Hello everyone!
Since documentation on pxe booting on XG is (at least) gray, I've finally found a solution that works for me and opened this discussion to share ideas or success stories if it's working for others.
First of all, we'll need to login to the console of the XG. There are 2 ways for that:
1) On the webpage of the XG, click on your name(probably admin) on the top right corner and click console. It will ask for password and then to press enter to show the console menu
2) Via SSH(eg. putty). Remember your username is not root if you're used to it, it's admin!
After that, we get to the same menu for both. A list with numbers to select for settings. We press 4 to enter Device Console.
Once we're in the Console, we'll need to know 3 things. The name of the DHCP server(the default is Default_DHCP_Server, the Tftp-server IP and the bootfile. My case let's say it's Default_DHCP_Server, tftp ip is10.10.10.148 and the bootfile is pxelinux.0
You can find the name of the DHCP Server clicking Network->DHCP on the sfos web page.
We enter these 2 commands:
system dhcp dhcp-options binding add dhcpname Default_DHCP_Server optionname TFTP_Server_Name(66) value 10.10.10.148
system dhcp dhcp-options binding add dhcpname Default_DHCP_Server optionname Bootfile_Name(67) value pxelinux.0
Notice that although all the manuals and other people used brackets on the values(eg. 'pxelinux.0'), I didn't. Don't know if it's better, but since it's working this way, I didn't touch it!
Close the console. At this point, you should get an ip address when you try to boot from lan, but will not boot to the environment, although you should. I believe the problem lies the XG doesnt like to forward to another server, although it now knows there's a pxe boot.
Next step is to go to the web page of the XG and go to Firewall -> Add Firewall Rule ->Business Application Rule
Application Template "Full Nat/DNAT/Load Balancing"
Position "Top"
Enter the rule name you want (eg. TFTP)
Source "LAN" - Allowed Client Networks "ANY"
Destination "10.10.10.1" (Your routers address. DO NOT use the ones with a # in front. We'll need it for later! Probably you don't have it, so create one. Name it Sophos and put its address)
Services add one with port UDP 69 and one with port UDP 4011
Protected Servers "10.10.10.148" (your pxe servers address. add it if you don't have it)
Protected Zone "Lan"
Next click Rewrite Source Address "Masquerading" and click the one with the rules name(in my case it was #TFTP). Do not use MASQ
Finally click create reflexive rule and save the rule.
Voila! For me anyways.
I tested this with Clonedeploy and FOG and it boots.
This thread was automatically locked due to age.