This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG - pointopoint configuration - automatic script after boot?

Hello,

i finally got the XG working on a HETZNER datacenter, with pointopoint configuration.

Many thanks to this thread: https://community.sophos.com/products/xg-firewall/f/initial-setup/91528/initial-setup-from-serial-console

But the XG forgets the necessary settings after every reboot, so i need to do this after every boot:

CLI:
1. enter admin password
2. select 5. device management
3. select 3. advanced shell
4. ifconfig Port1 pointopoit gateway-ip-address
5. route add default gw gateway-ip-address

after that i can access the webinterface via WAN.

is there any possibility to automatically do 4. and 5. after a reboot?

I just don't want to do that manually every time.

Any help is appreciated.

Thanks!

This thread was automatically locked due to age.

Top Replies

LuCar Toni over 5 years ago in reply to Markus Schatz +1

XG does not support WAN Point to Point interfaces. Thats the reason, the WEB Gui is prevent to do so. We can achieve this with custom gateway and SD-WAN PBR(Policy based Routing): Create WAN Interface…

Parents

0 emmosophos over 5 years ago

Hello maxUTM,

Thank you for contacting the Sophos Community.

May know the XG model you are using?

XG should save the setting automatically.

Regards,

Emmanuel Osorio

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 maxUTM over 5 years ago in reply to emmosophos

Hi Emmanuel,

thanks for your reply!

I installed the SW-18.0.1_MR-1-Build396-396.iso on a VPS in Hetzner datacenter.

So it's a virtual appliance.

Edit:
The problem is probably, that these nic-settings are necessary:
IP: public-ip-address
netmask: 255.255.255.255
gateway: 172.31.1.1

So, without setting "ifconfig Port1 pointopoit 172.31.1.1" the default gw route can't be added, as the network is not reachable.

so i can't set the changes manually in GUI:

Regards,
Max
Cancel
Vote Up 0 Vote Down

Cancel
0 maxUTM over 5 years ago in reply to maxUTM

just tried again. After a reboot, the XG ist not reachable.

routes after reboot:

error if i try to add default gw route before pointopoint setting:

if i follow these steps, all is working:
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 maxUTM over 5 years ago in reply to maxUTM

just tried again. After a reboot, the XG ist not reachable.

routes after reboot:

error if i try to add default gw route before pointopoint setting:

if i follow these steps, all is working:
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 emmosophos over 5 years ago in reply to maxUTM

Helllo MaxUTM,

Thank you for the follow-up!

In the GUI you need to change the /32 for a /30 then it would allow you to add the IP for the WAN and the Default Gateway for the XG.

But yes this would cause that every time you reboot the device the configuration will get llost.

You need the configuration to look like this

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 maxUTM over 5 years ago in reply to emmosophos

Hello,

thanks for your reply.

I tried this now, but this also doesn't work.

If i change the /32 to a /30 it tells me that "Interface IP and gateway IP address must be in the same network".
So i can't save the settings.
Reason: my wan nic ip-address is a public ip-address provided by the hoster, which usually doesn't match the private subnet 172.31.1.1.

I only get this running if i do step 4. and 5. described above via shell after every boot.

Is there any way to run these two steps automatically?
Cancel
Vote Up 0 Vote Down

Cancel