Cannot access internet on LAN client to complete registration.

Question

Hello all, 
 I've installed the XG Firewall CD on a HP 8200 PC with 3 Intel NICs. I'm trying to get the box preconfigured so I can rip and replace the existing consumer Netgear router/gateway I have installed. On the HP 8200, the first NIC (onboard Intel) is the default LAN config (172.16.16.16), the second NIC is the top jack of an Intel PT Dual GB Adapter. I just have it plugged into my home network switch to simulate a WAN (it got 10.100.0.133 as the "wan" IP from my NetGear). I can ping sites on the internet by IP (8.8.8.8) and name (www.google.com) on both the firewall and the PC behind the LAN NIC but I cannot browser the internet on the PC which therefore doesn't allow my to complete the registration after I entered the serial number on 172.16.16.16:4444. It is supposed to download the latest firmware but it just times out. I'm done a test run in VMware Workstation on my PC by creating a virtual machine for the firewall software and it worked fine but not on physical hardware. Can't seem to figure it out. Anyone have any such issues? 
 Thanks, 
 Roger

smunro622 · Accepted Answer

I tried Sophos 3 yrs ago and hated it as out of the box it required a lot of customization and didn't have time. 
 I built a new box last nite and trying out XG 17.1 on the home version, my Untangle subscription is up in 2 mos. 
 HP SFF 8300 Elite 
 I3 3.0 ghz 
 8 gig Memory 
 256 gig SSD 
 3 Gigabit NICS 
 
 Out of the box i had numerous issues trying to get it registered and finally said skip it and was able to get into the console, looking at firewall rules there is not a FW rule to allow LAN to WAN traffic on any port or protocol. I created the rule for LAN to WAN and did so i could get traffic moving (FAILURE ON SOPHOS). Sophos should have a lan to wan rule allowing http and https traffic by default, i was then able to go in and get the registration completed, I then setup NTP with NIST. Next step was to update the firmware and everything on ADV Threat Tab. 
 After running for a day now i have gone back in and setup bi directional country blocks for Iran, Russia, China, Ukraine, N Korea and Vietnam. 
 I have also added rules to the outbound to block Ads and various other crap. I am going to let this run for a week and then i am going to go back and add DHCP reservations for my streaming devices and allow services for those devices as needed. I really think they need a sticky at the top of the forum for stuff like this

Roger Mialkowski · Answer

Hello, thanks for replying! I do not have anything in the upper right. I had found a workaround though, by not entering the serial number and clicking the checkbox for Do Not Register Now, it will go ahead and download and apply the firmware, reboot, and then I can continue the setup. Once the setup is complete, my LAN device has internet access. I thought I read on the Sophos site that during initial configuration/registration that the internet connection is wide open, but my case finds that not to be accurate. And when I did the test setup on a VM, I also did not enter the serial number which is why I thought it would work on the physical with the serial number entered.