Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 28 subscribers
  • Views 995 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Failsafe after flash with 18.0.5 MR-5-Build586 and implement an Sophos XG Config from an Sophos SG appliance

Randy Randolf

Hello,

Since we wanted to completely redo a firewall, we installed the XG OS on a Sophos SG 125 Rev. 1 and created the configuration there. When we were done, we flashed our Sophos XG 125 Rev. 3 with the latest firmware 18.0.5 MR-5-Build586 and applied the configuration there.

The default SNAT rule didn't work, so we created a new one with exactly the same settings and also a S2S VPN to Azure could be connected, but only after hours of traffic.

The firewall itself starts in failsafe mode with the reason "unable to apply nat rules".

Can the problem come from the different name of the interfaces ? At SG they are internally called ETH0 etc. and at XG Port1 etc.



This thread was automatically locked due to age.
Parents
  • 0

    Actually this case should be covered by backup/restore. Maybe there is something odd in your backup, but i cannot recall any open issue. You should get a support case and provide the affected backup file to investigate this further. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I think its a bug by migrate from an SG with XG OS to an XG with XG OS

  • 0 in reply to Randy Randolf

    This is a usual use case and is done plenty of times per day. So there is no known issue in the current version. (Customers basically moving from SG hardware base to XGS or XG). 

    And this is tested and works fine. There seems to be something broken within your config. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    But a "converted" SG will name the ports "PortE0", "PortE1", ... where an original XG names it "Port1", "Port2"...
    That did never made any sense to me since the underlying hardware was at least at some time the same.

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

Reply
  • 0 in reply to LuCar Toni

    But a "converted" SG will name the ports "PortE0", "PortE1", ... where an original XG names it "Port1", "Port2"...
    That did never made any sense to me since the underlying hardware was at least at some time the same.

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

Children
Cookie Information Banner