Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 2251 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Install XG Home on Protectli fw2b device

Robert Molina

I am trying to configure XG home on a Protectli Vault fw2b device. XG Home software is SFOS 18.0.1 MR-1-Build386.

It installed successfully and I was initially able to access it using SSH, but could not access it using the browser to its IP address 192.168.10.1:4444.  I have attempted to change the IP addresses, but still no success. When I connect my laptop to the LAN port, I get link and activity lights, but I cannot ping it at all right now.  Here is the results from running  arp -a

Interface: 192.168.10.2 --- 0x29
  Internet Address      Physical Address      Type
  192.168.10.255        ff-ff-ff-ff-ff-ff     static
  224.0.0.22            01-00-5e-00-00-16     static
  224.0.0.251           01-00-5e-00-00-fb     static
  224.0.0.252           01-00-5e-00-00-fc     static
  239.255.255.250       01-00-5e-7f-ff-fa     static
  255.255.255.255       ff-ff-ff-ff-ff-ff     static

At this point, I am clueless what my next step should be. Should I reinstall the XG software?

When I built my first XG home firewall, I had to create a bridge for the LAN to work. Can anyone provide me with assistance?

Thank you in advance.

Robert



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

    you don't need a bridge to connect to your device.

    Does your PC get an IP address from the XG. How did you connect the XG to change the IP address?

    Sounds like you are trying to connect to the external interface which is disabled for external access by default.

    Ian

  • 0 in reply to rfcat_vk

    I connected to the Protectli device, using USB keyboard and HDMI video out. So really just like it was a computer. When I first installed the Sophos firmware, I did the same thing, but I was able to SSH as if I consoled in, but was never able to connect to it using the browser. My PC doesn't get an IP from the XG. I statically configure the IP addresses, I give the 192.168.10.1 255.255.255.0 to the LAN or Port 1 and then 192.168.10.2 255.255.255.0 to the PC. If you are referring to the WAN or Port 2, no I am not trying to connect using that interface.

    Thank you for responding so quickly, much appreciated.

Reply
  • 0 in reply to rfcat_vk

    I connected to the Protectli device, using USB keyboard and HDMI video out. So really just like it was a computer. When I first installed the Sophos firmware, I did the same thing, but I was able to SSH as if I consoled in, but was never able to connect to it using the browser. My PC doesn't get an IP from the XG. I statically configure the IP addresses, I give the 192.168.10.1 255.255.255.0 to the LAN or Port 1 and then 192.168.10.2 255.255.255.0 to the PC. If you are referring to the WAN or Port 2, no I am not trying to connect using that interface.

    Thank you for responding so quickly, much appreciated.

Children
  • 0 in reply to Robert Molina

    How did you change the XG LAN IP address range, did you enable aDHCP server? Wha settings are you using to XG interface, sounds like a mismatch and you are not connecting? Try putting a switch between your PC and the XG.

    Ian

  • 0 in reply to rfcat_vk

    I did not use a DHCP server. When you attach monitor and keyboard like a computer, you can configure the Network Interfaces as if you were using SSH. That I how I configured it. I even used Advanced shell to verify that Port 1 (LAN) had the IP address that I configured. The next thing I could do is to console in and do the configurations. The one thing that I am thinking is that the NIC on the Protectli Vault went bad. As for putting a switch between the PC and the XG is a no go, since I don't have one. 

  • 0 in reply to Robert Molina

    This might seem like a dumb question, but how are you going to connect devices to the XG?

    Ian

  • 0 in reply to rfcat_vk

    Well, that is what I am trying to fix/work on. Right now I can't which is why I reached out to the community. My reason for asking is to see if anyone else has run into this problem before. When I used an old computer, I was able to get in through the web gui, but for some reason I am not able to. I am going to have to try using the console port on the Protectli device and see if I can see what is happening. If this was Sophos support like I have for the obsolete XG85 I have, they would have told me to console in. I couldn't because I don't have a serial to usb cable to connect to the console cable that I have. I hope this answered your question. It is just frustrating that even when I could initially console in via the LAN IP, I couldn't get in through the web ui using port 4444. 

  • 0 in reply to Robert Molina

    Try reinstalling it and don’t change the default address.

    ian

  • 0 in reply to rfcat_vk

    I did that yesterday. I verified the default address that Sophos comes with 172.16.16.16 and configured my PC to have the IP address 172.16.16.15. I still was not able to connect to the device. I could not ping the IP and I couldn't ping from the device to my PC. I was also unable to SSH in of course. At this point, I will have to console into the device and see if I can effect any changes. I will also be contacting Protectli for assistance.

  • 0 in reply to Robert Molina

    Hi,

    this does not make sense! If the NIC is working correctly you should receive an IP address from thew XG, sounds like ae you suggested earlier the NIC has failed.

    Ian

  • 0 in reply to rfcat_vk

    Good morning! Well, I have it working, but still need to configure the firewall rules and policy. First, here is what happened:

    The Protectli Vault fw2b has WAN and a LAN ports. When the Sophos firewall software is installed, the WAN port becomes port 1 and the LAN port becomes port 2. This effectively switches their roles. Once I plugged in my PC to the WAN port, I was able to connect via SSH and web gui. Thank you for putting up with this issue. Protectli told me that it happens, so now everything is okay.

    Questions in regards to Sophos XG configuration. Can my backed up configuration from the old XG85 (17.5.x) to this Sophos home running 18.0.6.1? Can I restart the configuration wizard so that I can choose the least protection and then build from there? When the configuration wizard came up, I checked all the boxes and now I have a firewall that is too restrictive and won't even let webmail access.

    Thank you again.

  • 0 in reply to Robert Molina

    Hi,

    the backup will only work if the devices have the same number of interfaces.

    The XG software installs based on NIC positioning within the hardware of the motherboard not on naming conventions.

    You can make the changes to the default rules in the GUI without needing to use the configuration wizard.

    Ian

  • 0 in reply to rfcat_vk

    Thank you. I will just have to work on the default rules and policies.