Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 62863 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SW-SFOS 15.01.0-376 Installed but on first boot it says to login and accept agreement but i cant get on it??

JohnKenny

I have just installed SW-SFOS 15.01.0-376 and it seemed to finish and rebooted, I was then asked to enter password I entered admin.  Then it said i needed to login and accept the licence agreement.  I assume thats on https://172.16.16.16:4444?  However I cannot access the page, should it show me the URL to goto on the machine itself?  How can i tell if the NIC is working?  It does ask for another password again but when i enter admin it doesnt do anything.

Can anyone help?

Thanks

KL



This thread was automatically locked due to age.
  • 0
    Yes, that's the right URL/address. Make sure you add the appropriate address to your own NIC (I used 172.16.16.41/24). Are you using a VM or hardware? Cables plugged in / switch configured / VLAN configuration perhaps?
  • 0

    By default when I installed it made "Port 1" my internal interface (LAN) and "Port 2" my external interface (WAN) so I had to change my network cable to the other NIC to access the GUI, then once in I was able to change the interfaces around to Port 1- WAN and Port 2 LAN.

    Also make sure you have set the interface on your PC to a IP of 172.16.16.1 or something like that with a gateway of 172.16.16.16.

  • 0
    i also have this problem. I deployed via VMWare ESX 6. Attached it to my VMNet99 (lab). Boot the box up and cant get in. Interestingly enough, in my network 172.16.16.16 is a host literally on the other side of the world - thats already provisioned. Maybe its not a good idea to ship the default config making assumptions about the deployment network environment.

    Now I've got to go talk to the vSphere guys and see if they'll re-route the network for me... wish me luck.
  • 0 in reply to johnsmith3
    You can't put a machine directly on that VLAN? I don't think the address is routable, so you'll have to get the Sophos XG and your console on the same broadcast domain for it to work. Changing routes .... I suggest probably won't help.

    I agree though you should be able to do this sort of basic setup at the console, before you try to get to the web UI.
  • 0
    AFAIK you can't login to the console until you finished the setup wizard only available as a browser application. You should connect Port1 (LAN) to a switch and use another computer to go throught the wizard. I think setup runs a DHCP server and your machine should get 172.16.16.17 if connected properly (at least mine did). Afterwards you need to set a static IP because DHCP setup is not part of setup/activation/registeration process. If you can't get the connection working try setting up a static IP e.g. 172.16.16.17 or something similar.

    And if your are using Chrome or Safari be sure to enter https:// in browser because it will go with HTTP if you will just enter the IP and port.
  • 0 in reply to Slawski
    I ended up doing something along those lines... in vSphere I had to make a new switch; essentially deprovision it from the Lab Network (our network auto provisions based on a bunch of conditions). Set it up as sort of a dumb stand alone. Make a whole new VM Desktop - attach it to the new switch - IP it (didn't know about the DHCP on that interface). Go through the web setup. Drop back in to console as soon as the activation portion was done & log in. Reconfigure the interface to DHCP [vmware reservations], reboot - test connectivity from the "real" network. Destroy the VDI & vSwitch, then move forward with configuration.

    Essentially - build a whole new network in order to make it work. All from not being able to just push "y" on the EULA in the console. Even the whole activation portion is something I feel could've been accomplished in a couple of Y/N prompts and a prompt for your key...
  • 0 in reply to johnsmith3
    I agree that it should be possible to activate the device / appliance using vga or serial console but it is not just for now. I always have Ubuntu ISO nearby for that purpose ;-)
  • 0
    why sophos make the installation sequence not the same as on the UTM? No one need to have a fucking 172.16.16.0/24 net and it is much easier to configure...
  • 0
    Spoiler ----
    I refuse to do further testing of XG as long as this "Error" is not corrected.
    (OK, might be my personal problem.)

    The way UTM 6+7+8+9 did it, was OK.

    172.16, VLANS, separate LAN's or having some uncontrollable DHCP-Server running while setup: Is no discussable solution.....
  • 0

    Hi John,
    I too have experienced the same issues you are suffering from. I installed the SW-SFOS_15.01.0-376.iso onto a UTM 120 and it got to the point where it asks to accept the EULA. At this point I can ping the IP 172.16.16.16 having received a dynamic IP of 172.16.16.17. I couldn't get to the default URL https://172.16.16.16:4444 which should then forward to 172.16.16.16:4444/.../login.jsp.

    At this point i ran a nmap -p 1-65535 -T4 -A -v 172.16.16.16 scan that produced the following results.
    22/tcp open ssh
    443/tcp closed https
    2712/tcp open aocp
    3128/tcp closed squid-http
    4444/tcp closed krb524
    8090/tcp closed unknown
    8094/tcp open ssl/unknown
    9922/tcp open ssl/unknown

    At this point i wondered what services would be up and running if I were to spin this up as a VM so using the same image I got to the point where it asks to accept the EULA and the default URL https://172.16.16.16:4444 forwarded to 172.16.16.16:4444/.../login.jsp.

    I then ran a nmap -p 1-65535 -T4 -A -v 172.16.16.16 scan again on the VM and produced the following results.
    22/tcp open ssh
    443/tcp open ssl/https
    2712/tcp open aocp
    3128/tcp open squid-http
    4444/tcp open ssl/krb524
    8090/tcp open unknown
    8094/tcp open ssl/unknown
    9922/tcp open ssl/unknown

    The install must be aware of the virtual NIC's or lack of in the first case and purposefully close the ports to which the services/daemons are running..

    Maybe the Sophos Team could comment further on this..?