Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1190 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall on Bare Metal PC Hardware: Surgery to Change NIC

BDK

Running Sophos Firewall v18.5.1 on bare metal PC hardware. Preparing to swap 4-port NICs: out with the Intel I350-T4, in with the Intel X710-T4L. My _hope_ is this works as follows:

  • Proper shutdown
  • Remove I350-T4
  • Install X710-T4L
  • Power on
  • New hardware is recognized, new driver used, Sophos Firewall is copacetic
  • A bit of work in Network > Interfaces to stich everything back in place

QUESTION: does Sophos Firewall tackle new hardware (change of NIC) as I imagine above?

Confirmation would be awesome, though I would be sincrelygrateful to know potential gotchas BEFORE performing surgery.

Cheers,
Bruce



This thread was automatically locked due to age.
  • 0

    Hi,

    assuming your new device is a 4  port NIC, then make sure you have a current backup, then make you changes then perform a restore, the only real issue will be your NICs (interface) order might be different from your original.

    Ian

  • 0 in reply to rfcat_vk

    Ian--

    Appreicate the crazy-fast reply AND the positive news! Both the old and new NICs are four port, though I am kinda expecting that the port-to-zone assignments may need to be re-jiggered in Network > Interfaces.

    I'll have a monitor and keyboard attached, just in case I need to access the console.

    Cheers,
    Bruce.

  • 0 in reply to rfcat_vk

    Ian--

    I perform automatic weekly backups, so that won't be an issue. QUESTION: why do you say "make your changes then perform a restore"? Is that a better-safe-than-sorry backup plan (quite prudent!) or are you saying that the restore will be _required_ after changing the NIC?

    Cheers,
    Bruce.

  • 0 in reply to BDK

    Hi Bruce,

    better safe than sorry plan. Also allow the XG to sort out its interfaces.

    Ian

  • 0 in reply to rfcat_vk

    Ian--

    Great guidance. Should the order of the interfaces change, the easiest soltion is to swap a few CAT6A cables.

    In case you are wondering, the X710-T4L will give me 2.5Gbps ports needed today (two WiFi6E access points, one switch) and 5/10Gbps down the road.

    Cheers,
    Bruce.

  • 0 in reply to BDK

    Hi,

    envious, but don't need 10gb on my firewall having a 50/20 internet connection. I tried a 10gbs NAS to my mac mini, but the NAS MB kept killing disks so it is back to a very slow 1gbs system.

    Ian

  • 0 in reply to rfcat_vk

    Ian--

    Xfinity is very good to me: every other year they 'bump' my Internet speed at the same price, to keep ahead of the fiber-to-the-home guys, and I'm currently getting 1500Mbps down.

    My file server is already humming at 2.5Gbps and much of its traffic routes through Sophos Firewall to the (new) WiFi6E access points.

    10Gbps is total overkill, as you correctly observe, now and into the forseeable future. I was unable to identify a four-port 2.5Gbps NIC that is conclusively supported by Sophos Firewall, despite the presence of 2.5Gbps ports on Sophos hardware. So rather than serve as an independent hardware compatibility testing lab, I landed on the X710-T4L.

    Cheers,
    Bruce.