Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 29 replies
  • Subscribers 27 subscribers
  • Views 45090 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFM - I built one

IanMorehouse

I built one on my VMware esxi6.x system. An interesting afternoons fun. The registration was about as much fun as registering an XG, not much fun. Activated and that was it, no more internet. Used the same trick of opening up the mac book pro second connection and setting the basic connection to point at the XG gateway.

Next trick, the OVF comes with 4 NICs, not sure why. Any way removed two from the VM configuration, but 4 still show in the SFM and cannot be highlited/marked for deletion even after an SFM restart.

Having to identify each device before it can bo connected is sort of old world or just plain lazy in the design when the utm allows for devices to call home.

Allowing inter device communication on port 80. Not being able to disable port 80 for management access, again another either lazy or thoughtless design for something that wants to be a big business security device.


My 10c worth so far.



This thread was automatically locked due to age.
  • 0

    Hi Ian,

    Thanks for suggestion.In SFM the OVF comes with 4 NICs, and it can't be deleted.We are considering it as improvement.

    User can disable port 80 for management access from SFM Device access page (System Management --> System Settings --> Administration --> Device Access).

    Regards,

    Ravi

  • 0

    The process of removing/adding vNIC before or after should be improved.

    I installed the SFM on my Vmware Workstation and I really like it. It is very powerful for MSP and Partner with many XG around (one day [:P]). The interface is better than XG because at least some tab are there.


    Hope to see improvements soon from next version. Keep going!

  • 0

    My SFM cannot see my XG even thought the test conenction is successful. I have the XG registered in my DYDNS account and this is shown as being conected and up todate.

    The SFM runs as a VM client behind a UTM.

    Last registered date is the 14th of march 2016, today being the 20th Mar 2016.

    What has happened since

    1/. the XG was restarted

    2/. UTM was upgraded to 9.400-9

    3/. the UTM was restarted a number of times while trying to resolve an issue with the AP10.

    Any ideas as to how to make the SFM see the XG?

  • 0 in reply to IanMorehouse
    Hi Ian,

    Please provide below detail of SFM and XG device to check issue further.
    • SFM device page (System Management --> Device Settings --> Managed Device --> Devices)  screenshot
    • XG device Central management page (System --> Administration--> Central Management) screenshot
    • XG  Admin Console HTTPS Port value (System --> Administration --> Setting Page)  ____  ?
    • XG device Serial Number _____?

    Regards,

    Ravi

  • 0 in reply to RaviPatel

    Hi Ravi,

    This is the first part. The XG is on a seperate network.

    Can't insert screenshoys that show.

  • 0 in reply to RaviPatel

    serial number:-  c01001jpjvgf667

  • 0 in reply to IanMorehouse

    Hi Ian,

    Can you elaborate more on your issue? Are you not able to add XG device in SFM ?

    Regards,

    Ravi

  • 0 in reply to RaviPatel

    Hi Ravi,

    I have added the XG to the SFM, but it is disconnected.

    The XG is registered in dydns.

    .2656.sfm-1.tiff

  • 0 in reply to IanMorehouse

    Itt was connected long enough to download the configuration.

    Also other issues

    1/. I do not receive any notifications from the SFM even though the test connection is successful.

    2/. does not appear to be able to handle the UTM acting as a relay agent. I think that is a request for the XG as well.

    3/. even though you disable port 80 access using the system settings -> administration -> device access you are still not able to remove port 80, system settings -> administration -> settings. You can change the value of the port then you receive a warning to change the settings in the devices as well.This implies that something in the SFM is still iistening on that port, not very secure.

  • 0 in reply to IanMorehouse

    I have added a NAT rule to my UTM 9.4 to allow the heartbeat port 6514 to be directed to the SFM. I am not sure how often a heartbeat is sent, but so far at least 30 minutes no update of status.

    Another little issue, is how do you name the SFM?