Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 39 subscribers
  • Views 10762 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Home Edition on ESXi 6.7 with 4+ vNICs - NICs order

Ivan Osipov

 Hello!

Im trying to install Sophos XG on my ESXi 6.7 using ISO (as OVA has some issues on my ESXi when trying to import VM from it). I need 6 interfaces so I added 6 network adapters to VM. Installation finished without any issues and also I was able to finish Initial Setup. But after reboot XG stops to answer on both LAN and WAN interfaces (other networks does not contain any hosts yet so I checked only LAN and WAN).

I found that XG works well if VM has only 3 interfaces. If add one more this issue appears again.

Is there any kind of port count limit for Home Edition or what else may cause this?



This thread was automatically locked due to age.
  • 0 in reply to Emile Belcourt

    I too have installed hundreds on very different hardware/OS platforms for close to 4 decades.  I virtualized before VMWare existed.  Heck !!! I was learning to virtualize before Microsoft existed !!!  On PDP-11 and CDC-835.

    The point I bring here is not a piss contest.  Problems with VMXNET3 are just real.  And known.  And up to recently, documentations from Checkpoint and Symantec were crystal clear and would recommend to use 1000 or 1000E for compatibility and security reasons. Only recently, since version 10.6, Symantec Messaging Gateway would start support for VMXnet3.  And of course, since then, bugs raised.  And sure enough, the workaround was to go back with e1000e.  Since version 10.7.1, few weeks ago, things are back to normal apparently.

    That said. You don't get problems with with VMXNet after Windows 2012.

    On other platforms, VMXNet, whatever speed gain you will get, was up to recently a common source of problems.  Not just an anecdote.

    VMWare may recommend this, but in the end, the only important recommendation comes from the supplier. Sophos, CheckPoint, Symantec and all.

    Very recently VMXnet had some security bulletins, so sweet, that allows a hacker to escape the VM, and run commands on the host.  That was only few months ago ...  Any other virtual adapters were not affected.

    I would not recommend blindly to use this.  Particularly when most virtual firewalls are overpowered ...

    Paul Jr

  • 0 in reply to Big_Buck

    Hi Paul,

    If we are taking vendors recommendations then Sophos recommends VMXNET3 and that has been the way for a while.

    As we are speaking the context of Sophos NSG appliances virtualised in VMWare then we should be recommending what the vendor does, as you say.

    Emile

  • 0 in reply to Emile Belcourt

    Yes, but from what I know, those Sophos recomendations date BEFORE vulnerabilities regarding VMXnet3 drivers where found.  Few months ago, I failed to find Sophos literature regarding this.  All I could find was regarding Astaro.  So ... way too old.  Maybe I should check again.

    Paul Jr Robitaille

  • 0 in reply to Emile Belcourt

    Hello Emile

    Have you got by chance found any statement or declaration from Sophos regarding VMXNet drivers vulnerabilities. (as a reminder "ies" here, means "many")  As well as SCSI Some of them were addressed starting at ESXi670-201811401-BG.  But I have yet to find any technical paper from Sophos confirming or clarifying anything regarding those critical issues.

     

    Paul Jr

Unfiltered HTML