Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 40845 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to assign domain hostname to SophosXG?

TheBard

Hi, 

coming from a different solution, I've now installed SophosXG on my homelab, everything went fine and I've already moved most of my configuration and linked my AD. The GUI is a LOT more complicated, but previously I had issues fully using my bandwith due to single threaded IPS and now they seems to be solved with Sophos and I'm quite happy with the performance!

What I have not been able to figure out is how to access SophosXG with something different than an IP. For example, in the utm I was using before, once I added it to a domain (let's say "domain.com") and assigned a hostname to it (let's say "firewall"), I could access it from https://firewall.domain.com or https://firewall or https://IP_ADDRESS

I'd love to duplicate the same situation with SophosXG, but I'm unsure on how to proceed to be able to use something like https://sophosxg.domain.com:4444/ to access my device :(

Sorry if it's a stupid question, but I'm still really new to this and I haven't been able to find any related solution on google.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    as with any new piece of software you need to explore the various menus.

    Hosts and services -> fqdn and assign your XG the domain name you use.

    Then in Administration -> add the fqdn to the XG hostname.

    Then assuming you have your own DNS which publishes to the world add your XG or as I do use dydns to publish your XG to the world in the Network tab -> dynamic dns.

    Ian

  • 0 in reply to rfcat_vk

    I don't need to publish it to the WAN side of things, only LAN. 

    Anyway here's what I already did...

    I've set Administration > Admin Settings > Hostname to sxg.my.domain.net
    Then under Host and Services > IP Host I've added sxg with its IP.
    Then to be extra sure I've added a DNS Host Entry under Network > DNS binding "sxg" to the LAN interface.
    Then to be even safer I've tried adding sxg.my.domain.net too but failed with "Identical configuration 'sxg' exists."
     
    Then I asked for help :D And I've ended up adding under Hosts and Services > FQDN Host an hostname for *.my.domain.net even if I have no clue what that even does. 
    I'm not sure what exactly you mean by "Hosts and services -> fqdn and assign your XG the domain name you use" tho. 
     
    At this point no PC on the LAN can resolve sxg.my.domain.net or sxg. 
     
    I'm thinking of changing it to something like sxg.domain.net so it doesn't risk being swallowed by the DNS route to the domain controller, but as far as I know that should not happen.
     
     

     

     

  • 0 in reply to TheBard

    Hi,

    the *. in theory means all devices that you have with your domain and are in your DNS are picked by rules.

    Have you assigned your XG an IP address in the FQDN, eg if you move the mouse over the entry does it show an address?

    Are you using the XG as your DNS?

    Some of what I have posted is what you have done, but just trying to clarify the steps.

    Ian

Reply
  • 0 in reply to TheBard

    Hi,

    the *. in theory means all devices that you have with your domain and are in your DNS are picked by rules.

    Have you assigned your XG an IP address in the FQDN, eg if you move the mouse over the entry does it show an address?

    Are you using the XG as your DNS?

    Some of what I have posted is what you have done, but just trying to clarify the steps.

    Ian

Children
  • 0 in reply to rfcat_vk

    XG is the DNS, if I mouseover the *. FQDN I can see a list of other PCs and VMs in the domain (not all of them), but not of XG.

    I'm not sure how to assign an IP address in the FQDN. If you mean adding a DNS Host Entry, I did.

    To be perfectly honest I can't seem to figure out how to add it. I've been experimenting for the last couple of evenings, but it seems there's something I'm either missing or not understanding properly. :(

  • 0 in reply to TheBard

    Hi,

    so what happens when you use the diagnostics on the XG to lookup your XG on the nslookup function?

    I tried tracert to my XG and got some very interesting results, from internal it never actually finds the XG and takes 1 sec to do each step.

    Ian

  • 0 in reply to rfcat_vk

    In Diagnostics if I try to ping sxg.ad.domain.net or simply sxg it does not work, but if I try to ping its own IP it works fine (unsurprisingly).

    Name Lookup using all configured servers (atm they are the two Google DNSs) of course returns failed, but if I try to use specify other with XG's IP it works for "sxg" and  FQDN. Likewise traceroute for FQDN and "sxg" works. 

    But if I try to ping sxg or FQDN from any PC in the network it does not work (can't find host), but the IP works fine. (XG's DHCP gives XG's IP as the only DNS to all PCs in the network)

    I tried looking if there were settings for a DNS cache to clear somewhere, but I haven't found anything of the sort.

  • +2 in reply to TheBard

    Hi,

    you identified the issue, you do not have the XG as a DNS in list.

    ian

  • +1 in reply to rfcat_vk

    Oh, so I need to put itself as a DNS? 

    I thought that if the PCs aimed at it as their only DNS it would use the other DNS only to resolve addresses it didn't already know. Different UTM/Firewalls sure have wildly different ways to be configured :D

    I did that and rebooted the DNS service (since I found it at the end, no need to reboot to make sure anymore! yay) and now it appears to be working.

     

    Thanks for the help!