This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM Home 9(asg): Cannot connect to webadmin to complete setup

Hello everyone!

I'm having MAJOR issues getting Sophos UTM 9.5 (Home) to start running at all! I bought a refurbed small-form PC with all the right specs (4GB Ram [added 4 more for 8], quad-core intel processor, 250GB HD, added a multi-port NIC: HP NC364T 4Pt Gigabit Server Adapter with Intel chips), and, using a separate monitor and keyboard, Sophos has installed smoothly on this (multiple times, actually) with no trouble.

The problem comes with trying to connect Sophos to the network and access WebAdmin to complete setup: when I connect the ethernet cables to place Sophos within the network, everything comes to a crashing halt, including my network: I cannot access WebAdmin, I cannot surf, nothing: it always says that x.x.x.x:4444 (the UTM) is "unreachable." I'm guessing something is wrong with my network setup, but I cannot for the life of me figure it out! Starting from the beginning:

1) ISP modem. It is originally set for IP-passthrough to my wireless router; I'm guessing I'll have to change this to the UTM's MAC address later in order to get internet access. This is wired to...

2) UTM. From research here, I found that port-confusion was a common cause for failures. I used an ethernet "blink" command to check and ensure that the correct cables are going to the correct ports (I configured eth0, the PC's default port, for the WAN/ISP cable; eth1 (the first on the multi-NIC card) has the LAN cable leading to...

3) Wireless router. From research here, for this configuration I know the ethernet cable should be plugged into one of the LAN ports in the back, NOT the WAN port. Originally this router was performing wi-fi AND routing duties, but after researching here, I know that it will now behave more like a "dumb" Wi-Fi switch, with the UTM doing the routing, firewalling, and other heavy lifting. Before connecting the wireless router, I place it in Access Point mode, which disables the firewall, IP-sharing, and NAT functions automatically (and just to make sure, I manually disconnected DHCP; it is getting everything--IP address, DNS, etc.--externally).

Some extra hints/clues:

- The ethernet ports on the back of the UTM light up, and the eth1 port (with the LAN wire) blinks, so SOMETHING is going on.

- Pinging the UTM (when connected) results in "Request Timed Out" errors.

I'm still getting error messages in my browsers, saying that "host https://nnn.nnn.nnn.nnn:4444 is unreachable."  At this point, I don't know else to try! Does anyone have any idea what else could be wrong?

THANKS!



This thread was automatically locked due to age.
Parents
  • Hi and welcome,

    have you put a fixed IP address in your PC along with the gateway address of your UTM?

    Initial install does not start a DHCP server function. I assume the https://192.168.1.100:4444 from memory is the default IP address of the admin/internal interface, are you using this.

    When you build your UTM only connect one ethernet cable so you can identify which NIC you are using.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hello Ian...thanks for responding!

    I've been trying to use my laptop's wireless connection to my wireless router (since the router is now set up simply as an Access Point) to make the necessary changes (the UTM is hardwire-connected to one of the LAN ports in the back of the router, as suggested in the forums).  So, a couple of questions:

    - Do I need to alter/tamper with the configuration of my wireless connection in some way?  OR

    - Are you saying that for now, I need to have a hardwire connection to the UTM in order to make the changes?

    In the meantime, I'm beginning to get a little suspicious of the multi-NIC card I purchased.  It's a Hewlett Packard card meant for this PC (NC364T), and the description SAID that it had Intel chips, but you never know.  I'm doing a fresh install of Sophos and changing my LAN connection port to eth0 (the network interface port on the Motherboard; I KNOW that one's Intel).

  • But, what you did not say was whether you have a hardcoded IP address in the laptop in te same range as the UTM internal interface..

    Is the AP in the same address space as the UTM?

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi all,

    during the installation, the procedure asks for network settings for sophos WAN and LAN. did you configure them?

    have you tried to connect a monitor to the sophos, pressing F2 and look at some screen messages?

    Best regards

    Nick

  • Hi Nick,

    I disagree with your first line. During installation the software checks for at least 2 seperate NICs. It only provides a default address for the internal interface which you use for configuration and licence.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi Nick,

    I disagree with your first line. During installation the software checks for at least 2 seperate NICs. It only provides a default address for the internal interface which you use for configuration and licence.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • Hello everyone!

    Nick, thanks for adding your suggestions!  

    rfcat_vk, I don't have my IP address hard-coded into my laptop (at least, nowhere that I'm aware)...it takes its IP address from whatever is providing doing DHCP duties (previously my router). 

    On the setup/configuration question:  you're both partially right:  on install the UTM software does a system check to see what components are available...for my computer, when it found the NICs (both the on-board NIC and the 4-port multi-NIC card), it simply assigned them ethernet addresses (eth0, eth1, etc.).   Then, toward the end, it asks which of those interfaces do you want to use for the initial connection to the UTM/WebAdmin.

    That being said, I think I've solved my problem!  Originally during the software install, I specified that the LAN ethernet cable which would be used to access the UTM (coming from the router) would be plugged into eth1, one of the ports on the multi-port NIC card...*I* wanted the internet cable to connect to eth0 (the motherboard's on-board ethernet port).  I know from reading somewhere that Linux conventions actually prefer the opposite (LAN port into eth0, ISP/WAN in eth1/ethx,) but I thought nothing of that since I was making a clear selection of my preference during the install.  Well, apparently Linux REALLY likes that convention and the UTM will only function in that configuration (which means it's not really an option), and that was behind my failures:  on a whim, I decided to do a fresh reinstall on the UTM (for the 5th time) and leave the default selection of the eth0 port for UTM/WebAdmin access in place...and IT WORKED

    Now, I'm still having some problems:  initially, I could connect to WebAdmin, but none of my computers could connect to the Internet (other devices could)...I got that working by power-cycling many of the non-connecting devices, including my laptop.  I'm struggling a bit with DHCP (there are several computers/devices that I thought I had made static, but they keep showing up in the dynamic area), and I'm having significant trouble with certain devices/services, like Ooma and XboxLive, but I'm working on those at the moment...depending on whether my research turns anything else up, you guys may see me posting in another thread for that!   ;-D

    Anyway, I would encourage everyone to try leaving the ethernet port-choice setting to the default (I DID change my IP address to fit with the scheme my router had and all network devices had been previously using, so it seems you can change that without hiccups).