Thread Info
  • State Suggested Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 66 replies
  • Answers 3 answers
  • Subscribers 51 subscribers
  • Views 266172 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall Home Edition on SG Hardware

HL2

Hello,

is it possible the XG Firewall Home Edition run on a SG Hardware Appliance?

Thanks



This thread was automatically locked due to age.
Parents
  • 0
    I get running Sophos XG on a ASG120 rev.4 :)
  • 0 in reply to Nemo
    Hi Nemo, Please can you advise how you managed to get this working.
    Many thanks..
  • 0 in reply to TonyPemberton
    First you need to delete all partitions (you can do it with Acronis DiskDirector or MiniTool Partition Software). After this I installed the software ISO with a USB CD-ROM, not a special thing.
  • 0 in reply to Nemo
    Hi Nemo,
    Thanks for getting back to me.

    I've installed the SW-SFOS_15.01.0-376.iso onto a UTM 120(Not sure of the version till i'm home) and it got to the point where it asks to accept the EULA. At this point I can ping the IP 172.16.16.16 having received a dynamic IP of 172.16.16.17. I couldn't get to the default URL https://172.16.16.16:4444 which should then forward to 172.16.16.16:4444/.../login.jsp.

    At this point i ran a nmap -p 1-65535 -T4 -A -v 172.16.16.16 scan that produced the following results.
    22/tcp open ssh
    443/tcp closed https
    2712/tcp open aocp
    3128/tcp closed squid-http
    4444/tcp closed krb524
    8090/tcp closed unknown
    8094/tcp open ssl/unknown
    9922/tcp open ssl/unknown

    At this point i wondered what services would be up and running if I were to spin this up as a VM so using the same image I got to the point where it asks to accept the EULA and the default URL https://172.16.16.16:4444 forwarded to 172.16.16.16:4444/.../login.jsp.

    I then ran a nmap -p 1-65535 -T4 -A -v 172.16.16.16 scan again on the VM and produced the following results.
    22/tcp open ssh
    443/tcp open ssl/https
    2712/tcp open aocp
    3128/tcp open squid-http
    4444/tcp open ssl/krb524
    8090/tcp open unknown
    8094/tcp open ssl/unknown
    9922/tcp open ssl/unknown

    Is the install aware of the virtual NIC's or lack of in the first case and purposefully close the ports to which the services/daemons are running..?
  • 0 in reply to TonyPemberton
    Normally the WebAdmin needs to be reachable when the device answers pings or portscans. I saw some threads about browserproblems. Did you test another browser?
  • 0 in reply to Nemo
    Hi Nemo,

    It's definitely not a browser issue.. The first set of port scans i submitted were for the UTM 120 version5 and the Web Admin ports were closed. The second set of port scan was a VM and the Web Admin ports were open.

    I don't suppose you have a version 5 you can test and see how it goes?
    I did pose this question to Sophos themselves but no one has come back to me..
  • 0 in reply to TonyPemberton

    Hi Tony,

    I tested it for you and it's working:

    I installed the SFOS 15.01.0-376 Software ISO for Home purpose. Keep in mind that it's eth4 for "Port1" to reach the WebAdmin!

  • 0 in reply to Nemo
    OMG Thanks Nemo for doing this (It's like Sophos Porn!! :)) I'm aware of the ports reversing, as stated earlier.. I have the port right as i get a dynamic IP on the correct range.. And i can ping the 172.16.16.16 IP.. I wonder if this is a revision issue.. Its a bit bizzare this scenario.. I'm going to try and get my hands on a rev4 and try again. This is a pretty straight forward process..
  • 0 in reply to TonyPemberton
    I did this on a Sophos UTM 120 Rev 5 as well.. As previously mentioned, the NIC order has been reversed... I will give SG105 Rev 2 a try tommorow.
  • 0 in reply to KennethHolmqvist
    I Have tried on my SG105 and it's of course not working. I tried unplugging the ssd disk to see if there's something on the harddrive telling the installer that it's an appliance. I have tried looking in the BIOS to see if the serial number from the label on the bottom is in there somewhere, but it seems like it's not. I can't find it anyways.

    I have tried installing the old Copernicus Beta 2 to see if i could use my home license with that, but it's reading my serial number from somewhere and won't allow me to change it..

    The last discovery i did is that the bootloader isn't installed on the ssd disk.. I got the choose firmware prompt and starting firmware 15.0.XX when the ssd disk was wiped by dd. It did of course not start since the disk was cleared, but it tried.. So that must indicate that the bootloader is installed somewhere else.
  • 0 in reply to KennethHolmqvist

    So presently you have a non functioning 105?

    Is there by change not a hidden partition you are not seeing with the bootloader or can you get to the bootloader without the drive plugged?

Reply Children
No Data