How to install, setup, and configure XG Home on Hyper-V

Welcome,

you can't change the XG address until you login.

I am able to login because I then get the menu system to aid in configuration. From there I'm not really sure where to get started. I thought the GUI might be more convenient but I can use the command line if need be. Is following the command line guide sufficient to get me up and running in a basic configuration?

I had a similar problems, but have got it sorted.

In Hyper-V I installed the XG from the iso and left everything at the defaults. For the VM settings, I configured two network adapters, both attached to 'external network'. Sophos configured one as 172.16.16.16 and the other picked up a 192.168 address from my LAN DHCP.

I installed a Server 2016 VM with two network adapters, both attached to 'external network'. I then reconfigured one of the network adapters to be:

IP: 172.16.16.15

Subnet: 255.255.255.0

Gateway: 172.16.16.16

The other Server adapter was left to pick up a 192.168 address from my DHCP server.

From the Server VM, I could then connect to the 172.16.16.16 web address and configure the XG to change the IP addresses into ones that made more sense for my setup.

Hope the above helps, but it would have been much simpler if appliance allowed IP addresses to be configured during the initial install.

As a follow up for further configuration...

On the server I have disabled the 192.168 interface, and changed the remaining interface to the 'Private' network in Hyper-V.

On the XG I have added Firewall rules to allow traffic on my private LAN in and out, and also changed the LAN port to be on the 'Private' network in Hyper-V.

Everything is working just fine, so it looks like I'm ready to carry on setting up my lab.

This is where I am current stuck.

My Environment:

Server 2016 Hyper-V on physical workstation - 2 physical NICs

1 VM is created using the minimum specs called out in the Virtual Appliance guide.

1 Virtual Processor - 2GB RAM - 2 vNIC - Primary Disk 4GB - Secondary Disk 80GB

I mounted the VM to the Sophos XG Home ISO and it installed with no problems. The installation ends at prompting for the password. I enter the default password and I then see a menu system that allows you to configure your firewall. I used menu option 1 to configure networking. One NIC is configured to use 172.16.16.16/255.255.255.0 out of the box which is incompatible with my internal IP address. The other NIC has no configuration as it's not connected to anything but a switch. I changed the IP address from 172.16.16.16 to 192.168.10.6/255.255.255.0. The VM Host workstation is able to successfully ping the firewall and it responds as expected. I did set the DNS initially once but I need to verify it is still there. I had this same problem even with DNS configured.

When I choose AA on the menu to activate my software, I get an error message that says no internet connection exists. The VM Host workstation can ping the firewall and any internet address but the firewall claims there is no internet connectivity which can't be true. I accessed the Sophos web interface at https://192.168.10.6:4444. I can see the GUI is in view, login and when I try to activate my software from this interface, there is also a no internet connectivity message.

This is a bit confusing. The VM Host workstation can ping the Sophos VM and the internet. This means that the firewall should have internet connectivity as well since they are all on the same subnet but that isn't the case here. How can I troubleshoot connectivity from the firewall's perspective? I'm considering to add another Linux VM to the host with a 192.168.10.xx address just to see if that computer is able to access the internet as a troubleshooting step.

-Rob

I disabled the vNIC that will be used for my internal network and booted up. I verified the network configuration is still correct and used the device console to verify connectivity to other devices. dnslookup was able to resolve the DNS IP addresses that I am using. When I try to activate, I get the following error message "Internet connectivity OK but unable to contact licensing system. This may be due to a network issue. Please check your network set up and connections and try again."

I did try deleting and recreating my virtual switches but that didn't help.

I have been looking around at the Sophos site in search of an answer and found a page where you can register your devices. I registered the serial number that was emailed to me and it was successfully activated. I noticed that the product type was being reported as UTM where I thought it would be XG Home or something like that. My original serial number is from Jan 2017 and I'm not sure if there is a time limit where you need to use the serial number in a certain timeframe. So I requested another serial number and registered that one successfully. The product type for that serial number is also UTM. None of the documentation says anything about registering your serial numbers on the Sophos website prior to use so I have no idea if this is going to help or not.

I have the new serial number. It was successfully registered on the Sophos website. I downloaded the ISO again and I plan to try installing from scratch again just in case I corrupted something in the course of changing settings. I'll report back with the results this evening when I try this out.

I have installed Firmware version SFOS 16.05.3 MR-3 over the top of the previous version and then changed the settings for IP/DNS.

IP: 192.168.10.6

Subnet Mask: 255.255.255.0

DNS: 192.168.10.1 (broadband router)

I'm still getting the error "Internet connectivity OK but unable to contact licensing system. This may be due to a network issue. Please check your network set up and connections and try again." I used the device console and verified I can ping other devices on the network. I tried to ping Comcast's primary DNS 75.75.75.75 and it is unreachable from the device console. I could not ping google.com either. The VM Host is able to ping 75.75.75.75 and google.com. The broadband router is set to use Comcast's primary and secondary DNS servers and all devices on my network have no connectivity issues.

I created another virtual machine using similar settings and installed Ubuntu Desktop. This virtual machine can ping all network devices, google.com and 75.75.75.75.

The firewall is unable to ping outside of my network but other devices have no problem at all.

-Rob

More than likely you haven't added a gateway to your XG.

Hi Rob,

One thing you haven't mentioned is how your broadband router is connected to your workstation running Hyper-V. The virtual switch you created to act as your WAN connection for the Sophos XG VM needs to be able to obtain an external IP address. I wonder if you're NAT is the problem. Here is what I had to do with my ISP router to get it working.

1. I connected directly from my router to my server NIC port
2. I placed this router connection into the DMZ (I didn't want there to be any NAT issues so this meant this connection would receive its own external IP)
3. I confirmed via cmd line that this NIC connection had a new IP assigned by my ISP. This meant that the NIC connected directly to the outside world with no NAT problems.
4. I created 2 virtual switches (both external) in Hyper-V. The first I named LAN and the second named WAN and selected the correct NIC connection for the WAN virtual switch that connected to my broadband router
5. I created a virtual machine and made sure that the first network I added was the LAN. By default, in these scenarios, Sophos XG uses the first connection as LAN and the second as WAN.
6. I added a second network interface to my VM after the wizard had created it and linked it to the WAN virtual switch
7. I started the VM and installed Sophos XG and rebooted at the end
8. I added a new IP address to my server NIC and gave it a 172.16.16.18 IP.
9. I used my server browser to connect to the https://172.16.16.16:4444 address and from there was able to finish the setup including license sync

The key for me was to ensure that I was able to get direct outside IP address from my router.