how to install a XG home image on a modern hardware ?

So what hardware (other than a Sophos Appliance) will work with the latest build of XG.  I just bought a brand new Dell T150 and it doesn't have a legacy option.  We have used our own hardware for at least 10 years on Sophos firewalls.  Now I am screwed if the hardware fails and I have 4 firewalls.  Any help on the best hardware to use for XG would be appreciated. Thanks.

Hi,

you need to select a motherboard that has the legacy option and build your own box. from memory, there is a nice asus server mb that has the legacy option.

ian

Hi,

you need to select a motherboard that has the legacy option and build your own box. from memory, there is a nice asus server mb that has the legacy option.

ian

Thank you for the response.  I just want to buy a server that will support this firewall.  Due to hardware failure in the past I need 1 live and 1 spare for each of my 4 offices.  I would rather buy something already built and have all the devices the same.  Does anyone have a modern Dell, HP or other brand server or workstation that works with XG?  Even one of the new mini PC would be nice as well for my smaller offices. Thanks.

Depends on your location ,qotom for apac and there is a British based company that all do small foot print devices with at least 4 supported intel nics.

ian

I am in the USA but I have locations around the world.  I have a new appliance device with 4 Intel network network cards built in. That device installs and boots but it doesn't recognized the Intel cards.  I can't believe a free product like PFSense has no issues with any of the PCs I have tried it on. I have paid tens of thousands of dollars for Sophos software and support and UEFI and modern hardware is not supported.

xG does not recognise nics that a classified as consumer eg i219 and I225 series.

uefi is coming slowly, the new sophos hardware supports uefi.

ian

Yes, you are right the mini PC appliance device I bought has I225 series Intel network cards.  Sophos really needs to have a hardware compatibility list for it's customers.  I can't seem to find that anywhere.  I am not a home user, I am business user with 4 firewalls and a support contract and I can't get a list out of them.

Network card compatibility depends on the version of the Linux kernel that is installed with the firewall version you are running, since drivers are built into the linux kernel itself. Not sure about the XG, but the Sophos UTM has Linux kernel version 3.12.XX

I did some Googling and it seems that the XG may be using kernel 4.14 or similar, then I searched for the Intel i225 and came across a quote that says Supported by kernel 4.20 or newer...

You can enable SSH, log into your XG and run a simple command on your XG to find out the version of the Linux kernel that is running. Then from that you can find out which network card chipsets are supported since the drivers for them will be included in the kernel already.

phoenixnap.com/.../check-linux-kernel-version

I don't understand why you don't just get XGS hardware. As a business user, you have to buy a license and the SW licences are not cheap compared to XGS licensing.

I have plenty of criticisms of Sophos but as they produce their own hardware for their software, I think you are hoping for too much to expect Sophos to evaluate and certify third party hardware just so you can go and buy something else. I would rather they spent the time and money on improving the OS.

The reason we use our own hardware is if we have say a Sophos appliance failure on a Friday afternoon in Australia how long do you think it will take to get a replacement appliance?  At least a week if not longer.  If I have my own hardware I can replace it that afternoon.

I don't expect Sophos to certify all hardware but I expect if they sell software licensees that they know what hardware will work with their software.  Even a general idea, a whitepaper, a list of BIOS settings, something?  All I get is 4GB of RAM and 2 network cards.  You are on your own from there.  This is unacceptable for enterprise level software IMO. 

Thank you for the information but XG does not support UNAME or WHOAMI commands at the console.  It looks like most commands are disabled and I can't find a way to get the kernel info from XG.

For such scenarios, customers get a HA (two appliances). You do not have to get an extra license to run this. Simply purchase two appliances and run the HA. 

The portion of customers running software "bare metal" is small. Virtual is another part of the story.