Installing pfSense on Sophos XG 105 rev. 2

Garo

Got my hands on a rev. 2 XG 105 appliance and immediately thought this was the perfect little pfSense hardware. Low power consumption, 64GB sata SSD, 2GB ram was upgradable (up to 8GB?), E3826 aes-ni proc, 2 usb 2.0 ports, vga console, 4 gigabit ports(Intel i211). Started on this by factory defaulting the bios and popping in the latest version of pfSense via usb. drive booted up but as soon as I went to install it, the intaller crapped out at some line of command:

atkbdc0: <Keyboard controller> (i8042) at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 onatkbdc0

My first thought was to change all settings in the bios I could think of that would be affecting the bootup. I made changes to anything and everything I could find related to pcie, cpu, storage devices, ACPI, etc.... Same results every time. interupting the boot got the db> prompt, but being new to this, it wasnt any help. I could also get it to give me a fatal trap 30 by pressing ctrl+C when booting, but no significance to me and I couldn't find anything that made sense being new to BSD. The next step was to try some loader.conf modifications and I tried setting up these commands I felt that were related to my errors. Here are the commands I used:

set hint.atkbd.0.disabled=1
set hint atkbdc.0.disabled=1

Awesome, the installer boots now, and even installs to the local drive! woohoo... wait... After pfSense starts up, no interfaces are detected. pfSense will not boot if does not detect at least one NIC. From here, I tried installing freebsd- no dice. Exact same problem. Next, I moved onto Mint, and other distros... they installed perfectly. Even with default or modified bios settings. Everything I threw at it just worked... except BSD or pfSense. I even installed Untangle... Side note- it has a nice interface, but wasn't what I was looking for(I have to admit, their install process is pretty and polished too). Back to the drawing board.. I factory reset the bios again, and reading each setting, I found the one setting that made this work. In the bios, navigate to Advanced > USB Configuration > Port 60/64 Emulation. Flip this to [Disabled.]

After making this one change, pfSense installed perfectly and even boots up. All interfaces are up and so far everything is working. Not sure why this was such an important setting for BSD to flip out, but it does make perfect sense when you review the initial garbage that the BSD boot process spit at me before abruptly rebooting. Apparently, all operating systems except FreeBSD have a tolerance for 60h/64h emulation support... or it could just be this hardware and or this bios. Anyhow, thanks for reading this ranty, and unnecessarily long post. Hopefully this will help somebody repurpose these now aging Sophos XG 105 or even a related XG/SG box with pfSense. I especially like how these little boxes are AES-NI ready and should run 2.5 when the new BSD is released.

CCPFLDN

Thanks for this. I've just bought the SG105 rev 2, great value little rackmount unit with a AES-NI CPU.

I tried the following:

1. Doing a fresh install from the latest PFSense USB memstick installer with default settings gets stuck in an infinite reboot loop

2. Disabling "Port 60/40 emulation" in the BIOS and trying again, results in the installer getting stuck at "Booting..." forever (no reboots, just frozen with no HDD activity). (the line above the stuck "Booting ..." says: /boot/kernel/kernel text=0x17c1930 data=0xb93d38+0x557b28 syms=[0x8+0x197400+0x8+0x197f72])

3. Picking option 3 (alter loader config) and typing
   set hint.atkbd.0.disabled=1
   set hint.atkbdc.0.disabled=1
   boot

(This was still stuck at "Booting...".)

I found in another thread that all I had to do after the BIOS change you found was pick option 3 and type:
set kern.vty="sc"
boot

(I then had to do the same every time it boots. It seems the set command doesn't actually permanently modify the loader.config file)

vlan_one

If anyone is trying this and have the same issue, I followed the post from @CCPFLDN and found that I only needed to do point 2 and then only needed to enter the set kern.vty="sc" command to get the OS to boot and install.

After the installation and first boot I edited the /boot/loader.conf file and added kern.vty="sc" at the bottom of the file, saved it and it is booting fine every time.

pfme

Thank you @vlan_one @CCPFLDN

I've just installed PFsense 2.4.4 on a Sophos SG-105W appliance using the following method:

1. Write the latest PFSense USB memstick installer (pfSense-CE-memstick-2.4.4-RELEASE-p3-amd64.img) to USB using Win32DiskImager
2. Press Del to Enter BIOS
3. Arrow to Advanced menu > USB Configuration > Disable "Port 60/40 emulation". This resolves the installer getting stuck at "Booting..." forever (no reboots, just frozen with no HDD activity). (the line above the stuck "Booting ..." says: /boot/kernel/kernel text=0x17c1930 data=0xb93d38+0x557b28 syms=[0x8+0x197400+0x8+0x197f72])
4. Reboot, at the PFSense menu, select option 3 and type:
   set kern.vty="sc" press Enter
   boot press Enter
5. After PFsense is installed. You have an option to exit to command prompt, do this:
   Type vi /boot/loader.conf then Enter
   Press Insert on your keyboard to edit
   Add kern.vty="sc" to the last line (Note: you don't type set here)
   Type :wq then Enter
   Type reboot then Enter

That's it. Credit goes completely to @vlan_one @CCPFLDN.

kholmqvist

Thanks man! I had pfSense installed on a SG125 without any issues, but the hardware eventually died on me (C2000 bug). I tried installing pfSense on a spare SG105v2, but ran into the above issue everytime.. I will definitely try this out today..

Sparky07

PFSense on a Sophos SG-105W appliance is working fine with the instruction above.
It would be create, if the WLAN-Modul would work too.
In the Interface Menu: "no interface available"...

Any idea how to fix this?

Thanks

devochka

Just wanted to thank you all for your efforts. I followed these instructions and was able to get the USB image to install and boot on a Sophos XG115 rev2. Thanks to @Garo @pfme @vlan_one and @CCPFLDN !

bart155

Hi everyone, I also want to thank you all for your help. I managed to install pfSense on my (recently unlicensed) Sophos XG 125w (rev. 3) with the instructions in this topic. It works perfectly, except for the WLAN interface (which I don't use). Thanks!

tuzsuzdeli

it works,
perfect !

klauskurz

on Sophos XG 105 rev. 1:

Installed like @pfme summarized.

System hung when partitioning/formatting the HDD in pfsense installer.
Worked after erasing the data on hdd, where the original Sophos installation was.
I used SystemRescueCD and shred for erasing the hdd.

Then it worked perfectly.

pantigon

@klauskurz said in Installing pfSense on Sophos XG 105 rev. 2:

Sophos XG 105 rev. 1

@klauskurz specifications of Sophos XG 105 rev. 1 how? (CPU, RAM).

S762

I stumbled on this thread and it peaked my interest so I picked up a used Sophos XG105 Rev 3. I changed the bios setting as noted above and flashed it right out of the box with 2.5.2 and I’m only testing at this point. I setup the LAN Net (ibg1) with a 192.168.5.1 and a Vlan (igb3) for wireless on 192.168.88.1. The problem is I wanted to use a firewall rule to block access to the Lan Net from the Wifi Vlan. I have this working on my main router, I can ping my LAN from the Vlan on the Sophos so to me that proves the FW rule is not working? anyone see this before with the Sophos? thanks in advance

klauskurz

@s762 When you ping a device in the LAN from the WIFI: Please check in the firewall, if the ping is really answered by the device in the LAN segment. Check this in the firewall packet capture or you can check this at the LAN device with wireshark or similar. It happened to me, that the ping is answered from the firewall itself, so you think the rule is not working because you get a ping reply.

S762

This post is deleted!

marduk

@ccpfldn

Hi CCPFLDN,

I bought the same device and have managed to somehow get into the bios through the EFI shell as it would not allow me to boot into the bios. I however cannot navigate within the bios. Do you know of work around for this?

Thanks

marduk

I have figured it for those having the same issue. It would seem that bios and install was only possible through the console and Putty via the COM port.

sysadminfromhell

This post is deleted!

NickBurns

This is hanging for me after doing set.kern.vty="sc". There isn't any indication on what the error actually is. I am trying to run this on a Sophos XG230 rev.1. I also was able to disable the port 60/40 emulation as well. I tried recreating the USB using etcher. Still no dice.

CLEsports

@nickburns Might be different as I have an XG310, but I didn't have to do the set.kern.vty or the 60/40 emulation. Are you doing the install via the COM/Console port or plugging in a keyboard and using the VGA port on the back?

Using only the COM port on the front has worked for me, USB install from Etcher using pfSense-CE-memstick-serial-2.5.2 image

NickBurns

@clesports I am doing the update via the COM port. I tried to boot from the serial image and it was just a bunch of gibberish on the screen. Then when I did the VGA I actually got the pfsense install screen. Is that normal? First time installing pfsense for me.