Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 24 replies
  • Subscribers 41 subscribers
  • Views 72003 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to install, setup, and configure XG Home on Hyper-V

Rob Moorhead

Hi,

I am trying to install XG Home Edition on Hyper-V. I followed the Virtual Appliance documentation as far as I could because it only covers VMWare. I created a VM using the minimum requirements and installed XG Home no problem. When it is up and running I see a command prompt with a menu system to use for configuration. The document says you should connect to 172.16.16.16:4444 to use the GUI but the computer hosting the VMs is running 192.168.10.xxx. I'm assuming that the IP my VM host has is incompatible with the firewall and cannot display the firewall GUI.

What do I need to do next so I can configure everything required? Is it possible to change the firewall so it uses 192.168.10.xxx so I can access the firewall GUI? Should I just do everything from the command line? What is best practice in setting up this firewall correctly?

Thanks,

Rob



This thread was automatically locked due to age.
  • 0 in reply to NashBrydges
    Hi Nash,
     
    This is my configuration.
     
    Cable connected to Motorola Surfboard
    Motorola Surfboard is connect to WAN port of Netgear Broadband Router
     
    Netgear configuration:
    DHCP Enabled
    IP address - 192.168.10.1
    Subnet mask - 255.255.255.0
    DNS - 75.75.75.75, 75.75.76.76 (Comcast DNS)
    DMZ - not enabled
    WiFi - disabled
     
    Netgear Router connects to Linksys 5-port unmanaged switch
    Linksys 5-port unmanaged switch connects to onboard NIC at Physical VM Host
     
    The onboard NIC at Physical VM Host connects to a Hyper-V virtual switch which I called WAN.
    The WAN Hyper-V switch connects to the Sophos Firewall VM.
    (Intended WAN side IP - 192.168.10.6, Subnet - 255.255.255.0, Gateway - 192.168.10.1, DNS - 192.168.10.1)
     
    The LAN side of the Sophos Firewall is connected to another Hyper-V virtual switch which I named LAN.
    (Intended LAN side IP - 192.168.20.1, Subnet - 255.255.255.0, Gateway - 192.168.20.1, DNS - 192.168.20.1))
     
    The LAN virtual switch is connected to an add-on NIC in a PCI slot in the Physical VM Host.
     
    The LAN side NIC is connected to a different Linksys 5-port unmanaged switch.
    The LAN Linksys 5-port unmanaged switch is connected to an Asus Broadband router and all other LAN devices.
     
    Asus configuration:
    DHCP (currently disabled but will be enabled once the firewall is working)
    IP address - 192.168.20.9
    Subnet mask - 255.255.255.0
    Gateway - 192.168.20.1
    DNS - 192.168.20.1
     
    Is there some way to determine from the device console which NIC the firewall thinks is eth0? I'm not sure I could say which is which without some inspection. Also, none of my network devices are using 172.x.x.x. It is much easier to IP the firewall with 192.168.10.6. Is it possible to get setup in this config or is 172.x.x.x required until configuration is complete?
     
    If I left out some details, please let me know and I will clarify.
     
     
    -Rob
  • 0 in reply to Rob Moorhead

    Do you have to log in to your internet connection or is it always on? Is it a PPPoE connection?

    Option 1:

    If your internet connection IS PPPoE and you have to have your Netgear router to perform the login, enable DMZ and place the IP that Netgear has assigned to your Hyper-V server into the DMZ (this is done on the Netgear router). Then make sure your WAN Port in Sophos XG is set to PPPoE (this is done in Sophos). You'll then have the option to enter your login credentials for the WAN port in the firewall (also done in Sophos).

    Option 2:

    The easiest option is if you are NOT PPPoE and you can simply connect directly to your Surfboard modem and obtain an external IP address. In this case, you would have selected DHCP for your IP assignment in your WAN port on Sophos.

    Try the option that best describes your situation (PPPoE yes or no) and see how that goes.

     

    In my own scenario, I have a PPPoE connection so I followed option 1 and it works.

  • 0 in reply to Rob Moorhead

    Rob Moorhead said:
     
     
    Is there some way to determine from the device console which NIC the firewall thinks is eth0? I'm not sure I could say which is which without some inspection. Also, none of my network devices are using 172.x.x.x. It is much easier to IP the firewall with 192.168.10.6. Is it possible to get setup in this config or is 172.x.x.x required until configuration is complete?
      

    Unfortunately, I never found an easy way to do this. It was trial and error. I took a laptop, set static IP to 172.16.16.18 and subnet 255.255.255.0. I then connected to each port and attempted to connect to the browser interface at 172.16.16.1:4444. When I was successful, I knew this was the LAN port.

    When setting up the VM, I found it easier to assign the LAN virtual switch first, then add a second network connection AFTER the VM had been created. In this way, by default Sophos uses the first port as the LAN port.

  • 0 in reply to NashBrydges

    Nash,

    I do not need to log into my internet connection and it is always on.

    How can I tell which NIC is eth0 so I know I'm using the correct one? I'm guessing that eth0 would be the built-in NIC.

    Once the firewall is configured and running, I would re-IP and connect everything to suit my original plan?

     

    -Rob

  • 0 in reply to Rob Moorhead

    Rob Moorhead said:

    I do not need to log into my internet connection and it is always on.

    Perfect, then Option 2 is what I'd recommend you try.

     

    Rob Moorhead said:

    How can I tell which NIC is eth0 so I know I'm using the correct one? I'm guessing that eth0 would be the built-in NIC.

    I used a laptop to see which one was the LAN NIC. Once I could connect to the LAN, I knew the other was the WAN.

     

    Rob Moorhead said:

    Once the firewall is configured and running, I would re-IP and connect everything to suit my original plan?

    Yes. I found it easier to set all of my hosts and services ahead of my cutover so I had less work to do. I also wrote down all of my firewall rules and exceptions although Netflix did give me a hard time but finally got it working.

    My only remaining problem is with VoIP.

  • 0 in reply to NashBrydges

    Nash,

    NashBrydges said:
    Rob Moorhead

    How can I tell which NIC is eth0 so I know I'm using the correct one? I'm guessing that eth0 would be the built-in NIC. 

     

    I used a laptop to see which one was the LAN NIC. Once I could connect to the LAN, I knew the other was the WAN.

     

    I hate to ask this question but I'm really unclear how you tested. Where did you physically connect your laptop to test the ports?

    Also, the documentation made it sound like if you didn't meet the minimum configuration that the OS would not install. If you only had one NIC on your VM at the time of installation, it should have failed if the documentation is correct.

    It seems odd or backwards that you configure while connected to the LAN NIC but at this point, I'll try anything.

    Thank you so much for taking the time for all of your responses! I'll beat this thing yet...

     

    -Rob

  • 0 in reply to Rob Moorhead

    The minimum requirements are to have 2 NIC ports so as long as you have that, you should be fine. 

    1. Create a virtual switch connected to one of the physical NIC ports and call that one LAN
    2. Create a virtual switch connected to the other physical NIC port and call that one WAN
    3. Create your VM from the Hyper-V GUI and when asked to select the network, select the LAN virtual switch
    4. Complete the VM config
    5. Once the VM config is complete, go back to the VM settings and choose Add Hardware and proceed to add a network adapter, selecting the WAN virtual switch
    6. Proceed to start the VM and install Sophos

    Once the VM boots up, I setup my laptop with a static IP address of 172.16.16.18 and subnet of 255.255.255.0 (gateway remains blank). I take my laptop and connect it to the physical server NIC port that I used when I created my LAN switch. Since Windows doesn't make it easy to identify which ACTUAL port was used (because it sometimes names them in some weird random order) I plugged into the first port and attempted to access the Sophos web interface. It took a few minutes to come online so be patient. If that doesn't work, then likely you'll need to use the other physical NIC port. Try it out to confirm. Once you confirm which one is the LAN (meaning you can access the Sophos web interface) then plug the other physical NIC port directly into your Surfboard. 

    The key is to figure out which is your LAN, once you have that, by default, the other is your WAN.

    Proceed with activation and license sync.

  • 0 in reply to NashBrydges

    Nash,

    Ok, I follow you now. I will take another shot at this tonight and report back.

     

    -Rob

  • 0 in reply to Rob Moorhead

    Good luck. Let me know if you still have problems. I'm no expert but I got mine to work in Hyper-V so I know it works.

  • 0 in reply to NashBrydges

    Nash,

    Good luck on VoIP. I won't be setting that up myself.

    So here is what I accomplished so far:

    Rebuilt my VM to your spec.

    Reinstalled SFOS 16.05.3 MR-3 for a clean environment.

    Disconnected both ethernet cables from the physical server, set my laptop for 172.16.16.18 and connected to the built-in NIC. I received a reply on this port so would be the LAN port. I connected to the other port and I was unable to receive a reply making this one the WAN port.

    I labeled everything accordingly and now I'm out of time. I'll pick again tomorrow.

    -Rob

Unfiltered HTML