Managed disks in Azure

Hi,

how do you deploy the XG firewall? 

Do you use the marketplace? 

Yes, I used marketplace. I tried the github xg-azure project at first, but got stuck at the parameter devFwBlobUrlPrefix

Erik

Hi Erik, the devFwBlobUrlPrefix parameter can be left blank when deploying firewalls through our GitHub template.

That particular parameter is used for our development testing to point to images outside of the Azure marketplace that are used for testing.

The image in GitHub seems to want to use a storage account rather than managed disks too.  Is there an working template with managed disks that you can share the link to?

I have a suspicion that there had previously been a Git template for this as I have an XG with managed disks, I just can't find a current template to repeat it with.

Thanks

Hi D2v2,

The template on Github is the most recent stable release, and it does indeed not use managed disks.

To the best of my knowledge we did not release a template that uses managed disks yet, though it is quite possible that you converted your earlier XG deployment to a managed disks-based setup after you completed deploying the VM(s).

Hi JornLutters,

I've never managed to do a conversion as the agent within the image is not sufficiently up-to-date and I've not found a way of updating the agent, although if anyone else has managed that I'd be keen to know how!

Cheers

Hi D2v2,

You are correct insofar as that you cannot use the "convert to managed disks" option in the Azure Portal.

You should however still be able to convert to a managed disk through Azure Powershell https://docs.microsoft.com/en-us/azure/virtual-machines/windows/convert-unmanaged-to-managed-disks (section "Convert VMs in an availability set").

Alternatively, you can grab a copy of the XG template from our GitHub and modify it to use managed disks instead of a storage account.

I've just had a go and the Powershell gets the same issue as the portal in that it won't allow you to upgrade due to the version of the Linux agent.

Is there any way of upgrading that?

I've just had a go and the Powershell gets the same issue as the portal in that it won't allow you to upgrade due to the version of the Linux agent.

Is there any way of upgrading that?

The Azure agent (waagent) has actually been updated as part of our 17.5 release (which is currently in early access, details here:https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v17-5-early-access/).

That said, I have been able to run XG on the current agent (2.1.4) with managed disks (from a snapshot actually) so I know it is definitely possible.
If the conversion doesn't work for you, and you cannot wait until the release of v17.5 your best bet would probably be to redeploy with a modified template that uses managed disks instead of a storage account.

Note that all of these modifications (including conversions to managed disks) are currently outside of our supported configurations, so I'd strongly recommend against running any production workloads on such a setup.

Hi Jorn,

Thanks for the update, that helps.

I'm not doing any of this in production currently, just trying to more fully understand what is possible at this stage and as that changes on a daily basis it quite an effort!

As soon as 17.5 becomes available for Azure I'll start having a play.

Cheers

Dave