I just received an XG125 and am configuring it in a lab environment. I hope to achieve the following high-level configuration. 1) Port 1 - LAN, call it LAN A, with 192.168.25.x address space. Use a firewall DHCP in lab but an external DHCP server in production. 2 )Port 2 - WAN with a fixed IP address, but the lab setup will be DHCP. 3) Port 3 - LAN, call it LAN B, with 192.168.0.x address space. Use a firewall DHCP in lab but an external DHCP server in production. 4) LAN A & LAN B not able to communicate with each other, but both able to communicate with WAN. 4) Ports 4-8 not used. 5) DNAT to expose a server in LAN A to the WAN. 6) QoS on on both LANs to limit video streaming. 7) SSL VPN to either LAN. Users assigned to groups according to the LAN they can access. Since I am moving from UTM 9.5 to XG and have no experience with it, I decided to use the Setup Wizard. I looked at all the videos and read all the documentation I could find. The first thing that happened was that I was forced to change the admin password, no problem, and it rebooted. Then the wizard launched and I noticed that it was dramatically different that the v16 one described in the available videos and documentation. I followed the prompts based on no documentation and ended up with: Port as WAN configured to DHCP - good Ports 1 and 3-8 bridged (br0) into a single LAN with a DHCP server and the address space for LAN A - OK but not what I wanted. Two automatically created rules I did not see a way to individually configure multiple LAN ports, probably missed it. I created Zones for LAN A and LAN B, deleted br0, and assigned LAN A zone to port 1 and LAN B zone to port 3. Then created separate DHCP servers for LAN A and LAN B with the desired address spaces. I cloned the rules for br0 to ones for LAN A & B. LAN A and B seem to be working as desired. I think it would have been faster to skip the wizard entirely. I found a KB article on how to implement DNAT with an Application rule, and would not have guessed that. SSL VPN setup followed the available videos. I have to test user restriction to a specific LAN. I am working on QoS, and don't see a clear path to limit the total bandwidth consumed by all video streaming to a specific amount on both LANs. I could never make the builtin email server work. I am disappointed that there is only one email notification in XG opposed to tens of them in UTM. I can't figure out how to get an Executive Report remotely similar to the familiar one from UTM. I especially want the line charts of data volumes and the total traffic. I hope someone can point me to the documentation on all the pre-configured policies. Please share your experience.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Experiences with v17 XG Setup Wizard

I just received an XG125 and am configuring it in a lab environment. I hope to achieve the following high-level configuration.

1) Port 1 - LAN, call it LAN A, with 192.168.25.x address space. Use a firewall DHCP in lab but an external DHCP server in production.

2 )Port 2 - WAN with a fixed IP address, but the lab setup will be DHCP.

3) Port 3 - LAN, call it LAN B, with 192.168.0.x address space. Use a firewall DHCP in lab but an external DHCP server in production.

4) LAN A & LAN B not able to communicate with each other, but both able to communicate with WAN.

4) Ports 4-8 not used.

5) DNAT to expose a server in LAN A to the WAN.

6) QoS on on both LANs to limit video streaming.

7) SSL VPN to either LAN. Users assigned to groups according to the LAN they can access.

Since I am moving from UTM 9.5 to XG and have no experience with it, I decided to use the Setup Wizard. I looked at all the videos and read all the documentation I could find.

The first thing that happened was that I was forced to change the admin password, no problem, and it rebooted.

Then the wizard launched and I noticed that it was dramatically different that the v16 one described in the available videos and documentation.

I followed the prompts based on no documentation and ended up with:

Port as WAN configured to DHCP - good
Ports 1 and 3-8 bridged (br0) into a single LAN with a DHCP server and the address space for LAN A - OK but not what I wanted.
Two automatically created rules

I did not see a way to individually configure multiple LAN ports, probably missed it.

I created Zones for LAN A and LAN B, deleted br0, and assigned LAN A zone to port 1 and LAN B zone to port 3.

Then created separate DHCP servers for LAN A and LAN B with the desired address spaces.

I cloned the rules for br0 to ones for LAN A & B.

LAN A and B seem to be working as desired.

I think it would have been faster to skip the wizard entirely.

I found a KB article on how to implement DNAT with an Application rule, and would not have guessed that.

SSL VPN setup followed the available videos. I have to test user restriction to a specific LAN.

I am working on QoS, and don't see a clear path to limit the total bandwidth consumed by all video streaming to a specific amount on both LANs.

I could never make the builtin email server work.

I am disappointed that there is only one email notification in XG opposed to tens of them in UTM.

I can't figure out how to get an Executive Report remotely similar to the familiar one from UTM. I especially want the line charts of data volumes and the total traffic.

I hope someone can point me to the documentation on all the pre-configured policies.

Please share your experience.

This thread was automatically locked due to age.