XG Firewall Free Home Use - Installed - Now What?

I have a pc with screen that I used to install the XG Firewall Home. It installed with no issues. However, I only see the command line screen on the display... no GUI. I did use the "AA" command to activate and that worked fine. I am using a separate computer that is on wifi and bridged the internet to the ethernet port and that is supplying the XG Firewall PC with internet via port 2. I thought that once installed and activated that the PC I dedicated to the firewall would then present me with a GUI interface to use. However, I am stuck with the Linux command line menu and nothing more.

I have attempted to connect to 172.16.16.16:4444 via the laptop providing the internet connection and it does nothing except give rejection errors. I have tried connecting to the IP address that the XG Firewall PC is receiving and using the 4444 port and again only errors.

When I look at the setup for version 17 it jumps from installation to GUI but I have no idea how I get to that. Isn't it supposed to be on the dedicated machine? Once I connect this up I realize I need to use the two ethernet ports to send the internet through the firewall... I am not sure if that is a connection coming from the cable modem or from the router. 

Anyway, I am stuck. Help.

 

Edit: Progress made...

I tried connecting to port 1 with the ethernet and removed the bridge I was using to port 2 for internet connectivity. I turned off the wifi on the laptop that was supplying the internet and 172... finally gave me the console. However, once again. Why can't I get this GUI on the pc that was loaded with XG? Why I am having to use another PC to actually see the GUI. I have updated the Admin pw and now I am on the following page which obviously shows that I don't have a port 2 internet connection. However it shows all the info that indicates the IP supplied previously. It gives me the option to set up manually. Not sure what to do next but I am still playing with it. Anyone out there that can help?

 

Edit... More Progress but stuck again...

I have a router connected by WISP to the primary router. The secondary router has its own Admin PW and 2 wifi networks. I connected Port 2 to the router and Port 1 is still connected to the laptop I am on now via wifi. XG on Linux command line via the XG PC is showing I am in bridge mode and the IPv4 address has been set. I cannot however get back to the GUI admin via the laptop. Port 1 is still connected and I have the wifi connected but disconnecting either and trying to access via 172.. or the assigned IP is not getting access (port 4444). Now how do I get back to the GUI management console? I was able to do the full set up and it updated the firmware etc. and then rebooted the firewall but since then no access to the GUI.

 

Edit... More progress...

Why this isn't spelled out in any of the material is beyond me... but I found this link that says:

 

The trick was that the device management is disabled by default. 
that's why i could access user portal, but not management portal.

resolution :
1- Access device "console"
2- Command:  system appliance_access enable

then you can open the ip with port : 4444 successfully

https://community.sophos.com/products/unified-threat-management/astaroorg/f/project-copernicus-public-beta/58188/answered-default-user-pass-admin-admin-not-working

 

Indy

  • Hi  

    Sophos XG as a Hardware device can accessible over LAN port through LAN system and same applicable to XG home configuration.

    To access GUI from the same machine where the XG home is installed, you have to enable the system access. The architecture is the same as Hardware Sophos XG firewall.

  • In reply to Keyur:

    Thanks for  your response. I need help to move forward. I have the XG Firewall feeding from the extended router (set up as WISP) via ethernet into port 2. My understanding is that Port 1 is now supposed to connect to the devices that would then behind the firewall? At this point in the current configuration the devices that are connected into the same router via wifi (a separate network from the primary wifi set up on the primary router) do not show up on the XG Firewall. 

    The only configuration set up I've found so far is for the use of a Switch. For home use, how would I use a router? I have three different routers I could use (WiseTiger, DLink, and Linksys). How would I configure one of those devices to create a network that resides and feeds through the firewall? Or am I thinking about this incorrectly?

    Thanks,

    Indy

  • In reply to HisDogElroy:

    Hi  

    There are 2 ways to deploy the XG firewall in the network

    1. Gateway Mode - https://community.sophos.com/kb/en-us/122972

    2. Bridge Mode- https://community.sophos.com/kb/en-us/122973

    You can connect your LAN users on LAN port, Your ISP on WAN zone or WAN port.

    You can customize any physical port to any zone to deploy connectivity as per your requirement.

  • In reply to Keyur:

    Thanks for your help, but after numerous tries and warning message after warning message, I was unable to configure an ethernet port that would supply connectivity to a router. So, I will need to give up on this for now. It is above my understanding and there is no step by step that takes you through the entire process for a "Home" set-up. I guess this was really geared to people that do this type of thing for work and want the same coverage at home... not for just home users.

     

    Anyway, Thanks again. We can close this message board topic.

     

    Indy

  • In reply to HisDogElroy:

    Okay, I finally found a video online that walks through the process. So the firewall is up and running via a gateway. I am attempting to isolate all traffic to and from my network and I'd like to use the mac binding feature of intrusion prevention. I tried once and it locked me out. Before trying again, I am hoping for a little help. 

     

    My set-up is cable modem - primary router - 2nd router via wifi WISP setting - ethernet to XG Firewall - 2nd LAN from port three to 3rd wifi router (that assigns the devices via DHCP and the LAN settings on the router.

    My router is using firewall ip 10.0.0.100 for the router and the router is using 192.168.0.1

     

    I am attaching an image. Will this work to bind the ip address of the router to the mac id of the router and prevent spoofing?

    I would like to also bind the five devices attached the same way, but they only have ip addresses from the router.

  • In reply to HisDogElroy:

    Hi  

    MAC binding feature is used when you want specific users to connect from specific MAC ID only.

    Please refer to the article- https://community.sophos.com/kb/en-us/123042

    For more info: http://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/DoSBypassRuleManage.html

  • In reply to HisDogElroy:

    Could you share a link to the video please?

  • In reply to AlphaTango:

    https://www.youtube.com/watch?v=XhZLAHJzqlw 

     

    This starts after you've already installed. He has a video for that as well. Just click his name to find his channel. He walks you through setting up a firewall step by step on XG V17. 

  • In reply to HisDogElroy:

    Perfect thanks a lot. Will check it out