Sophos xg home install password? (no, its not "admin")

Hi there.

Any XG firewall I have setup in the past has always been

username: admin

password: admin

as default from initial bootup. if its not that somehow it has been changed or become corrupt.

I take it you followed to the letter the Startup guide?

docs.sophos.com/.../Sophos Firewall Virtual Appliance Getting Started Guide.pdf

So the installation has to be corrupt. I will reinstall it.

Al the info I gathered was from these forums with the help of DuckDuckgo.com.

I reinstalled it twice, still the same problem.

admin+admin is not working in the webinterface.

Btw: webinterface = https://localip

Any thoughts?

https://localip is the user portal

https://localip:4444 is the administrative interface to the firewall.

Hope this helps.

-Ron

 Hi,

Use https://localip:4444 as suggested by Ron and try admin + admin. If that doesn't help, restart the appliance. Keep us updated to proceed further. 

Thanks,

Hello guys, apologies for the late reply.

I tried all of the above:

https://localip:4444 --> not loading.

https://localip is working fine.

I just rebooted te appliance and things are still the same.

I added some screenshots the show the problem.

Hey Jimmy Le man 

After performing the admin reset procedure advised above by Jevin, I would also suggest resetting your device to factory default. It seems that your device's admin port (4444) might be disabled or configured as a different port (may not be the case as your nmap scan shows only user portal 443 open).

You can also try resetting the default web admin certificate after this (CLI: Main Menu > 2. System Configuration > 4. Reset Default Web Admin Certificate)

Please keep us updated regarding your situation.

Best,

Hey Jimmy Le man 

After performing the admin reset procedure advised above by Jevin, I would also suggest resetting your device to factory default. It seems that your device's admin port (4444) might be disabled or configured as a different port (may not be the case as your nmap scan shows only user portal 443 open).

You can also try resetting the default web admin certificate after this (CLI: Main Menu > 2. System Configuration > 4. Reset Default Web Admin Certificate)

Please keep us updated regarding your situation.

Best,

Okay, I reset the password as suggested, but I still can't get to the webinterface@4444.

I'm starting to question myself here, but I can't think of anything I'm doing wrong(and no, my current pfsense firewall is on the same subnet so thats not blocking it either)

If you reset the appliance, the default IP changes to 172.16.16.16. Try on that IP address. What happens when you type the password in the screen above, go to Network Configurations | interface configurations, now try to access the Web Admin on https://LANIP:4444 and https://WANIP:4444. Any luck with any of the one IP? 

Thanks,

The IP is always assigned by DHCP, after a fresh install and after a reset.

It tried to connect to via 172.16.16.16 and 172.16.16.16:4444 as suggested in other topics, but that did't work and still doesn't.

I can't navigate to Network Configurations, etc because I don't have GUI access.

As sachingurung has mentioned, you can get to the network config by logging in to the console directly using the newly reset password for admin.

Select Option 1:Network Configuration > Option 1:Interface Settings

Once you get the IP, try that.

If that still does not work, go to Option 5 > Option 3 instead to get to the shell.

Run ifconfig | grep PortA and verify that the MAC ADDRESS matches the Victual NIC mac address for your LAN Virtual Switch. If it doesn't, find the Virtual NIC that matches the MAC ADDRESS of PortA and assign it to the correct network where your LAN resides.

The WAN Side the Dynamic IP you keep pointing your browser to does not expose the admin interface <IP>:4444 to the public side of the firewall. Until you perform the steps below you will not be able to access the GUI or the SSH console.

Your screenshot shows that you are running Sophos XG as a VM. If my memory serves me correctly port1 of the firewall will be LAN (172.16.16.16) and port2 will be configured as WAN (DHCP). Since this is a VM login via the console using admin:admin and from the menu select Option 1 (Network Configuration), then Option 1 (Interface Configuration). Take note of the Interface Name, Zone, and IPV4/Netmask values, Hit enter. Follow the prompts and it will ask to Set network Configuration. Here you answer yes.

The goal here is to configure port1 for your LAN with an IP that will allow you to connect from your LAN side of the network.

Also make sure your Network interfaces are properly mapped in ESXI for the interface you want it to be.

Hope this helps.

-Ron 

Hello guys, I was at work all day so I couldn't answer.

The thing is, I can't get anywere near the menu because the admin:admin combination is not working. Even after a fresh install or after a password reset. I can't get to the menu

"Since this is a VM login via the console using admin:admin and from the menu select Option 1 (Network Configuration), then Option 1 (Interface Configuration)."

I can't do that. i can't get to this option.

At the moment the WAN interface is 'disconnected' in VMware, so I only have one interface I can connect to. I wanted to keep it like that until I migrated all settings from pfSense to Sophos.

Did you try by bringing up the console from within ESXi?

From with your ESXi interface (either using the C# thick client or the WebUI for ESXi) select the VM for the Sophos XG and open console for that VM. This will be like you had a keyboard and mouse on physical hardware.

You screenshot shows a password prompt. If this is a fresh install the password is "admin" without the quotes.

-Ron

Yes I did. I made a video to show you the problem:

https://youtu.be/bKQYU2AY2i8

Can you please try setting NIC 1 to VM Network instead of pfSenseWAN?

I think, by default, XG assigns the first NIC as LAN and also, by default, WebAdmin access is disabled on WAN. You have to explicitly enable this once you are in the console.

As to why you can't login on the CLI, this might be something to do with multiple input issue with ESXI console if you don't have VM tools installed. Not sure though.

Video helped.

Jimmy, As Kevin mentioned you have your interfaces revised. pFSenseWAN should be interface2 and Interface1 should be your LAN. Also you never tried to authentication from the console one you were presented with the USER Portal. This would be an indication that the system is live and fully booted.

Also the LAN (Port1) interface is staticly set to 172.16.16.16 until you go and change it from the console.

Hope this helps.

-Ron