Maybe useful for others as well. I managed to get the XG ISO up and running on a vServer hosted by netcup.de:
- Make sure you have set up a second LAN interface by activating VLAN, netcup calls this option "Cloud vLAN Free".
- Afterwards you will see on your server in section "Allgemein" to entries for "Netzwerk".
For the next steps, we need:
- IP4 address of your server, example 2.48.91.17
- IP4 address of your gateway, example 2.48.93.1 (under section Netzwerk in the Server Control Panel)
- Watch out: the server IP and the gateway IP are in different subnetworks, so later on we use the netmask 255.255.0.0 instead of the more common 255.255.255.0
To stay clean, notice that one of these two MAC address has a IP4/IP6 address, the other does not.
- Make sure you uploaded the needed image and installed the server.
- Connect to command line interface (CLI) via VNC Screen.
- Enter the Sophos XG Firewall on CLI level by using the password (default at the beginning, immediately change it, watch out, for different keyboard layout).
- Once the password is less unsecure, continue:
- Go in option 5 Device Management
- Select Advanced Shell
- Enter the following command to set the external IP4 address of your server to your linked LAN Port:
ifconfig Port1 2.48.91.17 netmask 255.255.0.0 - Enter the following command to set the gateway address as your default gateway:
route add default gw 2.48.93.1
Once this is set, you should now be able to reach your Web Interface in the browser via: https://2.48.91.17:4444
Notice: The ifconfig command references Port1 (watch out, case sensitive). The assumption is, that this port is the one linked to the external IP4 address and its not the internal vLAN port. This can be verified by the command: ip link show
As soon as you can access the Web Interface of Sophos XG, head over to the network section: Edit Port1 (the one we changed on CLI) and set the external IP (2.48.91.17) as its static address.
If you want to make this Port the official WAN port on your Sophos, activate the Web Interface on WAN Ports before applying this category to the Port. Otherwise you will be locked out.
This thread was automatically locked due to age.