Security Gateway
       Appliance >> Astaro Manuals and Guides >> ASG-V6.2-HW-GettingStartedGuide-EN.pdf
     * End User Manual 
       (http://portal.knowledgebase.net/display/2n/kb/article.asp?aid=190961)
       Available at http://www.astaro.com/kb >> Astaro Security Gateway
       Software >> Astaro Manuals and Guides >> ASG-V6.2-SW-UserManual-EN.pdf

About Astaro Security Gateway

   Astaro Security Gateway (formerly Astaro Security Linux) is an
   award-winning, unique network security solution in an integrated and
   easy-to-use and manage package. It includes a combination of the
   following security applications:

   Web Security
     * Spyware Protection blocks incoming spyware, adware and other
       malicious applications, and prevents them from sending out
       confidential information.
     * Virus Protection for the Web defends computers against virus
       infections from web downloads and web-based email.
     * Content Filtering can block Internet access to 60 categories of web
       sites during working hours.

   Email Security
     * Virus Protection for Email catches viruses in SMTP and POP3 emails
       and attachments, even in compressed and archived formats.
     * Spam Protection uses eight different techniques to filter out spam
       without stopping legitimate emails.
     * Phishing Protection blocks emails from criminals trying to trick
       users into revealing confidential information.

   Network Security
     * Intrusion Protection detects and blocks probes and
       application-based attacks using heuristics, anomaly detection, and
       pattern-based techniques.
     * Firewall, with stateful packet inspection and application-level
       proxies, guards Internet communications traffic in and out of the
       organization.
     * Virtual Private Network assures secure communications with remote
       offices and "road warriors".

 Support

   If you run into problems please contact us through
   http://www.astaro.com/support_security/support/ or by writing an
   email to our Support team (mailto:support@astaro.com). Our customer
   service representatives will be happy to help you.

   Finally, we recommend to register at https://my.astaro.com to
   obtain a free home use license for Astaro Security Gateway or to gain
   access to latest security and product information.

   Enjoy,

   Your Astaro Team