Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 47 replies
  • Subscribers 30 subscribers
  • Views 8523 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trouble booting from USB to install the latest XG Home Edition SW-19.0.1_MR-1-365

ken Mills

Hi all,

I just purchased a new piece of hardware to replace my dying XG Home box.

I downloaded the latest SW-19.0.1_MR-1-365 and burned to USB with RUFUS.  I can't seem to boot from it, it just hangs.

The device in question is here:

https://www.aliexpress.com/item/765856572.html

Specs:

Basic Information:

CPU

Onboard Intel Celeron J6412

TDP

10W

Motherboard

120 x 120mm customized size

BIOS

American Megatrends Inc

Chipset

Elkhart Lake

Memory

1* SO-DIMM DDR4 Slot,Support 4GB/8GB

DDR4-2133, LPDDR3-1866, DDR3L-1600

OS

Windows 10/Linux/WES10

PXE

YES

Audio

Intel High Definition Audio Controller

Network

2 x Realtek 811H Gigabit Ethernet Controller

10/100Mbps/1000Mbps BaseT LAN

Video

Intel® UHD Graphics

Input/output port:

Switch

1 x Power On/Off Switch

Power

1 x 12V DC In

USB

2 x USB2.0, 2 x USB3.0

Display

2 x HDMI 1.4, 1 x DP 1.2

LAN

2 x RJ45 Giga LAN

Audio

1 x MIC, 1 x SPK

COM

2 x DB9 RS232 COM

Storage:

MSATA

1 x M-SATA3.0 slot for MSATA SSD, support 6Gb/s

M.2

1 x M.2 slot for NVME 2280 SSD

SATA

1 x SATA3.0 slot for SATA HDD or SSD, , support 6Gb/s

Wi-Fi:

Module

1 x M.2 2230 slot for Wi-Fi & Bluetooth module

Antenna

2 x inner RF cables and 2 x external antennas

Could it be that the chipset is incompatible?  Or perhaps a setting in the AMI BIOS?

I have :

Disabled secure Boot

I tried MBR burn and GPT Burn

Disabling TPM

Nothing seems to allow me to boot

My next test will be to find n external USB drive that I can burn the ISO to.  I am thinking the UEFI boot may be the issue...  However, i can boot a Windows installer no problem on the device.

Any insights or suggestions would be greatly appreciated!

Cheers,

Ken



This thread was automatically locked due to age.
Parents
  • 0

    OK so..   It seems that Intel has removed Legacy BIOS support from all chipsets starting Dec 2020.  This is a latest model Celeron J6412, so therefore incompatible with Sophos.

    Quite odd that in 2022, when hardware vendors are phasing out, or indeed have removed Legacy support, that Sophos doe snot support UEFI.

    Is there a thread of feature request somewhere that UEFI users can request or follow any progress on when this will be implemented?

    Over to pfsense I guess.  Sad as I love Sophos and use their hardware appliances on all my customers.  Just can't justify the cost for my home network.

    Ken

  • 0 in reply to ken Mills

    Check out the server motherboards, they still support legacy boot, or at least my last purchase does. Asus,  Xeon based with intel nics.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to ken Mills

    Please have look at the proxmox NIC configuration settings, not just speed and auto negotiate.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to ken Mills

    How much RAM and CPU cores do you have set aside for XG? You could go into the BIOS of the PC and disable speedstep so the CPU cores run at full speed. 2Ghz idle vs. 2.6Ghz boost.

    In case you configured Proxmox wrong, this is a video of the Sophos engineer who installed XG on Proxmox, you could double check to make sure it's right.

    www.youtube.com/watch

    EDIT: check your IPS DoS settings. I had horrible downloads speeds myself until I ended up disabling TCP Flood detection entirely.

  • 0 in reply to alan weir

    Hey again,

    4 cores, 6GB RAM for the Sophos; it is running at 35% RAM and 14%CPU on average.

    I disabled SpeedStep.  Same speeds.

    I have completely disabled IPS all together, so it is not affecting it.

    NIC settings in Hardware on the Proxmox are:

  • 0 in reply to alan weir

    The recommendation is not to use any of the flood settings. There is an old thread on the subject.

    The reason being if you are being flooded you will not be able access the internet anyway, these settings are only aimed at a single source where as most floods occur from multiple sources.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to ken Mills

    Don't use the Intel E1000 driver, that driver is only meant to be used on environments that doesn't have VirtIO capability. (It's the worst possible driver for throughput)

    Always use VirtIO on KVM.

    ken Mills said:
    Very strange but more difficult to debug since I'm not that familiar with Proxmox, although I'm pretty sure there isn't anything there that would restrict the speed to 80/80.

    Can you SSH to the Sophos Firewall run "top -d 1" at the console and then send a screenshot in here while you're doing a speedtest?

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    Hi again to you all!

    OK, so, I think that I have decided to move in a slightly different direction.  I am returning the current device that I purchased as it is simply under performing.  I also realized that, since I'm virtualizing the NICs anyways, I may as well get a device with the 2.5Gbe interfaces.  That way I will virtualize for now, and in the future, if Sophos starts to support UEFI and the i225/226 chipsets, I can install directly on the hardware.

    Thanks to you all for your very helpful insights and assistance. 

    Your advice has helped me decide to stick with Sophos, instead of moving to another firewall, and to get a slightly more powerful device with better NICs.

    I will post here once I get new hardware .

    Cheers,

    Ken

  • 0 in reply to ken Mills

    It could have just been that the Realtek NIC doesn't play nice with Promox and Sophos. Next time go with Intel, you might have better luck.

    If I may suggest building your own m-ITX PC for a similar price point, you could get the Asrock J5040 motherboard or the earlier model, and choose an x1 dual LAN PCIe card. 

  • 0 in reply to alan weir

    Interesting suggestion, I'll deffo look into building my own, thx!

  • 0 in reply to ken Mills

    I did some google searches and it wouldn't really make much difference buying an appliance with an Intel i225/i226 vs. building your own with a "supported NIC" unless you wanted to go through the trouble of using PCIe pass-through, which could give you better performance, but is more of a pain to set up. The gist is...use virtIO for better compatibility. Use passthrough if it can offer better performance.

  • 0 in reply to alan weir

    Good info, but I assume that if I have Gigabit or faster internet, I would ideally want a 2.5Gbe interface, using VirtIO, to take advantage of the speed?

Reply Children
Unfiltered HTML