Running Sophos XG in OpenStack

Question

Has anyone done that yet? 
 We are currently trying to setup a Sophos XG 19.0.1 kvm version in OpenStack. Installation runs seemlessly. But when trying to get network traffic from LAN to WAN nothing happens. It seems as if the traffic is not getting back from WAN to LAN. Our OpenStack provider is unable to help us. They don't know anything about Sophos firewalls. 
 The setup in OpenStack is as follows: 2 Core CPU 40GB disk 1x LAN Port with port security disabled 1x WAN Port with port security disabled no security groups added 
 We can ping and do name lookup from the WAN port without any problem. Trying the same from the LAN port fails with "Host unreachable". We tried everything we can think of till now, but don't get the LAN to run. LAN to LAN connections work. 
 Can anyone help?

Tobias Hansen1 · Accepted Answer

First, I got it to work now. Problem was the port security and the default security group on the virtual firewall instanz. I disabled the port security on both LAN/WAN and gave the firewall instanz no default security group. 
 To answer your questions: Deploy of SFOS as ISO file. Installed onto disk. First only disabled Port Security on LAN, WAN was enabled. Traffic was not working. Now LAN/WAN are disabled and traffic is going through to the firewall and LAN. Also no Security Group was added to the firewall instance.

Vivek Jagad · Answer

Hey Tobias Hansen1 , Thank you for reaching out to the community, I am successfully able to run v18, v19.0.1 MR-1 and v19.5 EAP in Open Stack environment !! It would be great if you can help me understand how have you deployed the SFOS ? Have you created a qcow2 or vmdk disk ? Is Port Security on the interfaces LAN/WAN disabled ?

Running Sophos XG in OpenStack

Top Replies