¶ Deploying CGW on HUNSN Micro Firewall box
HUNSN's Fanless Firewall box is based on the Intel architecture and supports 4 x 2.5GbE network interfaces. These four network interfaces can be split between WAN and LAN interfaces. When you have a single WAN ISP, you have three 2.5 Gb/s interfaces available for your LAN network.
¶ Common Deployment Architecture
A common deployment scenario for deploying Cyber Gateway on HUNSN Micro Firewall Hardware is to replace the Firewall as well as address the WAN Aggregation and Failover use case as shown below. However, you can also use it with a single WAN. In this case, plug in the WAN cable into one of the 2.5GbE ports and use the remaining three 2.5GbE ports for the LAN network.
¶ Deploying Cyber Gateway on Hunsn
First, you need to create a bootable stick
¶ 1. Create a bootable stick
- Download the Cyber Gateway ISO image on your computer.
- Download the latest version of balenaEtcher. Double-click on the downloaded file to install.
- Run the balenaEtcher application.
- Click on the Select Image button and choose the Cyber Gateway ISO image
.isofile you want to use. - Click the Select Target button and choose the appropriate USB device to write the
.isoto. - Finally, click the Flash! button to begin the process.
- Etcher will notify you when the process is complete.
- Please remove the USB drive
¶ 2. Install Ubuntu
Please follow the instructions below:
- Make sure your Hunsn box is powered off.
- Connect the Hunsn box to a monitor using the HDMI port on the box
- Plug in the USB with the Ubuntu image on it in the first USB port on the HUNSN box
- Plug in a keyboard into the second USB port on the HUNSN box
- Power on the box, boot the device while pressing F11 and / or F7 key uninterrupted
- Select the USB from the available boot options
- Select Install ubuntu and follow the typical ubuntu server installation steps.
If you do not see “Install or Try Ubuntu” but rather enter a boot mode, enter quit. The box comes with Pfsense preinstalled, if you enter into Pfsense mode, you need to restart from the previous step.
¶ 3. Login to the Machine and Deploy the Cyber Gateway
- After the ubuntu server installation is complete, login with username and password you entered during the above installation steps
- You can continue with the next steps in console using Monitor or note the IP address of the device by typing the command
ip aand SSH into the device from another machine on the same network. - Follow the instructions for Multiple interface CGW deployment
¶ What Performance to expect on the Hunsn box?
In the Multiple Interface cyber gateway, security controls such as Firewall and Web security is provided locally in the CGW. Therefore, we recommend that only the Secure Private Access (SPA) traffic goes to the Mesh while the Secure Internet Access (SIA) traffic that has already gone through advanced security controls in the CGW itself can exit locally.
¶ WAN Throughput
See below result of a Speedtest for the SIA traffic exiting locally, where the ISP speed is 1.0Gb/s download and 50Mb/s upload. We can see that the Cyber gateway can support network speeds matching to the ISP speed of about 1.0 Gb/s.
¶ LAN Throughput
The LAN ports on Hunsn are rated for 2.5 Gb/s. For the lateral East-West traffic that stays local to the site and does not exit towards WAN, Hunsn box can support higher network speeds. The results of an iperf Throughput test on the LAN network are provided below. We can see that the Cyber gateway running on the Hunsn box can support LAN network speeds of about 2.0 Gb/s.
Accepted connection from 192.168.9.5, port 53024
[ 5] local 192.168.9.251 port 5201 connected to 192.168.9.5 port 53028
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.01 sec 212 MBytes 1.76 Gbits/sec 17 512 KBytes
[ 5] 1.01-2.01 sec 255 MBytes 2.14 Gbits/sec 0 571 KBytes
[ 5] 2.01-3.01 sec 264 MBytes 2.22 Gbits/sec 0 609 KBytes
[ 5] 3.01-4.00 sec 249 MBytes 2.09 Gbits/sec 0 618 KBytes
[ 5] 4.00-5.01 sec 256 MBytes 2.14 Gbits/sec 0 621 KBytes
[ 5] 5.01-6.01 sec 256 MBytes 2.15 Gbits/sec 0 624 KBytes
[ 5] 6.01-7.01 sec 235 MBytes 1.97 Gbits/sec 0 628 KBytes
[ 5] 7.01-8.01 sec 236 MBytes 1.98 Gbits/sec 0 636 KBytes
[ 5] 8.01-9.01 sec 232 MBytes 1.95 Gbits/sec 0 641 KBytes
[ 5] 9.01-10.01 sec 236 MBytes 1.98 Gbits/sec 0 641 KBytes
[ 5] 10.01-10.04 sec 6.25 MBytes 1.92 Gbits/sec 0 641 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.04 sec 2.38 GBytes 2.04 Gbits/sec 17 sender
-----------------------------------------------------------
Server listening on 5201TBC