Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 8983 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help on setting up XG Firewall - Plusnet

Super Sausage

Good Morning,

 

I'm just looking for some advice on a few questions I have.

My setup  - Sophos XG installed on here

Router / Server

https://www.amazon.co.uk/Pfsense-Mi5250L-I5-5250U-Ethernet-Fanless/dp/B06XRHS72W/ref=sr_1_3?m=A3NZXFKJ0Y59OU&s=computers&ie=UTF8&qid=1528972856&sr=1-3&refinements=p_6%3AA3NZXFKJ0Y59OU

PlusNet Hub One

https://www.broadbandchoices.co.uk/guides/hardware/plusnet-hub-one

Asus AC750 Router

https://www.asus.com/uk/Networking/DSL-AC750/

Basically I want to ensure both wired devices and wireless devices are fully behind the XG, but I conscious around the risk if the PlusNet Hub One (Which is my router & modem) is doing the WIFI and terminating the internet connection, that the WIFI devices that are connected to it will be at risk as they aren't directly behind the XG. If that makes sense.

In a nutshell I want to know what is the best configuration with my current hardware, to ensure all devices are covered and aren't at risk.

Many thanks



This thread was automatically locked due to age.
  • +1

    Hi Super Sausage,

    If you have an existing Router in place then you may need to check if the connection is ADSL 2 or DSL .If ADSL then you may configure on the WAN port of the SFOS and configure it automatically. You may use your existing router and attach to one of the LAN ports , configure it as a Access Point and SFOS as a DHCP server. 

    Lastly ,if your ISP have a MAC binding enabled from their end. You may simply Change the MAC address in the WAN interface Advance Settings on SFOS.

  • 0 in reply to Aditya Patel

    Thanks,

     

    Will give it a try and give you some feedback !

  • 0 in reply to Aditya Patel

    Hi Finally all my kit has been delivered.

     

    I have fibre and the cable from my telephone socket to the router isn't Ethernet, So I'm not able to use the Ethernet to connect directly to the telephone outlet and use it as a WAN port. Is that what you meant?

    On the second option, you've suggested using it as a accept point and the SFOS as the DHCP server, I take it that's the option I'm going for in this instance? As I don't have a separate modem.

  • 0 in reply to Super Sausage

    Hi,

    Me again.

     

    Got the device setup but I can't reach the internet. 

    The devices are getting DHCP but not getting out. 

    I've setup a basic firewall rule , which is basically Source Any Zone, Any Host, to Destination Any Zone, Any Host, With any service and services set to any, untick match known users and left the others as they were. In my opinion that should have let anything out, it doesn't :(

    Setup configured as follows:

    XG - Port 1 - 192.168.2.200 Static - Network Zone Lan

    Gateway Name: Blank

    Gateway IP: Blank

    IPv6 unticked

    Port 2 - Network Zone WAN - 192.168.2.82 - DHCP

    Gateway Name: DHCP_Port2_GW

    Gateway IP: 192.168.2.200

    PlusNet Route - 192.168.2.254 - DHCP Turned off

     

    XG DNS Settings (Configure>Network>DNS)

    Static

    8.8.8.8

    8.8.4.4

    192.168.2.254

    DNS Host Entry - Blank

    DNS Route Request - Blank

    DHCP Settings (Configure>Network>DHCP)

    Interface: Port 1 - 192.168.2.200

    Gateway ticked 'Use Interface IP as Gateway

     

    Any help would appreciate it

  • 0 in reply to Super Sausage

    I have my XG on plusnet and have done for the last 2 years without any issues, you can ‘double NAT’ but it can cause issues.  I have done it previously and you end up putting the XG in the DMZ to prevent port conflicts etc and it is still a lot of hassle to get working.

    You also cannot use the WiFi on the plusnet router as it will bypass the XG firewall completely.

     

    Personally I would dispose of the plusnet provided router in the nearest WEEE disposal location, or shove it in the draw and forget it ever existed.

     

    I would purchase either a HG612 from eBay can pick them up for £10-£30 or a Draytek Vigor 130.  Both are stand alaone VDSL modems as the router functionality needs to be provided by your XG.  These modems then manage the VDSL link and the XG manages the PPPoE logon,

     

    I purchased a HG612 and unlocked/upgraded it using the Kitz instructions/firmware.  You can buy them pre-upgraded from eBay.

     

    All you then need to do is:

    On your WAN connection, set it to a PPPoE connection and use yourplusnetusername@plusdsl.net and your plusnet password.

    It will then connect and give you the wan IP straight to the WAN connection of your router.

     

    You then need to set up LAN, DNS and firewall rules appropriately (outgoing firewall rule, set dns servers and set LAN addresses up)

     

    You will also need a WiFi Access point, to give you wireless on your home lan.

     

    I hope this helps

     

    Ian