Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Home on XG 115 Rev3 Appliance

Hi All,

 

So i just bought an XG 115 rev3 Appliance and my intention was to install the Sophos appliance on it to use it at home and make use of the XG home license. The issue i encountered was that after a successful install of the SW images (Tried these, same result: SW-17.5.10_MR-10-620 or SFOS_OSS-17.5.10_MR-10-620 or SW-18.0.0_GA-Build339-339) I cannot reach the appliance to complete the initial wizard. When patched to port 1 the port seems active but no traffic seems to pass since i cannot reach the https://172.16.16.16:4444 (not even ping), while ports 2-4 dont light up at all. On the other hand if i install the HW image (HW-17.5.10_MR-10-620 or HW-18.0.0_GA-Build339-339) everything works fine and i can reach the appliance.

I researched here before buying the appliance and it seemed to be possible to run the SW images on the appliance without issues but unfortunately it is not working for me.

Steps done to install the SW image:

  • Burn Gparted on a USB
  • Boot the appliance via the Gparted USB
  • Remove any partitions and create a new empty ext/4 partition
  • burn one of the SW XG images mentioned above
  • Boot the appliance via the USB
  • Installation takes place without issues
  • Connect PC with IP address of 172.16.16.2/24 on Port 1 on the appliance
  • Appliance cannot be reached (Console access works via console cable)

Any idea of what perhaps is wrong? I suspect that there are missing drivers in the SW images but i cant tell for sure.

Any help is much appreciated.

Thanks,

Nic



This thread was automatically locked due to age.
Parents
  • Hi  

    Could you please try to capture the logs in console serial access to the device? Are you abe to access SF loader? When you boot the device with XG home what details are getting generated?

    Let me tag  he is the expert we have got and maybe he can share his expertise.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi Keyur,

    Thanks for the fast response, much appreciated. Below please find some logs together with the prompt displayed on device startup. I am able to access SF loader without issues

    sysinit.log

    error_log.log

     

     

    Thanks to the post from  i managed to login and complete the installation wizard. The only thing is that the ports are miss-configured.

    • Appliance Port 1 shows as Port 2 on Web interface
    • Appliance Port 2 shows as Port 3 on Web Interface
    • Appliance Port 3 shows as Port 4 on Web Interface
    • Appliance Port 4 shows as Port 1 on Web Interface

    Is there a way i can align these ports so appliance ports correctly show in the Web interface.

     

    Thanks a lot,

    Nic

    • Appliance Port 1 shows as Port 2 on Web interface
    • Appliance Port 2 shows as Port 3 on Web Interface
    • Appliance Port 3 shows as Port 4 on Web Interface
    • Appliance Port 4 shows as Port 1 on Web Interface

    This also seems to have caused you to be unable to reach the web interface. Apparently the ports were internally swapped and the LAN interface was not recognized as such.

    The swapped ports seem often to be due to the MAC address allocation of the XG. Often the "size" of the address is used here: the higher the numbers of the MAC address at the end, the higher the port number. For me, if I create a virtual machine on a VMware vSphere host and assign 8 interfaces to it, it's the same as with you. I had to go through a lot of Mac address changes, because VMware automatically creates addresses for the interfaces and XG maps ports randomly to these addresses. After some time I got it finally working and the Ports were set correct. This is something that should really be addressed by the Sophos developers. No other firewall maps MAC addresses to ports as strangely as XG. [:(]

    Back to your problem:
    First check the MAC addresses of the hardware interfaces with the command: ifconfig
    Then check out the MAC addresses in the Web Admin interface, you're also able to edit them there:

    Let us know if this works out for you.

    Cheers

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 20.X running on Proxmox

    If a post solves your question use the 'Verify Answer' link

  • Thanks for the information as to how ports are mapped.

     

    Changing the MAC addresses from the Web GUI will change the MAC successfully but the ports will still remain as they are since sophos already assigned them that way.

     

    So port 1 after MAC change will still be port 4 on the appliance.

     

    I was thinking of trying to edit that Hardware Port1 via advance shell and change it to be mapped to Port4, but not sure were such a change needs to be done.

     

    Is there any other way perhaps?

     

    Thanks,

    Nic

  • Nicholas Cutajar said:
    Changing the MAC addresses from the Web GUI will change the MAC successfully but the ports will still remain as they are since sophos already assigned them that way.

    So it was correct that the MAC addresses were really swapped with the hardware ports, right?

    Could you show the output of ifconfig, especially from PortA-PortX. Please also provide some screenshots of the changed mac addresses in the Web UI.
    Did you perform a reboot?

    Update:

    You can check out the mac address on the appliance console:

    console> show network macaddr PortA
    Permanent MAC : 00:0C:29:36:C1:66
    Override MAC :
    ---------------------------------
    Current MAC : 00:0C:29:36:C1:66

    You can also edit the mac address of a specific hardware interface by using:

    console> set network macaddr PortA override "XX:XX:XX:XX:XX:XX"

    I am not quite sure if the string is required to be in " but you have to try out. ;)

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 20.X running on Proxmox

    If a post solves your question use the 'Verify Answer' link

  • Nicholas Cutajar said:
    I followed it by a restart yes. I did not get this question "So it was correct that the MAC addresses were really swapped with the hardware ports, right?"

    Sorry for confusing you. 
    What happens now if you enter

    • the MAC from Port2 into the Override MAC address field of Port1?
    • the MAC from Port3 into the Override MAC address field of Port2?
    • the MAC from Port4 into the Override MAC address field of Port3?
    • the Mac from Port1 into the Override MAC address field of Port4?

    Logically the virtual Port should then match the physical one, shouldn't it?
    Please also install v18-GA Build354 as it is the newest and most stable v18 release.

    Maybe some Sophos employee has a tip here too...

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 20.X running on Proxmox

    If a post solves your question use the 'Verify Answer' link

  • No problem, thanks for trying to help out :)

    The below error is displayed when i try to change the MAC address of port 1 with the physical MAC address of port 2. Same error on all interfaces.

    Is it possible to change these from advanced shell? I tried looking for network config files but couldn't find any in their default location.

     Already updated to the latest firmware.

    Thanks,

    Nic

  • Try it via en.m.wikibooks.org/.../Linux and don't forget to write the MACs down somewhere.

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 20.X running on Proxmox

    If a post solves your question use the 'Verify Answer' link

  • Another way to edit the MAC addresses via the console:

    intrusus said:

    You can check out the mac address on the appliance console:

    console> show network macaddr PortA
    Permanent MAC : 00:0C:29:36:C1:66
    Override MAC :
    ---------------------------------
    Current MAC : 00:0C:29:36:C1:66

    You can also edit the mac address of a specific hardware interface by using:

    console> set network macaddr PortA override "XX:XX:XX:XX:XX:XX"

     

    Also don't forget to reset the "Override MAC address" fields in the web admin interface after you set the MAC addresses via the shell. I think this would cause trouble too. 

    Intrusus
    Sophos Certified Engineer | Sophos Certified Technician

    private lab:
    XG firewall with SFOS 20.X running on Proxmox

    If a post solves your question use the 'Verify Answer' link

  • Hi,

    So, in advanced shell i cannot find any file specified in that article you linked so couldnt change them from there.

    from the console it throws the same error as the Web Gui shown below.

     

     

    Somehow i think the MAC needs to be change pre boot not sure if possible or how to do so.

    Thanks,

    Nic

  • Hi,

    sorry for the late response I have been up to my ears in my own hardware issues.

    When you installed the SW version did you see a list of interfaces to choose from, you should have a list of 4 interfaces with their MAC addresses?

     

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi,

    sorry for the late response I have been up to my ears in my own hardware issues.

    When you installed the SW version did you see a list of interfaces to choose from, you should have a list of 4 interfaces with their MAC addresses?

     

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • Hi,

     

    Glad i am not alone [:P]. During installation i was not prompted with any interface selection, it simply completes and it requests me to remove the installation USB. During setup wizard it automatically selects the WAN and LAN ports (For my case it was: port 4 LAN, port 1 WAN). Apart from the ports being misaligned everything else seem to be working fine. I will do some speed test later on today to see if it can handle 250/15 Mbps WAN connection without issues.

     

    I do have a list of 4 MAC addresses which i can get from the CLI and the Web GUI if it would be of any help.

     

    Thanks,

    Nic

  • Hi Nicholas,

    I am now used to XG doing its own thing with port numbering. What i see during installation is not the same as the running order, but have found by having two ports active during installation I can get access to the GUI using the standard address etc.

    My initial XG was a 2 port device, that I wanted to expand for some more setup testing so installed a dual port NIC and suddenly no connections, the XG had decided that the dual port NIC was 1 and 2 not the regional ports. Painful is all I can say especially if you have come from a UTM where you can change port order.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi All,

     

    Thanks all for the support, much appreciated.

     

    In regards to the port assignment i couldn't get them to behave properly no matter what i tried from the suggested. I ended up doing the below.

    So basically, the hardware ports are wrongly labelled by Sophos. I renamed the Interface names to match the ports on the appliance while keeping the default MAC for all ports.

    This was the cleanest approach i could find.

      

     

    Thanks again,

    Nic