Secure Mobile Access 12.5 Getting Started Guide for KVM

Technical Documentation>  Installing SMA 8200v on KVM>  Installing the SMA 8200v on Red Hat / Ubuntu-KVM/QEMU
Table of Contents

Installing the SMA 8200v on Red Hat / Ubuntu-KVM/QEMU

To install SMA 8200v on Ubuntu-KVM/QEMU

  1. Download the SMA 8200v qcow2 or iso file to a local folder in the Linux Server system.
  2. Copy image file (for example: “12.5.x-xxxxx.qcow2 or 12.5.x-xxxxx.iso") into the directory /var/lib/libvirt/images/

  3. Launch the Virtual Machine Manger (VMM) utility 5.0.0 or higher on Linux machine.

  4. Create a VM in the Virtual Machine Manager to receive the image file. To create a VM, click File and select New Virtual Machine option.

  5. In the Step 1 screen, start creating a new virtual machine ,choose the Connection as desired by user based on Ubuntu or Red hat kernel.

    • Select the Local install media (ISO image or CDROM) option to browse the .iso or .qcow2 file as installation media for installing operating system and click Forward to next screen.

    • Select the Import existing disk image option to browse the .iso or .qcow2 image file for installing operating system and click Forward to next screen.

  6. In the Step 2 screen, click Browse to locate the Installation media.

  7. Select the installation media as .iso or .qcow2 and click Choose volume in the Locate ISO media volume screen.

  8. Clear the Automatically detect form the installation media/source checkbox.

  9. In the text box next to Choose the operating system you are installing field, enter Gen and select Generic Linux 2024 option.

  10. Click Forward for next screen.

  11. In the Step 3 screen, set the Memory and CPU settings, click Forward.

    The recommended Memory is 8 GB (8192 MiB) and CPUs to be set as 4.

  12. In the Step 4 screen, set the disk image for the virtual machine.

    The recommended volume is 250 GB.

  13. In the Step 5 screen, enter the desired name for the virtual machine and enable Customize configuration before install option.

  14. In the Step 5 screen, click Finish.

  15. Click Add Hardware to deploy additional NIC for X0 and X1.

  16. Select the desired network interface for X0 and X1 under Network option and set the Device model to “virtio”.

    By choosing virtio, the VirtIO API is enabled. For more details on VirtIO, see Paravirtualization.

  17. Click Apply.

  18. Select Display Spice option and create a new VM with the Type set as VNC server. Otherwise you may not be able to use the keyboard with the new VM.

    In the above dialog box, Spice refers to the Simple Protocol for Independent Computing Environment. In this context a Spice Display is one that can be accessed remotely through a standard protocol.

  19. Click on Begin Installation to deploy SMA1000 8200v on KVM.

    The Virtual machine is created.

  20. Log in as a root user.

  21. Run through the setup tool for setting up X0 Network interface for Administration access.

  22. Run through setup wizard for X1 Network interface for Workplace access.

  23. In the Welcome screen, click Next for the License Agreement screen.

  24. Select the I accept the terms of the license agreement option.

  25. Click Next for the Basic Settings screen.

  26. Under Central Management, select Configure this machine as an SMA appliance.

  27. Under Administrator password, enter the password you want for the admin account and confirm it.

    Be sure to save or write this password down in a secure location, as it is encrypted and cannot be recovered if you forget it.

  28. Under Date and time, select the appropriate time zone from the Time Zone menu.

  29. Click Next for the Network Settings screen.

  30. Enter a descriptive name for your SMA 8200v in the Appliance name field.

  31. If this SMA 8200v is accessible only from within your local network, do the following steps:

    1. Select the Single interface option.
    2. Enter the Internal Interface IP address and Subnet mask/Prefix length.

      3. You can use IPv4, IPv6, or IPv4/IPv6 configurations according to your network requirements.

  32. If this SMA 8200v is accessible from outside your local network, do the following steps:

    1. Select the Dual interfaces option.
    2. Enter the Internal Interface IP address and Subnet mask/Prefix length.
    3. Enter the External Interface IP address and Subnet mask/Prefix length.

      4. You can use IPv4, IPv6, or IPv4/IPv6 configurations according to your network requirements.

      AMC displays errors if there are mismatches in the IPv4 and IPv6 address families. Specifically:

      • Adding an IPv6 address to the SSH allow-from list fails if eth0 has only an IPv4 or IPv6 address.

      • DHCP Pool, SNAT Pool, or IPv4 ranges in the Static Pool are present without an IPv4 address on the internal interface.

      • IPv6 ranges in the Static Address Pool are present without an IPv6 address on the internal interface.

      • IPv4 or IPv6 route-to-internet gateways exist without the corresponding address type on the internal interface.


  33. Click Next for the Routing screen.

  34. If you selected the Single interface option on the Network Settings screen, do the following steps:

    1. From the Routing mode menu, select Default gateway.
    2. In the Default gateway IP address field, enter the gateway IP address.

      3. According to the use of IPv4, IPv6, or IPv4/IPv6 configurations in the Network Settings screen, the Default gateway IP address field varies.

  35. If you selected the Dual interfaces option on the Network Settings screen, do the following steps:

    1. From the Routing mode menu, select Dual gateway.
    2. In the Internal gateway IP address field, enter internal gateway IP address.
    3. In the External gateway IP address field, enter external gateway IP address.

      4. According to the use of IPv4, IPv6, or IPv4/IPv6 configurations in the Network Settings screen, the Internal gateway IP address and External gateway IP address fields vary.

  36. Click Next for the Name Resolution screen.

  37. Enter your domain in the Default domain field.

  38. Enter the IP address of the primary DNS server into the DNS Server field.

  39. Click Next for the User Access screen.

  40. If you want to provision the OnDemand Tunnel access agent for full network access, select the Enable full network accessand OnDemand Tunnel check box.

  41. Enter the IP internal address range in the IP internal address range for network tunnel traffic field.

  42. Under Access Policy, select one of the following options:

    • Allow authenticated users access to all defined resources

      This option automatically creates rules for user access to backend resources as you add users in AMC.

    • Initially deny all access

      This option creates rules that deny access. Later you can define access rules for specific resources in AMC.

  43. Click Next for the Completion screen.

  44. Review the settings to make sure they are defined correctly.

  45. To change anything, click the Back button.

  46. To apply the settings, click Finish.

Chat