Installing pfSense on Sophos XG 105 rev. 2

pantigon

@klauskurz said in Installing pfSense on Sophos XG 105 rev. 2:

Sophos XG 105 rev. 1

@klauskurz specifications of Sophos XG 105 rev. 1 how? (CPU, RAM).

S762

I stumbled on this thread and it peaked my interest so I picked up a used Sophos XG105 Rev 3. I changed the bios setting as noted above and flashed it right out of the box with 2.5.2 and I’m only testing at this point. I setup the LAN Net (ibg1) with a 192.168.5.1 and a Vlan (igb3) for wireless on 192.168.88.1. The problem is I wanted to use a firewall rule to block access to the Lan Net from the Wifi Vlan. I have this working on my main router, I can ping my LAN from the Vlan on the Sophos so to me that proves the FW rule is not working? anyone see this before with the Sophos? thanks in advance

Screenshot 2021-11-22 at 10-42-10 pfSense home arpa - Firewall Rules Edit.png

klauskurz

@s762 When you ping a device in the LAN from the WIFI: Please check in the firewall, if the ping is really answered by the device in the LAN segment. Check this in the firewall packet capture or you can check this at the LAN device with wireshark or similar. It happened to me, that the ping is answered from the firewall itself, so you think the rule is not working because you get a ping reply.

S762

This post is deleted!

marduk

@ccpfldn

Hi CCPFLDN,

I bought the same device and have managed to somehow get into the bios through the EFI shell as it would not allow me to boot into the bios. I however cannot navigate within the bios. Do you know of work around for this?

Thanks

marduk

I have figured it for those having the same issue. It would seem that bios and install was only possible through the console and Putty via the COM port.

sysadminfromhell

This post is deleted!

NickBurns

This is hanging for me after doing set.kern.vty="sc". There isn't any indication on what the error actually is. I am trying to run this on a Sophos XG230 rev.1. I also was able to disable the port 60/40 emulation as well. I tried recreating the USB using etcher. Still no dice.

CLEsports

@nickburns Might be different as I have an XG310, but I didn't have to do the set.kern.vty or the 60/40 emulation. Are you doing the install via the COM/Console port or plugging in a keyboard and using the VGA port on the back?

Using only the COM port on the front has worked for me, USB install from Etcher using pfSense-CE-memstick-serial-2.5.2 image

NickBurns

@clesports I am doing the update via the COM port. I tried to boot from the serial image and it was just a bunch of gibberish on the screen. Then when I did the VGA I actually got the pfsense install screen. Is that normal? First time installing pfsense for me.

CLEsports

@nickburns said in Installing pfSense on Sophos XG 105 rev. 2:

@clesports I am doing the update via the COM port. I tried to boot from the serial image and it was just a bunch of gibberish on the screen. Then when I did the VGA I actually got the pfsense install screen. Is that normal? First time installing pfsense for me.

The speed you had configured on your COM port connection was probably incorrect, which is probably why you saw gibberish. If you want to see the initial BIOS screens to change settings, etc it's 38400. Once pfSense starts booting, it changes to 115200.

NickBurns

@clesports Thanks! That worked :) pfsense is up and running on my Sophos XG 230 rev.1

Darkmattersz

@pfme I'm stuck at point 5, only because I dont understand a lot of command line input. Could somebody possibly detail how add to the last line and what doe s the "you dont type set here" mean. Thank you in advance

CLEsports

@darkmattersz said in Installing pfSense on Sophos XG 105 rev. 2:

@pfme I'm stuck at point 5, only because I dont understand a lot of command line input. Could somebody possibly detail how add to the last line and what doe s the "you dont type set here" mean. Thank you in advance

Type what's in bold from that post (other than "Insert" meaning pressing the "Insert" key on your keyboard)

Darkmattersz

@clesports Thank you kindly, I understood which parts to type. I dont know how to add to the last line or how to navigate to to add. I hope this makes sense.

CLEsports

@darkmattersz said in Installing pfSense on Sophos XG 105 rev. 2:

@clesports Thank you kindly, I understood which parts to type. I dont know how to add to the last line or how to navigate to to add. I hope this makes sense.

You should be able to use the arrow keys to navigate to the bottom of the file. Then type the kern.vty line. Might need to hit the Escape key before :wq too

stephenw10

That line should go in /boot/loader.conf.local to avoid being overwritten.

You can use the Easy Editor (ee) instead of vi. ee does not require a cheat sheet.

Steve

Darkmattersz

@stephenw10 Thank you stephen and everyone else who chimed in !!

gtj

Sorry for reviving an old thread but just out of curiosity how powerful is an XG105 rev2.0 in comparison with a PC engines board?

CLEsports

@gtj The XG 105 Rev2 spec sheet lists an Intel Atom Baytrail Dual Core (1.46 GHz) with 2gb of RAM and 64gb SSD. Looking at Intel's page, it's probably either an Atom E3815 or E3826