Installing pfSense on Sophos XG 105 rev. 2



  • Got my hands on a rev. 2 XG 105 appliance and immediately thought this was the perfect little pfSense hardware. Low power consumption, 64GB sata SSD, 2GB ram was upgradable (up to 8GB?), E3826 aes-ni proc, 2 usb 2.0 ports, vga console, 4 gigabit ports(Intel i211). Started on this by factory defaulting the bios and popping in the latest version of pfSense via usb. drive booted up but as soon as I went to install it, the intaller crapped out at some line of command:

    atkbdc0: <Keyboard controller> (i8042) at port 0x60,0x64 on isa0
    atkbd0: <AT Keyboard> irq 1 onatkbdc0
    

    My first thought was to change all settings in the bios I could think of that would be affecting the bootup. I made changes to anything and everything I could find related to pcie, cpu, storage devices, ACPI, etc.... Same results every time. interupting the boot got the db> prompt, but being new to this, it wasnt any help. I could also get it to give me a fatal trap 30 by pressing ctrl+C when booting, but no significance to me and I couldn't find anything that made sense being new to BSD. The next step was to try some loader.conf modifications and I tried setting up these commands I felt that were related to my errors. Here are the commands I used:

    set hint.atkbd.0.disabled=1
    set hint atkbdc.0.disabled=1
    

    Awesome, the installer boots now, and even installs to the local drive! woohoo... wait... After pfSense starts up, no interfaces are detected. pfSense will not boot if does not detect at least one NIC. From here, I tried installing freebsd- no dice. Exact same problem. Next, I moved onto Mint, and other distros... they installed perfectly. Even with default or modified bios settings. Everything I threw at it just worked... except BSD or pfSense. I even installed Untangle... Side note- it has a nice interface, but wasn't what I was looking for(I have to admit, their install process is pretty and polished too). Back to the drawing board.. I factory reset the bios again, and reading each setting, I found the one setting that made this work. In the bios, navigate to Advanced > USB Configuration > Port 60/64 Emulation. Flip this to [Disabled.]
    0_1533091843116_XG105bios_pfSense.JPG

    After making this one change, pfSense installed perfectly and even boots up. All interfaces are up and so far everything is working. Not sure why this was such an important setting for BSD to flip out, but it does make perfect sense when you review the initial garbage that the BSD boot process spit at me before abruptly rebooting. Apparently, all operating systems except FreeBSD have a tolerance for 60h/64h emulation support... or it could just be this hardware and or this bios. Anyhow, thanks for reading this ranty, and unnecessarily long post. Hopefully this will help somebody repurpose these now aging Sophos XG 105 or even a related XG/SG box with pfSense. I especially like how these little boxes are AES-NI ready and should run 2.5 when the new BSD is released.



  • Thanks for this. I've just bought the SG105 rev 2, great value little rackmount unit with a AES-NI CPU.

    I tried the following:

    1. Doing a fresh install from the latest PFSense USB memstick installer with default settings gets stuck in an infinite reboot loop

    2. Disabling "Port 60/40 emulation" in the BIOS and trying again, results in the installer getting stuck at "Booting..." forever (no reboots, just frozen with no HDD activity). (the line above the stuck "Booting ..." says: /boot/kernel/kernel text=0x17c1930 data=0xb93d38+0x557b28 syms=[0x8+0x197400+0x8+0x197f72])

    3. Picking option 3 (alter loader config) and typing
      set hint.atkbd.0.disabled=1
      set hint.atkbdc.0.disabled=1
      boot

    (This was still stuck at "Booting...".)

    I found in another thread that all I had to do after the BIOS change you found was pick option 3 and type:
    set kern.vty="sc"
    boot

    (I then had to do the same every time it boots. It seems the set command doesn't actually permanently modify the loader.config file)


Log in to reply