Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 24434 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

initial setup from serial console

onward

I need a workflow for new XG's out of the box that will get just enough basic configuration done over a serial console to then permit someone to remotely complete the setup through the web interface via a public ip configured on the wan port.  Example is an XG115W with SFOS 16.05.1 MR-1 Build 139 and we will be using it in gateway mode.  What commands could accomplish this?



This thread was automatically locked due to age.
Parents
  • +1

    Hi

    By default, the XG will have the following interface configuration. 

    Port1 LAN IP 172.16.16.16/24 
    port 2 WAN IP DHCP
    Port 3 onwards unconfigured.

    If you wish to access the device from WAN you may need to connect to a public IP which is assigned via DHCP. The static address cannot be assigned at this point.  By default the device access on WAN is disabled. You may enable it by console command.

    Console>system appliance_access enable 

    You may need to go through the initial setup wizard to complete the process and need an internet connection for the same. After the Wizard you may set device access enable for WAN for HTTPS  and disable the appliance access in the console.

  • +2 in reply to Aditya Patel

    Thanks for your helpful pointers, mission accomplished:

    38400 8n1 serial console >>
    network configuration >> interface configuration menu cannot set wan Port2 static ip prior to web interface activation + setup, this screen only shows that it's hardcoded for dhcp
    system configuration >> set password for user admin
    XG115w_XN02_SFOS 16.05.1 MR-1# ifconfig Port2 my.wan.ip.here netmask 255.255.255.240
    XG115w_XN02_SFOS 16.05.1 MR-1# route add default gw my.wan.gateway.ip.here
    confirm changes are reflected in output of ifconfig and route commands
    Console>system appliance_access enable
    note: the ip, route, and access changes are lost each time system reboots prior to full setup completion through the web interface
    browse to https://wan.ip:4444, go through activation and setup, system reboots
    Console>system appliance_access enable
    configure proper firewalling + local service ACL's for remote access through web interface
    update firmware SFOS 16.05.1 MR-1 to SFOS 16.05.3 MR-3 through web interface

  • 0 in reply to onward

    deployed, thank you very much for your post. It was EXACTLY what I needed to get rolling with this thing.

    I'm trying out the firewall in a remote ESXi lab environment. There are no DHCP servers available for this device, so everything needs to be static. Also, since I'm remote, I need to be able to configure everything from the WAN.

    It was VERY frustrating trying to sift through all of the (irrelevant) posts, trying to find something even remotely similar to my situation. I was lucky to find this, because I would have never figured this out on my own.

    Why we need to go to the underlying Linux to configure the gateway (just to get access to the WebUI) is beyond me.

Reply
  • 0 in reply to onward

    deployed, thank you very much for your post. It was EXACTLY what I needed to get rolling with this thing.

    I'm trying out the firewall in a remote ESXi lab environment. There are no DHCP servers available for this device, so everything needs to be static. Also, since I'm remote, I need to be able to configure everything from the WAN.

    It was VERY frustrating trying to sift through all of the (irrelevant) posts, trying to find something even remotely similar to my situation. I was lucky to find this, because I would have never figured this out on my own.

    Why we need to go to the underlying Linux to configure the gateway (just to get access to the WebUI) is beyond me.

Children
No Data