Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 40 subscribers
  • Views 17644 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

My experience reinstalling Sophos OS with current build ISO

Ibeme

Yesterday I decided to reinstall my Sophos OS (Upgraded from beta with beta license)
due to the license being tied to the Installation it was necessary to instal the home use license.

First I installed Sopohs OS from the ISO. Then I tried to reach the webadmin Interface on 172.16.16.16/24.
The Interface was pingable but it was not possible to reach any services. (User Portal, Webadmin etc)

So I reinstalled again. Same thing after that.
Login to the console was also not possible, because I had to accept the EULA to get in there.

I think the activation process is not really intuitive and straight forward.
I also don't know how to activate Sophos OS if you don't already have some router and need PPPoE to get a Connection to the Internet.

The activation process in Sophos UTM was much easier.

After reinstalling a few times I decided to Switch back to my UTM 9 (other SSD).
I couldn't manage to access the freshly installed current build and activate it.

One time I was able to get to the webadmin. After relocating the Sophos XG I wasn't able to get in anymore.
It seems that some ports aren't opened under certain circumstances, not knowing which they are.

After seeing the beta and the activationprocess of the new Sophos XG, I really wanted to like it. But finally I think it has to improve much in some areas to be a replacement for Sophos UTM.

I know that some technical areas, like the Webfilter are outdated in Sophos UTM (32-bit) but currently I wouldn't switch important customers to Sophos XG.

I will try again in Version 2.

I hope it has improved by that time. Currently I think that it has been released too fast and it's still beta.

What do you think about it?



This thread was automatically locked due to age.
  • 0
    Hi,
    the version you and I are playing with is still beta, but the version existing XG customers have (same version as you and I) is considered production. The registration process has improved over the beta. You do need to have two interfaces setup in a vm environment otherwise you can't synchronise it.

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

  • 0
    I know that I Need to have 2 interface setup and I managed to register it in the earliest beta version.

    The issue in the current version is, that some ports that are needed to access the webadmin are sometimes not opened for a reason. And I can't figure out which circumstances trigger that behaviour.

    After first Installation I was able to access the webadmin for 1 time.
    On the second and third Installation the ports weren't opened after bootup.

    So I was not able to access the webadmin at all after installation.

    I didn't have that problem in beta.

    And the fact that you can't change your license without reinstallation Sophos OS isn't that great.
    I hope that this improves with time.
  • 0 in reply to Ibeme
    I think I missed th efull meanig of a comment in your original post, after relocating the XG I couldn't access it anymore. Are you installing the XG on a VM then moving it? I don't think works very well?
    The activation process was improved between the original beta and the released product. You need two ports to register and port 1 has dhcp enabled and I believe all ports open, no policies installed. Port 2 requires an IP address, a DNS entry and access to the internet. You can set this up either through the limited gut or the cli.
    And yes I agree with you, this registration process is very cumbersome and not reliable looking at the number of complaints.

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

  • 0
    I will reinstall the XG today because my license is expiring on 5th.
    What I would like to do is to save reporting. No way to export them using Import-Export features.

    Luk
  • 0
    @Ian:
    I installed Sophos XG on a Little Hardware box with Intel Atom processor (Software Image of XG).
    In the place, the box normally stands, is no display to install it. So i needed to install it and relocate it to the place without the display.

    I know that I need 2 interaces for activation. I can ping the internal Interface. By default it has IP 172.16.16.16.
    But I can't access the webadmin. If I try to Access it through https://172.16.16.16:4444 nothing responds.
    The ports aren't opened by Sophos XG Firewall. But I don't know which circumstances do trigger that behaviour.

    The second problem is, that you first have to accept the EULA to get into the cli and you have to accept it through the webadmin Interface which I can't access (limited GUI). So I'mt not able to configure anything when I can't Access the webadmin Interface.


    @lferrara:
    I think there is no way to keep the reporting data. The only way known to me is to use iView to keep the reporting data through an Installation. There is no other way known to me, but that doesn't mean that there couldn't be a way. :)
  • 0 in reply to Ibeme
    I would suspect, but can't prove that your NICs are not supported by the XG software. Does the MB have space for an expansion card, if so, try adding a dual port Intel based NIC. There is nothing about opening or closing ports on the initial installation. The software will allow you full access to the https://172.16.16.16:4444/ if the NIC is supported.

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

  • 0
    Strange thing is, that it worked in beta and it worked with the current build one time.
    I would suspect that the Management IP would even be pingable if the NIC is not supported.

    And it worked with current build (with upgrade from beta to actual build) without an issue.
    So i would suspect that some ports aren't opened, because the IP is pingable but I can't access the webadmin for initial setup.
Unfiltered HTML