XG Home on XG 115 Rev3 Appliance

Question

Hi All, 
 
 So i just bought an XG 115 rev3 Appliance and my intention was to install the Sophos appliance on it to use it at home and make use of the XG home license. The issue i encountered was that after a successful install of the SW images (Tried these, same result: SW-17.5.10_MR-10-620 or SFOS_OSS-17.5.10_MR-10-620 or SW-18.0.0_GA-Build339-339) I cannot reach the appliance to complete the initial wizard. When patched to port 1 the port seems active but no traffic seems to pass since i cannot reach the https://172.16.16.16:4444 (not even ping), while ports 2-4 dont light up at all. On the other hand if i install the HW image (HW-17.5.10_MR-10-620 or HW-18.0.0_GA-Build339-339) everything works fine and i can reach the appliance. 
 I researched here before buying the appliance and it seemed to be possible to run the SW images on the appliance without issues but unfortunately it is not working for me. 
 Steps done to install the SW image: 
 
 Burn Gparted on a USB 
 Boot the appliance via the Gparted USB 
 Remove any partitions and create a new empty ext/4 partition 
 burn one of the SW XG images mentioned above 
 Boot the appliance via the USB 
 Installation takes place without issues 
 Connect PC with IP address of 172.16.16.2/24 on Port 1 on the appliance 
 Appliance cannot be reached (Console access works via console cable) 
 
 Any idea of what perhaps is wrong? I suspect that there are missing drivers in the SW images but i cant tell for sure. 
 Any help is much appreciated. 
 Thanks, 
 Nic

intrusus · Accepted Answer

Try this like in KB123542 described: 
 
 Log in to the Command Line Interface (CLI) using Console Access. 
 Select option 4. Device Console . 
 Execute the following command: system appliance_access enable 
 (You can try via ping command on the advanced shell if you can reach your admin computer - check also if the network config of the XG is correct) 
 Try again to connnect to the XG via Admin Web Interface. 
 Log in to the Admin Console as an administrator and go to Administration > Device Access. Tick the boxes under HTTPS in all the desired or required zones. 
 Execute the following command in the Device Console: system appliance_access disable 
 
 Note: The system appliance_access command will cause a short network interrupt on the XG.

intrusus · Answer

Appliance Port 1 shows as Port 2 on Web interface 
 Appliance Port 2 shows as Port 3 on Web Interface 
 Appliance Port 3 shows as Port 4 on Web Interface 
 Appliance Port 4 shows as Port 1 on Web Interface

This also seems to have caused you to be unable to reach the web interface. Apparently the ports were internally swapped and the LAN interface was not recognized as such. 
 The swapped ports seem often to be due to the MAC address allocation of the XG. Often the "size" of the address is used here: the higher the numbers of the MAC address at the end, the higher the port number. For me, if I create a virtual machine on a VMware vSphere host and assign 8 interfaces to it, it's the same as with you. I had to go through a lot of Mac address changes, because VMware automatically creates addresses for the interfaces and XG maps ports randomly to these addresses. After some time I got it finally working and the Ports were set correct. This is something that should really be addressed by the Sophos developers. No other firewall maps MAC addresses to ports as strangely as XG. [:(] 
 Back to your problem: First check the MAC addresses of the hardware interfaces with the command: ifconfig Then check out the MAC addresses in the Web Admin interface, you're also able to edit them there: 
 
 Let us know if this works out for you. 
 Cheers