This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG 210 with software version XG Home License

Hello All, 

I've been stumbling around on this forum for a few months now but somehow i still didn't find a suitable solution for my issue:

I bought a SG210 for cheap - i was actually considering to buy a pc with double network cards in it but when i saw that SG210 online for $75 i thought i couldn't get any better deal. 
My intention is (and was) to install the software version of XG Home License on a device so i have a fully functional firewall with all the extra's to setup in my home automation system which is, to be honest, slowly overcrowded with IOT devices that 'need' internet access. I wanted to restrict that access (or limit it at least) to only the necessary functions.

I tried several steps and different solutions:

- gparted the internal HD of the SG210 and than use a bootable USB with the SW 17-5-9 ISO on it but on reboot all the LED's start blinking one after the other and beeps from high to low sounded from the SG210

- installed Ubuntu on the SG210 to be sure the partition was empty and again, after reboot, lights and noise from the SG210 but no installation possible

- reinstalled XG Hardware Appliance OS - which worked fine but was limited due to license limitations

So, my questions are: is it possible to run XG Software with a Home License on a SG210? And if 'yes': How do i get it to work?
I am aware that it is possible to run it on a SG115 and similar models - i just haven't found a way to get it to run on a SG210...

I know there could be a chance that these questions are already answered - if so: please move the post to the appropriate board or remove the post at all but please be so kind to refer me to the solution



This thread was automatically locked due to age.
  • Alright, another day, new energy, another update

    Last Thursday i decided to switch SSD's and also see, parallel to swapping SSD's, what Sophos Support could do for my case.


    HD Swapping
    The SSD swap wasn't a success - i was able to swap the SSD, which isn't that big of a deal, and i managed to get the drive gparted as well - what kept surprising me is, that whatever i did or have done in the past week, the LCD display kept broadcasting 'SOPHOS Protected'? I assume that that has something to do with the BIOS?

    With the new SSD installed, i didn't have a SSD laying around less than 500GB, i tried to install SW-17.5.9_MR-9-577.
    I inserted the USB drive in the upper USB slot in the front of the SG210, powered off the SG210 and restarted it - seems like the USB drive isn't recognized, at least, no action on the attached monitor, no blinking HD light and a continues little light on the USB drive itself.
    After 30 minutes + i decided that it took to long for a software version to be inactive so i aborted the operation and decided to insert another USB drive with SW-17.5.7_MR-7-511 into the second bottom USB slot on the SG210. Same result - a complete inactive SG210.

    Than i decided to restart the SG210 with ubuntu-19.10-desktop-amd64 on it and choose the option to run it straight from the USB instead of installing it on the SSD. I than inserted the second USB drive containing SW-17.5.9_MR-9-577 in the bottom slot and i was able to browse through the contents of the USB. When i tried to open one of the files Ubuntu warned me that the file was password protected and since i didn't have, and couldn't find, a password i aborted that operation as well and converted the SG210 back to it's original SSD containing the SFOS Hardware installation of XG...

    No succes in swapping SSD's

     

    Updating the BIOS
    As far as i could have figured out so far is the only way to update or upgrade the BIOS in a SG210 (and for that the almost the whole range of XG & SG Appliances) is to run a firmware download from Sophos: HW-18.0.0_GA-Build321.SF300-321.sig

    Apparently there isn't 'just' an update available that only tackles the BIOS, it's a complete firmware upgrade which, in my opinion, doesn't do anything to the BIOS itself.
    I wrote the file to one of the formerly used USB drives, from which two of the four i have here weren't recognized by windows anymore so i couldn't format them over the Windows File Explorer anymore made me wonder if Rufus was doing it's job: when i opened the Rufus-Log to see what had happened in the past few hours i saw that sometimes no data was written to a USB drive although the GUI gave the green light that Rufus did it's job correctly - this made me doubt about the integrity of the USB drives all together so i decided to use Etcher instead of Rufus for the next attempts.

    The drive prepared to put the .sig image on the SG210 didn't get booted by the SG210 and seemed not to be able to write any data to the SG210. Since it was already running pretty late and i had been on chat with Sophos Support for the past 5 hours i had enough and called it a day - inserted a USB with HW-17.5.7_MR-7-511.iso and 15 minutes later SFOS XG Hardware version was up and running on my SG210...

    No succes in updating the BIOS

     

    Sophos Support Chat
    i knew, before contacting Sophos Support, i didn't had the best starting position: Trying to install a Software version free (home) edition, that was never intended to run, on a Business Appliance without paying for support... But hey, if you don't shoot, you always miss

    I noticed that, of the 11(!) agents i had contact with that day, 8 were completely overwhelmed and puzzled with what i tried to do: referring me to Sophos Home Support, which is a free locally installed protection software which has nothing to do with any firewalls that Sophos sells (i got actually referred to that website 4 times by different agents). 
    Bottom line: 5 hours down the drain, some very capable agents that actually seemed have done a SW on their own firewall as well but couldn't tell my i didn't succeeded i decided to use the Home Support to issue a ticket with a new proposal for Sophos:

    Why not give XG (wannabe) users the same option as they have for UTM - offer a txt-based license to directly insert in their firewall so that we don't have to fumble around the software of the firewall? 

    I mean; why would someone buy an old, discarded SG-firewall and not give it the option to use it the 'clean way'? Chances are that the SG would end up being scrapped anyway and in this way old hardware could get a second life.
    If i look at my own position, the only reason i want to deploy a full XG installation is that the SG210 will be used in my smarthome where IOT-devices are populating my, separated, network but i still want to see how often some of those devices are trying to connect to the web and see where they connect to. In my opinion the XG would be pretty good for controlling all those data streams. This is also what i explained the agent at Sophos Home and of course he came back with the standard answer:

    Hello Koen,

    Thank you for contacting Sophos Home support.

    I understand you're looking to provide some feedback on and experiencing some trouble with Sophos XG Firewall Home Edition. I would be happy to advise.

    As this team only handles Sophos Home, you would want to reach out to the communities for anything regarding Sophos XG Firewall Home Edition. They can be found below:

    https://community.sophos.com/

    If you have any questions or concerns about Sophos Home, please don't hesitate to get back in touch.

    Have a great rest of your day!

    Regards,
    Nick - Sophos Home Support
    For Sophos Home questions and updates, follow @SophosHome
    Click here for Support videos

     

    On which i replied that i wasn't to happy seeing that i spend the best of my day trying to get someone from Sophos to give me a workable suggestion for the issue i contacted them and that i wasn't to pleased with Sophos Support that day. I wrote that i didn't think it would make much sense for people to buy another PC, with 2 NIC's just to be able to run XG Home as SG Appliances are going to flush the markets now that there are new appliances coming up pretty soon and with XG v18 standing ready to be deployed as well.
    The reply from Sophos Home Support Agent:

    I'm very sorry to hear about that Koen, I can certainly understand the dissatisfaction. 

    While our team does only handle Sophos Home, I will see about getting feedback regarding this passed along to the other department. 

    While I'm sure this may have hindered the ability to do so, I hope you have a fantastic rest of your evening.

    Regards,
    Nick - Sophos Home Support
    For Sophos Home questions and updates, follow @SophosHome
    Click here for Support videos

    So... 
    to make a very long story short:
    I'm still running SFOS XG HW on my SG210 - still not able to install the software version and, hopefully, someone at Sophos replies to my request or idea to make the home license available as add in txt-file, which i honestly doubt they will do...

  • Koen,

    try to install Ubuntu on the box,then reboot and install XG SW version. In the post I shared before, and both installed Ubuntu on the box.

    Regards

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • lferrara said:

    Koen,

    try to install Ubuntu on the box,then reboot and install XG SW version. In the post I shared before, and both installed Ubuntu on the box.

    Regards

     

    Thanks for your reply Iferrara, 

    I must say, i was pretty excited to see a way i didn't try so far before so i decided to delay my 'bedtime' a little to try this: 

    Ubuntu on SG210
    Installation worked flawless and Ubuntu runs damn fast compared to my windows 10 installation on my Dell: i went even a step further to completely eliminate any failures that could have gotten into the ISO to burn that i downloaded Etcher on the SG210 running Ubuntu and downloaded the ISO for XG Home Software as well and decided to format my USB key on the SG210 before writing the Sophos ISO on it.

    After i gave the 'reboot' command with the Sophos ISO in the front top slot the SG210 rebooted and than the screen stayed black...
    i waited for 10 minutes or so, powered down the SG210 manually (switch on the back) and powered it back on, this time with the USB in the back of the SG210: same result - blowing fan, black screen...

    When i powered up the SG210 without USB it went straight back to Ubuntu.

    I even tried it with a different USB key, the one made on my Dell - still same results??

    For me this makes no sense: if i boot it with Ubuntu USB inserted it goes straight to the installer. If i boot with the HW version of XG the screen will stay black but after 10 minutes or so 'Für Elise" starts to sound which indicates the installation was successful. But if I inserted the SW version of XG nothing happens at all?!?

    What am I missing here?? And does the LCD on the front keep saying 'Sophos Protection' at all times that there is power on the SG210?

  • Hi,

    if you are loading the software version you will need to connect via serial cable to the console port.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  •  

    this can be a good choice to try. However VGA still have precedence.

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • rfcat_vk said:

    Hi,

    if you are loading the software version you will need to connect via serial cable to the console port.

    Ian

     

    ... i will try this than on monday, no way i can find a db9-RJ45 or an USB-RJ45 cable today.

  • For the time being I will have to put this one on hold here, simply because I haven't got any time in the next few days/weeks...

    At the moment the SG210 is running XG in basic mode in evaluating mode, no subscriptions, no advanced insights, just basic protection.
    I wanna thank all you guys who actively helped trying to solve this issue and if someone wants to take over for the time being: please do so ;)

    I didn't get my hands on a RS232 or com-cable to finish the last suggestion given, that's the disadvantage of living secluded in the mountains :D

  • The easiest way is to remove the hard disk from the SG 210 and install it in another computer, then install the system with the XG Software iso Image. After the installation and bevor the first start remove the hard disk immediately and install it back into the SG.

    That's how I did it with my SG230 Rev. 1 and it runs perfectly since then.

  • How are you making the bootable XG usb stick? If you use a utility like Rufus, then it's possible to choose the wrong options, and end up with a stick that won't boot. If you use something like Win32DiskImager, then it should "just work". 

     

    Short of that being the problem, watching the console for errors during install is your best bet for a clue. Either connecting a serial cable as already suggested, or a vga monitor, if the unit has a vga port on it, will give you a clue as to what is happening. 

  • In Rufus you had to choose the DD-Mode for the Sophos Software Iso.