Need Information: What is needed for Remote Access to a XG with factory default settings and no internet?

There are plenty ways to do it. 

For example a mobile phone, connected to a device which is connected to the XG is a valid way to provide access. 

Maybe the reason for your support request would be good to know. If the appliance "seems" to be factory reset ( for example HA AUX is booting without config), there are still Log files and other information stored on the hard disk.

Those Log files are important to know, what is going on. 

If you see reboots or kernel panic, a PC connected to the serial/comm port would be nice to protocol, what is the reason for the kernel panic. 

Hi,

i update MR14 to MR14-1 and it´s restored to factory settings after the reboot.
The SMTP Policies Rules has a MIME Filter enabled and this faild the upgrade process.

Even if the File Protection is disabled and saved.

Third Level has currently no idea and wants to have a remote session to this XG ..

Provide the Backup file with password and on which appliance this runs. This needs to be fixed in the firmware of XG itself, not on a appliance. 

All this is already at Sopshos Support.
I told them its an SG210r1 but they are testing againg XG 230.
I told them they are wrong, but they insist a XG 230 would be fine for testing.

Very frustrating.

They insist that i need to upload a firmware into slot 1 and boot from this slot...
My distributor in Marburg says, this will not work at all.

Sophos send me a Video in a very strange AVI format, to prove that a XG 230 can restore my backup.
But this AVI/RASC Format is unknow to most codecs. I can´t view this.

Must be some cheap Indian hacked codec...

XG230 is perfectly fine to import your backup. Especially it does not matter, which hardware you use.

You can import a SG SFOS Backup into a XG Hardware. There is no reason, why not. So the issue is your configuration database. This should be reproducible with a XG230. 

So you are saying, this is not reproducible? Because you are talking about the restore process, which as explained, works fine. 

yes, sophos can´t reproduce this behavior with a XG 230.

I can´t restore this backup into a virtual SFOS (17.5.14). log says that a SG210 backup can´t be restore into SFOS ...

See https://support.sophos.com/support/s/article/KB-000036245?language=en_US for more information. 

What happen, if you reimage your appliance with the current installation and restore the backup? This should actually resolve your problem. There is some old data in your config database, conflicting with the migration. 

The matrix seems to be incorect, as i can´t restore a SG210r1 Backup into a virtual SFOS.

SG210r1 has 6 physical NIC´s without Flexi Port. And some VM´s i tried had 6 NIC. And i can´t create a Hyper-V with more than 8 v NIC s. I needed to ad Legacy NIC´s to the VM, but this give more problems. 

I tried that more than once, most of the time the debug log in SFOS claims, that a SG210 can´t be restore ...

What do you meen with reimage?

The Matrix shows "NO" for backup from 1U/2U Appliances to a virtual Appliance. 

If you use a ISO stick and simply reinstall the XG firewall. This will reset the configuration database. Importing your Backup should resolve this issue going forward. 

Another approach would be, to let Sophos Support edit the configuration database and start to investigate, why there are configuration settings in your database, which cannot be migrated. Seems to be a (very?) old setting, which is not be usable anymore. 

I read the matrix with the Flexi Port Option in a different way...

without Flexi module option = there is no module installed!

So if the "not installed module" means, that a SG/XG 210 can´t have 14 NIC´s i understand that it doesn´t work.

But it was possible to me to restore into a virtual SFOS with 11 NIC´s (i will try again).

Sophos has the ticket since 05.09 and they don´t talk about editin some database...

So maybe if i just remove the MIME selection but keep File Protection enabled, the database might be good.
I will see / test this in 75 Minutes ...

The matrix is showing the size of the appliance. Separated between 1U/2U Appliances and Desktop appliances. (One with flexiport the other without). 

So Support cannot access your appliance? Because such changes are likely firstly to be investigated via Support channel before going into the config database. 

I will try to give them acces, but they had access for about a week, and i don´t know if they did this already.
They only checked some things and told me to disable the MIME settings in the policy.

I will try a forth time today and maybe we can get an remote access over a second WAN connection.

Would a "Wipe Disk" with a USB Stick (Tool) of the appliance and a reinstall of 17.5.12 work?
Reload the Backup and "ALL Settings" will be back?

I will try to give them acces, but they had access for about a week, and i don´t know if they did this already.
They only checked some things and told me to disable the MIME settings in the policy.

I will try a forth time today and maybe we can get an remote access over a second WAN connection.

Would a "Wipe Disk" with a USB Stick (Tool) of the appliance and a reinstall of 17.5.12 work?
Reload the Backup and "ALL Settings" will be back?

Hi, good news.

The new attempt faild the same way, but i connect to the factory default XG 17.5.14-1 an uploaded the MR14 backup.
The one without the MIME white list Filters and SMTP Policy File Protection still enabled.

After some endless minutes the XG 17.5.14-1 was back again and accepted the old MR14 backup file.

If i check the MIME whitelist i see what sophos did.
They changed the default MIME whitelist filters.

I think all is fine now.

Thanks for your Help LuCar Toni!