Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CR25iNG to XG10.5 New Deployment. Cant activate with only LAN connected.

I am installing a new CR25iNG at a site, and decided to use it to look at and learn the XG configuration before retiring their existing firewall.

So I installed the CR25iNG on the network, using only the LAN port and a static route to point the default gateway to the existing firewall which is on the local LAN. This allowed me to activate the Cyberoam, download filter databases and upgrade firmware.

I have upgraded it to the XG firmware, and in order to Activate the unit I need to attach the WAN port for an internet connection. The Web interface provides no way of doing anything while there is no live internet to activate.

Using Telnet to the XG, I can see the console menu options. One of them talks about setting static routes, but only provides a Multicast Route option.

How can you do a side by side installation and migration from an existing unit if it must have a live internet feed to activate?



This thread was automatically locked due to age.
  • Hi Daniel,

    The easiest way to activate the Cyberoam Appliance in this scenario is have your PC connected to the LAN port and the Customers LAN to the WAN Port on the appliance.

    This way the appliance will get an IP Address via DHCP from the Customer LAN and will be able to access the internet, it is only connected like this while activating the appliance and once you have run the wizard you can connect the appliance to the customers LAN by moving the cable from the WAN Port to the LAN Port.

    Once the appliance is activated you can than run the Wizard and perform the initial setup, while the wizard finalizing the setup (i.e. during the reboot) you can move the cable across. After the wizard has run if required you can create the static route to that the appliance can connect to the internet ia the existing router. Later on you can remove this route and change the IP Address on the appliance so that it replaces the router.

    Please note the process as described above does not require you to take the customer existing internet connection offline.

    Hope this helps,

    Leon

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

  • Hi Daniel,

    The XG device needs to be connected to the Internet for it to contact Sophos servers for registration. The internet connectivity is must for the XG device to be successfully registered.

    Do get back if you need further help with this.