This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG 210 with software version XG Home License

Hello All, 

I've been stumbling around on this forum for a few months now but somehow i still didn't find a suitable solution for my issue:

I bought a SG210 for cheap - i was actually considering to buy a pc with double network cards in it but when i saw that SG210 online for $75 i thought i couldn't get any better deal. 
My intention is (and was) to install the software version of XG Home License on a device so i have a fully functional firewall with all the extra's to setup in my home automation system which is, to be honest, slowly overcrowded with IOT devices that 'need' internet access. I wanted to restrict that access (or limit it at least) to only the necessary functions.

I tried several steps and different solutions:

- gparted the internal HD of the SG210 and than use a bootable USB with the SW 17-5-9 ISO on it but on reboot all the LED's start blinking one after the other and beeps from high to low sounded from the SG210

- installed Ubuntu on the SG210 to be sure the partition was empty and again, after reboot, lights and noise from the SG210 but no installation possible

- reinstalled XG Hardware Appliance OS - which worked fine but was limited due to license limitations

So, my questions are: is it possible to run XG Software with a Home License on a SG210? And if 'yes': How do i get it to work?
I am aware that it is possible to run it on a SG115 and similar models - i just haven't found a way to get it to run on a SG210...

I know there could be a chance that these questions are already answered - if so: please move the post to the appropriate board or remove the post at all but please be so kind to refer me to the solution



This thread was automatically locked due to age.
Parents
  • Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • Hey Luk, 

    Your link was exactly the steps i took with the SG210 and that resulted into a chirping & blinking appliance.
    I see plenty of SG115's being 'converted' to Software XG Home but somehow i get the feeling that the SG210 doesn't play along in that list...

    I planned my afternoon free to fiddle around again: i'll start with gparted again and start from scratch.
    Funny thing though: whatever i have done so far, the text on the LCD Display keeps saying "SOPHOS protection" - should that be a clue that, no matter what i did so far, the SSD is still not empty?

    Thx in advance for your support/input

    Koen

  • __________________________________________________________________________________________________________________

  • Seen that on a few times already but i thought that one is pretty dead since the last post is from 2018...

  • You can basically follow the same processes like those people. Should work. 

    __________________________________________________________________________________________________________________

  • LuCar Toni said:

    You can basically follow the same processes like those people. Should work. 

     

    It was the original thread i was going with till i got stuck with that chirping/blinking SG210 and i wasn't looking forward in opening the box and replacing the SSD but, the longer i am on it - the more appealing that starts to sound...

    I think i will write a suggestion to Sophos as well since there are more and more older appliances coming onto the private market and it would be a waste if they end up as scrap - although something tells me it will not have much impact on them ;)

  • Hi Koen,

    besides replacing the disk, I suspect you need a bios upgrade. I am not sure how you go about locating the BIOS upgrade for a Sophos firewall?

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with AP55/c - 20w. 
    If a post solves your question use the 'This helped me' link.
  • rfcat_vk said:
    Hi Koen,

    besides replacing the disk, I suspect you need a bios upgrade. I am not sure how you go about locating the BIOS upgrade for a Sophos firewall?

    Ian

    Exactly my thoughts; i figures that it might had something BIOS related, i did find out that there’s also a password embedded in the BIOS that i don’t know so flashing the whole thing would or could also be a step closer to the solution...?

    But after spending around 5 hours online with Sophos support I’m a bit done with firewalls today: tomorrow is a new day

  • Alright, another day, new energy, another update

    Last Thursday i decided to switch SSD's and also see, parallel to swapping SSD's, what Sophos Support could do for my case.


    HD Swapping
    The SSD swap wasn't a success - i was able to swap the SSD, which isn't that big of a deal, and i managed to get the drive gparted as well - what kept surprising me is, that whatever i did or have done in the past week, the LCD display kept broadcasting 'SOPHOS Protected'? I assume that that has something to do with the BIOS?

    With the new SSD installed, i didn't have a SSD laying around less than 500GB, i tried to install SW-17.5.9_MR-9-577.
    I inserted the USB drive in the upper USB slot in the front of the SG210, powered off the SG210 and restarted it - seems like the USB drive isn't recognized, at least, no action on the attached monitor, no blinking HD light and a continues little light on the USB drive itself.
    After 30 minutes + i decided that it took to long for a software version to be inactive so i aborted the operation and decided to insert another USB drive with SW-17.5.7_MR-7-511 into the second bottom USB slot on the SG210. Same result - a complete inactive SG210.

    Than i decided to restart the SG210 with ubuntu-19.10-desktop-amd64 on it and choose the option to run it straight from the USB instead of installing it on the SSD. I than inserted the second USB drive containing SW-17.5.9_MR-9-577 in the bottom slot and i was able to browse through the contents of the USB. When i tried to open one of the files Ubuntu warned me that the file was password protected and since i didn't have, and couldn't find, a password i aborted that operation as well and converted the SG210 back to it's original SSD containing the SFOS Hardware installation of XG...

    No succes in swapping SSD's

     

    Updating the BIOS
    As far as i could have figured out so far is the only way to update or upgrade the BIOS in a SG210 (and for that the almost the whole range of XG & SG Appliances) is to run a firmware download from Sophos: HW-18.0.0_GA-Build321.SF300-321.sig

    Apparently there isn't 'just' an update available that only tackles the BIOS, it's a complete firmware upgrade which, in my opinion, doesn't do anything to the BIOS itself.
    I wrote the file to one of the formerly used USB drives, from which two of the four i have here weren't recognized by windows anymore so i couldn't format them over the Windows File Explorer anymore made me wonder if Rufus was doing it's job: when i opened the Rufus-Log to see what had happened in the past few hours i saw that sometimes no data was written to a USB drive although the GUI gave the green light that Rufus did it's job correctly - this made me doubt about the integrity of the USB drives all together so i decided to use Etcher instead of Rufus for the next attempts.

    The drive prepared to put the .sig image on the SG210 didn't get booted by the SG210 and seemed not to be able to write any data to the SG210. Since it was already running pretty late and i had been on chat with Sophos Support for the past 5 hours i had enough and called it a day - inserted a USB with HW-17.5.7_MR-7-511.iso and 15 minutes later SFOS XG Hardware version was up and running on my SG210...

    No succes in updating the BIOS

     

    Sophos Support Chat
    i knew, before contacting Sophos Support, i didn't had the best starting position: Trying to install a Software version free (home) edition, that was never intended to run, on a Business Appliance without paying for support... But hey, if you don't shoot, you always miss

    I noticed that, of the 11(!) agents i had contact with that day, 8 were completely overwhelmed and puzzled with what i tried to do: referring me to Sophos Home Support, which is a free locally installed protection software which has nothing to do with any firewalls that Sophos sells (i got actually referred to that website 4 times by different agents). 
    Bottom line: 5 hours down the drain, some very capable agents that actually seemed have done a SW on their own firewall as well but couldn't tell my i didn't succeeded i decided to use the Home Support to issue a ticket with a new proposal for Sophos:

    Why not give XG (wannabe) users the same option as they have for UTM - offer a txt-based license to directly insert in their firewall so that we don't have to fumble around the software of the firewall? 

    I mean; why would someone buy an old, discarded SG-firewall and not give it the option to use it the 'clean way'? Chances are that the SG would end up being scrapped anyway and in this way old hardware could get a second life.
    If i look at my own position, the only reason i want to deploy a full XG installation is that the SG210 will be used in my smarthome where IOT-devices are populating my, separated, network but i still want to see how often some of those devices are trying to connect to the web and see where they connect to. In my opinion the XG would be pretty good for controlling all those data streams. This is also what i explained the agent at Sophos Home and of course he came back with the standard answer:

    Hello Koen,

    Thank you for contacting Sophos Home support.

    I understand you're looking to provide some feedback on and experiencing some trouble with Sophos XG Firewall Home Edition. I would be happy to advise.

    As this team only handles Sophos Home, you would want to reach out to the communities for anything regarding Sophos XG Firewall Home Edition. They can be found below:

    https://community.sophos.com/

    If you have any questions or concerns about Sophos Home, please don't hesitate to get back in touch.

    Have a great rest of your day!

    Regards,
    Nick - Sophos Home Support
    For Sophos Home questions and updates, follow @SophosHome
    Click here for Support videos

     

    On which i replied that i wasn't to happy seeing that i spend the best of my day trying to get someone from Sophos to give me a workable suggestion for the issue i contacted them and that i wasn't to pleased with Sophos Support that day. I wrote that i didn't think it would make much sense for people to buy another PC, with 2 NIC's just to be able to run XG Home as SG Appliances are going to flush the markets now that there are new appliances coming up pretty soon and with XG v18 standing ready to be deployed as well.
    The reply from Sophos Home Support Agent:

    I'm very sorry to hear about that Koen, I can certainly understand the dissatisfaction. 

    While our team does only handle Sophos Home, I will see about getting feedback regarding this passed along to the other department. 

    While I'm sure this may have hindered the ability to do so, I hope you have a fantastic rest of your evening.

    Regards,
    Nick - Sophos Home Support
    For Sophos Home questions and updates, follow @SophosHome
    Click here for Support videos

    So... 
    to make a very long story short:
    I'm still running SFOS XG HW on my SG210 - still not able to install the software version and, hopefully, someone at Sophos replies to my request or idea to make the home license available as add in txt-file, which i honestly doubt they will do...

  • Koen,

    try to install Ubuntu on the box,then reboot and install XG SW version. In the post I shared before, and both installed Ubuntu on the box.

    Regards

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • lferrara said:

    Koen,

    try to install Ubuntu on the box,then reboot and install XG SW version. In the post I shared before, and both installed Ubuntu on the box.

    Regards

     

    Thanks for your reply Iferrara, 

    I must say, i was pretty excited to see a way i didn't try so far before so i decided to delay my 'bedtime' a little to try this: 

    Ubuntu on SG210
    Installation worked flawless and Ubuntu runs damn fast compared to my windows 10 installation on my Dell: i went even a step further to completely eliminate any failures that could have gotten into the ISO to burn that i downloaded Etcher on the SG210 running Ubuntu and downloaded the ISO for XG Home Software as well and decided to format my USB key on the SG210 before writing the Sophos ISO on it.

    After i gave the 'reboot' command with the Sophos ISO in the front top slot the SG210 rebooted and than the screen stayed black...
    i waited for 10 minutes or so, powered down the SG210 manually (switch on the back) and powered it back on, this time with the USB in the back of the SG210: same result - blowing fan, black screen...

    When i powered up the SG210 without USB it went straight back to Ubuntu.

    I even tried it with a different USB key, the one made on my Dell - still same results??

    For me this makes no sense: if i boot it with Ubuntu USB inserted it goes straight to the installer. If i boot with the HW version of XG the screen will stay black but after 10 minutes or so 'Für Elise" starts to sound which indicates the installation was successful. But if I inserted the SW version of XG nothing happens at all?!?

    What am I missing here?? And does the LCD on the front keep saying 'Sophos Protection' at all times that there is power on the SG210?

  • Hi,

    if you are loading the software version you will need to connect via serial cable to the console port.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with AP55/c - 20w. 
    If a post solves your question use the 'This helped me' link.
Reply
  • Hi,

    if you are loading the software version you will need to connect via serial cable to the console port.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with AP55/c - 20w. 
    If a post solves your question use the 'This helped me' link.
Children