Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 24 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 90693 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos xg home install password? (no, its not "admin")

Jimmy Le man

Can someone enlight me? I'm trying to install it on an ESX environment for over two hours now...

During installtion I'm asked to provide a password, but where can I find it? Its not the serial number, and its not any password I can find or remember.. And I can't find it in any mail i received.



This thread was automatically locked due to age.
Parents
  • 0

    Hi there.

    Any XG firewall I have setup in the past has always been

    username: admin

    password: admin

    as default from initial bootup. if its not that somehow it has been changed or become corrupt.

    I take it you followed to the letter the Startup guide?

    docs.sophos.com/.../Sophos Firewall Virtual Appliance Getting Started Guide.pdf

  • 0 in reply to dark moon

    So the installation has to be corrupt. I will reinstall it.

    Al the info I gathered was from these forums with the help of DuckDuckgo.com.

  • 0 in reply to FloSupport

    Okay, I reset the password as suggested, but I still can't get to the webinterface@4444.

    I'm starting to question myself here, but I can't think of anything I'm doing wrong(and no, my current pfsense firewall is on the same subnet so thats not blocking it either)

     

     

     

  • 0 in reply to Jimmy Le man

    If you reset the appliance, the default IP changes to 172.16.16.16. Try on that IP address. What happens when you type the password in the screen above, go to Network Configurations | interface configurations, now try to access the Web Admin on https://LANIP:4444 and https://WANIP:4444. Any luck with any of the one IP? 

    Thanks,

  • 0 in reply to sachingurung

    The IP is always assigned by DHCP, after a fresh install and after a reset.

    It tried to connect to via 172.16.16.16 and 172.16.16.16:4444 as suggested in other topics, but that did't work and still doesn't.

    I can't navigate to Network Configurations, etc because I don't have GUI access.

  • 0 in reply to Jimmy Le man

    As has mentioned, you can get to the network config by logging in to the console directly using the newly reset password for admin.

    Select Option 1:Network Configuration > Option 1:Interface Settings

    Once you get the IP, try that.

    If that still does not work, go to Option 5 > Option 3 instead to get to the shell.

    Run ifconfig | grep PortA and verify that the MAC ADDRESS matches the Victual NIC mac address for your LAN Virtual Switch. If it doesn't, find the Virtual NIC that matches the MAC ADDRESS of PortA and assign it to the correct network where your LAN resides.

  • 0 in reply to Jimmy Le man

    The WAN Side the Dynamic IP you keep pointing your browser to does not expose the admin interface <IP>:4444 to the public side of the firewall. Until you perform the steps below you will not be able to access the GUI or the SSH console.

    Your screenshot shows that you are running Sophos XG as a VM. If my memory serves me correctly port1 of the firewall will be LAN (172.16.16.16) and port2 will be configured as WAN (DHCP). Since this is a VM login via the console using admin:admin and from the menu select Option 1 (Network Configuration), then Option 1 (Interface Configuration). Take note of the Interface Name, Zone, and IPV4/Netmask values, Hit enter. Follow the prompts and it will ask to Set network Configuration. Here you answer yes.

     

    The goal here is to configure port1 for your LAN with an IP that will allow you to connect from your LAN side of the network.

     

    Also make sure your Network interfaces are properly mapped in ESXI for the interface you want it to be.

     

    Hope this helps.

    -Ron 

  • 0 in reply to rrosson

    Hello guys, I was at work all day so I couldn't answer.

    The thing is, I can't get anywere near the menu because the admin:admin combination is not working. Even after a fresh install or after a password reset. I can't get to the menu

    "Since this is a VM login via the console using admin:admin and from the menu select Option 1 (Network Configuration), then Option 1 (Interface Configuration)."

    I can't do that. i can't get to this option.

    At the moment the WAN interface is 'disconnected' in VMware, so I only have one interface I can connect to. I wanted to keep it like that until I migrated all settings from pfSense to Sophos.

  • 0 in reply to Jimmy Le man

    Did you try by bringing up the console from within ESXi?

    From with your ESXi interface (either using the C# thick client or the WebUI for ESXi) select the VM for the Sophos XG and open console for that VM. This will be like you had a keyboard and mouse on physical hardware.

    You screenshot shows a password prompt. If this is a fresh install the password is "admin" without the quotes.

     

    -Ron

  • 0 in reply to rrosson

    Yes I did. I made a video to show you the problem:

     

    https://youtu.be/bKQYU2AY2i8

  • 0 in reply to Jimmy Le man

    Can you please try setting NIC 1 to VM Network instead of pfSenseWAN?

    I think, by default, XG assigns the first NIC as LAN and also, by default, WebAdmin access is disabled on WAN. You have to explicitly enable this once you are in the console.

    As to why you can't login on the CLI, this might be something to do with multiple input issue with ESXI console if you don't have VM tools installed. Not sure though.

  • 0 in reply to Jevin Lizardo

    Video helped.

    Jimmy, As Kevin mentioned you have your interfaces revised. pFSenseWAN should be interface2 and Interface1 should be your LAN. Also you never tried to authentication from the console one you were presented with the USER Portal. This would be an indication that the system is live and fully booted.

    Also the LAN (Port1) interface is staticly set to 172.16.16.16 until you go and change it from the console.

     

    Hope this helps.

    -Ron

Reply
  • 0 in reply to Jevin Lizardo

    Video helped.

    Jimmy, As Kevin mentioned you have your interfaces revised. pFSenseWAN should be interface2 and Interface1 should be your LAN. Also you never tried to authentication from the console one you were presented with the USER Portal. This would be an indication that the system is live and fully booted.

    Also the LAN (Port1) interface is staticly set to 172.16.16.16 until you go and change it from the console.

     

    Hope this helps.

    -Ron

Children
  • 0 in reply to rrosson

    Hello guys, sorry for the late reply! I come home late yesterday so I couldn't try it out.

    I changed the interfaces but now the network isn't coming up anymore.

     

    I will reinstall the appliance when I get back home later today and try again.

    Thank you very much for all the help so far! 

  • +1 in reply to Jimmy Le man

    In Your first screenshot (VM Configuration) you only have Port1 (LAN) connected this IP is statically set to 172.16.16.16 until you can login via the console and change the network settings like I mentioned in a previous post in this thread.

    With Port2 (WAN) not connected you will not be receiving an IP address handed out by your pFSense firewall. Also keep in mind this will only give you access to the user portal (https://dhcp-ip) and not the admin portal (https://172.16.16.16:4444) which only listens on Port1. 

    Before you re-install you have two options:

    1. Attempt to login via the console from ESXi with the password of admin and change your network settings on Port1 to match your internal network to allow you to access (https://local-ip:4444)
    2. Build a VM that will run a web browser and attach it to the same interface as that you are using for Port1 of your XG Firewall. This VM will get an IP address from the XG VM (its running DHCP Server on this interface). In this newly created VM open the browser and have it go to (https://172.16.16.16:4444) and follow the instructions on the screen.

    Be sure to give the XG VM a few minutes to start all its services since you are only giving it two cores and 2 Gigs of RAM.

     

    Hope this gets you closer.

    -Ron

  • 0 in reply to rrosson

    Finally! I'm able to login! :)
    It wasn't without a fight, but its up and running.

    I changed the subnet from a running VM to 172.16.16.0/8 and then I was able to access the admin portal. (But only after resetting the password again) admin+admin was not working.

    Also, This was the first time -after all these reboots- I saw the EULA agreement I had to accept. After I pressed 'A' to accept I was finally able to change the network settings you guys were talking about.. So I don't think this is normal behavior? Or I'm missing something.

    It was confusing me that you can acces the user portal via the DHCP assigned IP but you can't access the admin portal via the same IP. And the fact that you can't change any network settings in the console once the machine is booted, only after you accepted the EULA, the settings are visible, made it difficult for me to get round this.

    So I would like to say BIG THANK YOU to all of you who helped me solve this "problem". This is really (one of) the most helpful forums I ever came across!

    Jimmy

     

  • 0 in reply to Jimmy Le man
    Glad That I was able to help and Thank you for marking this thread as solved. Enjoy your weekend and playing with your Sophos XG. :) -Ron