Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 30 subscribers
  • Views 1759 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG - pointopoint configuration - automatic script after boot?

maxUTM

Hello,

i finally got the XG working on a HETZNER datacenter, with pointopoint configuration.

Many thanks to this thread: https://community.sophos.com/products/xg-firewall/f/initial-setup/91528/initial-setup-from-serial-console

But the XG forgets the necessary settings after every reboot, so i need to do this after every boot:

CLI:
1. enter admin password
2. select 5. device management
3. select 3. advanced shell
4. ifconfig Port1 pointopoit gateway-ip-address
5. route add default gw gateway-ip-address

after that i can access the webinterface via WAN.

is there any possibility to automatically do 4. and 5. after a reboot?

I just don't want to do that manually every time.

Any help is appreciated.

Thanks!



This thread was automatically locked due to age.
  • 0

    Hello maxUTM,

    Thank you for contacting the Sophos Community.

    May know the XG model you are using?

    XG should save the setting automatically.

    Regards,

    Emmanuel Osorio

  • 0 in reply to emmosophos

    Hi Emmanuel,

    thanks for your reply!

    I installed the SW-18.0.1_MR-1-Build396-396.iso on a VPS in Hetzner datacenter.

    So it's a virtual appliance.

    Edit:
    The problem is probably, that these nic-settings are necessary:
    IP: public-ip-address
    netmask: 255.255.255.255
    gateway: 172.31.1.1

    So, without setting "ifconfig Port1 pointopoit 172.31.1.1" the default gw route can't be added, as the network is not reachable.

    so i can't set the changes manually in GUI:

    Regards,
    Max

  • 0 in reply to maxUTM

    just tried again. After a reboot, the XG ist not reachable.

    routes after reboot:

    error if i try to add default gw route before pointopoint setting:

    if i follow these steps, all is working:

  • 0 in reply to maxUTM

    Helllo MaxUTM,

    Thank you for the follow-up!

    In the GUI you need to change the /32 for a /30 then it would allow you to add the IP for the WAN and the Default Gateway for the XG.

    But yes this would cause that every time you reboot the device the configuration will get llost.

    You need the configuration to look like this

    Regards,

  • 0 in reply to emmosophos

    Hello,

    thanks for your reply.

    I tried this now, but this also doesn't work.

    If i change the /32 to a /30 it tells me that "Interface IP and gateway IP address must be in the same network".
    So i can't save the settings.
    Reason: my wan nic ip-address is a public ip-address provided by the hoster, which usually doesn't match the private subnet 172.31.1.1.

    I only get this running if i do step 4. and 5. described above via shell after every boot.

     

    Is there any way to run these two steps automatically?

  • 0

    Hey Max, ich stehe gerade vor dem selben Problem. Konntest du es lösen? Gruß Markus

  • 0 in reply to Markus Schatz

    XG does not support WAN Point to Point interfaces. Thats the reason, the WEB Gui is prevent to do so. 

    We can achieve this with custom gateway and SD-WAN PBR(Policy based Routing):

    Create WAN Interface base static route for gw IP in different subnet.
    Add a custom Gateway for gw IP. Use that custom gw in PBR.

    So basically configure the Interface as a normal interface.

    Create a route / gateway for this interface to WAN. 

    Use PBR or static routing to route everything to that direction.