Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 33 replies
  • Subscribers 29 subscribers
  • Views 21005 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VM setup for XG Firewall Home Edition

RayGo1975

I am using ProxMox VE on an HP pavilion laptop with one internal NIC and a USB-NIC adapter.

In my ProxMox setup I have the internal NIC (eno1) bridged to vmbr0 and the USB-NIC (enx.....) bridged to vmbr1. In creating the VE for Sophos XG Firewall Home Edition I have 6 GB of memory, 64 GB of disk space and two Network Interfaces, net0 (vmbr0) and net1 (vmbr1) see attached screen shot of the VM configuration.

In the e-mail I got with my serial number it says:

1. Install the downloaded image on your preferred hardware or virtual environment (Note the installation will overwrite the previous operating system and all files).

2. Connect the WAN interface (port 2) on the device to your internet connection.

3. Connect a computer to the LAN interface (port 1) and access the setup screen at 172.16.16.16:4444 (Note: It may take a few minutes for the necessary services to start before the setup screen is ready)

I have done number one. but I have not figured out which interface is port 1 and which is port 2. I have tried plugging the internal NIC (eno1) into my router and the USB-NIC into my laptop I am using to manage the VM. That did not work so I tried it the other way around, still no luck. 

When I try to go to the IP address given I get "This site can't be reached". 

You really need to write some instructions for the home user who is clueless about networks and things related to firewalls.

Here is a screen shot of my ProxMox network setup:

Any and all help is greatly appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi there,

    The first thing I notice is that both you WAN IP and LAN IP on on the same subnet.... it might just be for testing but the firewall needs to be configured as a router so you would have to have the LAN on another subnet at least  eg. 192.168.2.X or 3.X.

    I assume you are going this as you are testing the firewall inside your existing network... this will work but know that you are creating a double NAT situation so some stuff is a lot harder to configure with double NAT. (eg...VOIP)

    Secondly I notice that you have configured your NICS on Promox as e-1000 network cards....did you do that because the other didnt work?   the default should be virtio as these use way less resources and work well.

    You are not alone being frustrated knowing which port is lan and which is wan...once you get access to the GUI you only get Port1 and Port2 as descriptions,   the easiest way to figure out what is what is to unplug one and configure the WAN first....you can use the console within proxmox and then use the menu options within Sophos to configure the WAN interface IP.

    Hope this helps

  • 0 in reply to TrevorSymonds

    Thank you for your response. I am learning more and more about networking as I go about this project.

    TrevorSymonds said:
    The first thing I notice is that both you WAN IP and LAN IP on on the same subnet.... it might just be for testing but the firewall needs to be configured as a router so you would have to have the LAN on another subnet at least  eg. 192.168.2.X or 3.X.

    I have changed the static IP for the USB-NIC to 192.168.2.202. 

    TrevorSymonds said:
    I assume you are going this as you are testing the firewall inside your existing network... this will work but know that you are creating a double NAT situation so some stuff is a lot harder to configure with double NAT. (eg...VOIP)

    No VOIP or other complicated network issues, this is a simple home network.

    TrevorSymonds said:
    Secondly I notice that you have configured your NICS on Promox as e-1000 network cards....did you do that because the other didnt work?   the default should be virtio as these use way less resources and work well.

    I have changed the NICS to virtio, just a case of not knowing what the heck I am doing.

    TrevorSymonds said:
    You are not alone being frustrated knowing which port is lan and which is wan...once you get access to the GUI you only get Port1 and Port2 as descriptions,   the easiest way to figure out what is what is to unplug one and configure the WAN first....you can use the console within proxmox and then use the menu options within Sophos to configure the WAN interface IP.

    That gets into how do I get to the Sophos GUI? I have plugged the firewall directly into my other laptop and tried to go to 192.16.16.16:4444 as instructed in the e-mail that came with my serial number. Do I also need to disable my wireless card on the connected PC so it only can see the Firewall? I have not tried that yet.

  • 0 in reply to RayGo1975

    Ok thanks for that....I see another error/problem..... You have turned the firewall on...meaning you have a firewall in front of the firewall....so you will not every get to the GUI.

    You need to click on your sophos vm....then goto option in firewall and make sure that it is set to "NO"

     

    Here is mine:

    Its hard enough to set up sophos you definelty dont want this on!!!

  • 0 in reply to TrevorSymonds

    I will do that... that is what you get for working with someone who has no clue what they are doing.

  • 0 in reply to RayGo1975

    Firewall was set to no, did not need to change it.

  • 0 in reply to RayGo1975

    Give yourself some credit....you have done amazingly well to get proxmox up and running as it is not easy.   When you throw sophos into the mix, its rocket science

  • 0 in reply to RayGo1975

    Ok...mmh so when you click on hardware on the Sophos VM and look at the NICS.....if definelty DOES NOT say Firewall=1?

  • 0 in reply to TrevorSymonds

    On the hardware tab it does say firewall=1 for the NICs but in sophos firwall>options it says no

  • 0 in reply to RayGo1975

    I may have found it. in the PVE firewall>options it said yes. I changed it to no and am rebooting.

  • 0 in reply to RayGo1975

    This is strange. both PVE>firewall>option and sophos>firewall>option are set to no. but even if I delete the NICs in sophos and put them back in they come back as firewall=1. 

  • 0 in reply to RayGo1975

    found it... when you go into edit the network device on sophos there is a little check box that is labeled, firewall. as soon as I unchecked it the firewall=1 went away.

    going to try the ping test again.

  • 0 in reply to RayGo1975

    You might have to restart sophos....when you change stuff on the VM nics.....sometimes it doesnt take till you shutdown the VM and restart it....

    But as long as the sophos VM doesnt say firewall=1 after reboot or after NIC change you should be OK

Reply Children
No Data