Installation image (ISO) not UEFI bootable

Just to throw in my two cents, I was able to make a little progress by removing the m2 SSD from my E200-9A, placing it in a laptop, and installing XG from there, then moving the SSD back to the E200-9A.

The system will actually begin the boot process, but throws a few errors related to LAPIC, APIC, and MP-BIOS.

I might test this method with a standard SATA SSD and see if it provides better results, although I would much prefer being able to use the embedded SSD slot.

I will continue testing workarounds, but this is disappointing for a very expensive software license. Sophos please fix.

This doesn't seem like an option, messing around with HW setups in countless hours of slaloms between and around errors, when all you wanna do is get the SW installed in a few minutes, then better use all that previously wasted time to setup, test and etc. the (new) firewall.

It might be cheap as in free for home users, it might be evaluated for 30 days for businesses, but in the end of the day, if my boss get to hear from me about Sophos, and what a cool and marvelous piece of software it is, but also finds out that I have to struggle for days/ weeks with installation on (too) newer HW, he will seriously rise at least an eyebrow toward my marketing/ sales pitch! :(

I know that BIOS is one thing, (U)EFI is another, CSM is a bridge in between, a transition tool, and maybe it's not Sophos' fault that every now and then, on some hardware/ UEFI BIOS the CSM is not implemented as it should, or maybe there are some bugs, but hey!... There are only two variants of BIOSes, the old (replaceable) one, and the new (replacing) one: please, Sophos, make available two standard variants of ISO images, for each of the two standards, and forget about CSM, that might be buggy and/ or mall implemented sometimes. It shouldn't be difficult, and it's hard for me to imagine the image points you get from both the working hats as well as from buying hats! :)

It would pay for you to investigate hardware before buying a device that does not work with the software.

There are a number of threads if you search about various hardware successes and failures.

Ian

rfcat_vk said:

It would pay for you to investigate hardware before buying a device that does not work with the software.

True! Really, it's true!

But what about the case you already have that HW, bought, maybe, for another platform? And decided to see what XG is going to give on that particular platform? (My case!)

I say, if it's a software treat it like a software, otherwise tell me you only offer ISOs for Sophos proprietary HW. And, honestly, I don't thing UEFI compatibility matter is something one should/ worth research for! (!)

But I don't want to argue and upset anyone around here, I stated my opinion and not going to further write any arguments to "build a case". :)

Hi,

you are wrong. There are ISOs for Sophos proprietary hardware and then there are ISOs for those that want to build their own either on physical or virtual hardware.

You could have tried installing a 'VM' OS then installed the XG on top as others who have found they have incompatible hardware have done.

I have tried Asrock MBs in the past and found they have too many quirks that are aimed at Windows OS only.

Ian

rfcat_vk said:

You could have tried installing a 'VM' OS then installed the XG on top as others who have found they have incompatible hardware have done.

I need it to boot! Only to boot! If other HW incompatibilities are encountered, during installation or running, OK, but I only need it to boot! On pure UEFI HW, and UEFI is not a Windows OS quirk.

rfcat_vk said:

... and then there are ISOs for those that want to build their own...

I am talking exactly about that when I say ”either only proprietary HW... or general HW, standard UEFI compatible..."

For the final time: I don't argue about making images which shouldn't have flaws and bugs no matter the piece of bare metal those images are installed on. It would be out of this universe. But what about making an ISO which is able to boot if the BIOS is UEFI BIOS, where USB is XHCI type (and v. 3++) and there is no CSM present - which for me, if I'm not wrong, means "standard UEFI", and no Windows OS only quirks?!?! :)

Ciprian Hutiu said:

This doesn't seem like an option, messing around with HW setups in countless hours of slaloms between and around errors, when all you wanna do is get the SW installed in a few minutes, then better use all that previously wasted time to setup, test and etc. the (new) firewall.

Considering I'm coming from UTM, where this was not an issue, I completely agree, but I also can appreciate that they can't pre-certify their OS with every possible piece of hardware out there.

Ciprian Hutiu said:

It might be cheap as in free for home users, it might be evaluated for 30 days for businesses, but in the end of the day, if my boss get to hear from me about Sophos, and what a cool and marvelous piece of software it is, but also finds out that I have to struggle for days/ weeks with installation on (too) newer HW, he will seriously rise at least an eyebrow toward my marketing/ sales pitch! :(

 

In my case, I ended up switching to a different Supermicro box, which solved the problem ( a 1019S-WR ). To continue testing with the E200-9A I have simply added a layer of virtualization using proxmox and an running XG as a VM. I realize there may be a slight performance penalty for this, but giving the scale of the deployment it will also be a good way to test performance in a virtualized environment, since XG lets you run an Active-Passive HA configuration for free and a VM would be a good candidate.

Eventually though, all of this boils down to whether or not Sophos will fix this. I looked at the beginning of this thread and noticed you did not click the "I have this question", would you please do so? If it is important to you then casting your vote with us will probably help Sophos recognize the problem, or at least respond with an answer as to why they're not fixing this.

Ciprian Hutiu said:

This doesn't seem like an option, messing around with HW setups in countless hours of slaloms between and around errors, when all you wanna do is get the SW installed in a few minutes, then better use all that previously wasted time to setup, test and etc. the (new) firewall.

Considering I'm coming from UTM, where this was not an issue, I completely agree, but I also can appreciate that they can't pre-certify their OS with every possible piece of hardware out there.

Ciprian Hutiu said:

It might be cheap as in free for home users, it might be evaluated for 30 days for businesses, but in the end of the day, if my boss get to hear from me about Sophos, and what a cool and marvelous piece of software it is, but also finds out that I have to struggle for days/ weeks with installation on (too) newer HW, he will seriously rise at least an eyebrow toward my marketing/ sales pitch! :(

 

In my case, I ended up switching to a different Supermicro box, which solved the problem ( a 1019S-WR ). To continue testing with the E200-9A I have simply added a layer of virtualization using proxmox and an running XG as a VM. I realize there may be a slight performance penalty for this, but giving the scale of the deployment it will also be a good way to test performance in a virtualized environment, since XG lets you run an Active-Passive HA configuration for free and a VM would be a good candidate.

Eventually though, all of this boils down to whether or not Sophos will fix this. I looked at the beginning of this thread and noticed you did not click the "I have this question", would you please do so? If it is important to you then casting your vote with us will probably help Sophos recognize the problem, or at least respond with an answer as to why they're not fixing this.

jonw said:

but I also can appreciate that they can't pre-certify their OS with every possible piece of hardware out there.

Where did I say such a thing? :) I'm only reffering to UEFI compatibility. Pure and standard UEFI. Which there is not. You have to have a certain type of CSM in order for the ISO to successfully boot, but CSM means Compatibility, which means that Sophos is not trying to align to the standard (UEFI), but rely on OEMs to implement the appropriate compatibility module (CSM).

Just make the ISO a standard UEFI ISO (beside the older standard BIOS), and I'm happy with it. I never talked about specific HW or specific implementations, just standard UEFI.

jonw said:

you did not click the "I have this question", would you please do so?

Just did it, thank you for the reminder.

Did this ever get resolved?  I just downloaded the latest software appliance iso which also lacks uefi boot ability.

Unfortunately no,

I ended up going with pf sense.  I understand that this may not be a factor for their UTM product.  You might try that.  Just realize the licensing is different.  It is not licensed by proc cores and RAM.  Instead it is by devices or DHCP ips (50) for the free version as I understand it.  That may be a deal breaker with as many devices as we have now with IOT devices, phones, routers etc.  It was for me.  The only other suggestion I can give is the same that was given to me.  Try pfSense.  It may not be as easy to use as Sophs products but it has gotten alot better with not having to leave the console for daily config tasks and monitoring.  The only thing I am waiting for on pfSense is for the 10gig  ports to be recognized.  UEFI and 1gig ports are not a problem.  Hope this helps.

Stephen Stacha said:

The only thing I am waiting for on pfSense is for the 10gig  ports to be recognized

Take a quick look at OPNsense (a more than 3 years older fork of pfSense). No problem on 10 gig HW for me.

Let alone the fact that I find OPN much more polished than pf.

Cheers, good luck!

(@all, sorry for the off-topic)