pfSense on Sophos XG85 and XG106

kwangmien

Hi ,

I have installed pfSense version 2.7.2 on the Sophos XG85 and XG106 appliance. After installation, out of the 4 ports , only 2 ports were activated, i.e. WAN and LAN. The other 2 ports are not in use.

Does anyone know how I can activate the other 2 ports in pfSense on Sophos XG85 and XG106 ?

Thanks

Regards
Kwang Mien

elvisimprsntr

@kwangmien

Did you configure those as OPT1 and OPT2 during setup?

If not you should be able to do it via Interface Assignments in the GUI or Option 1 at the CLI.

Screenshot 2024-09-15 at 2.12.07 AM.png

kwangmien

@elvisimprsntr Thanks for the info.

I have enabled the interfaces OPT1 and OPT2 in the GUI.

Can i check for the wireless version of Sophos Firewall such as XG85W , the WIFI interface can be enabled from the GUI as well ?

Regards
Kwang Mien

elvisimprsntr

@kwangmien

pfSense is based on FreeBSD, which does not provide very good support for modern wireless standards.

You can navigate to Interfaces, Wireless, Add. If you don't see a wireless interface avaiable, then you are likely out of luck.

You are much better off with an external enterprise class access point.

stephenw10

Yup a real Access Point is much better in almost every way. But that is old enough it might be supported.

If it doesn't appear in Interfaces > Wireless check the boot log.

kwangmien

Hi All,

I installed pfSense on Sophos XG86W and when accessing the Interface->Wireless, there is no wireless interface. When I add, it shows no available Parent Interface.

Does this shows that the wireless interface for Sophos XG86W is not supported in FreeBSD ?

Thanks

Regards
Kwang Mien

stephenw10

@stephenw10 said in pfSense on Sophos XG85 and XG106:

If it doesn't appear in Interfaces > Wireless check the boot log.

That^

Or look at the output of pciconf -lv

kwangmien

@stephenw10 said in pfSense on Sophos XG85 and XG106:

pciconf -lv

Hi ,

A) I use pciconf -lv and found that the Wireless interface on Sophos XG86W is Wireless-N.
Can pfSense support Wireless-N interface ?

none3@pci0:1:0:0:       class=0x028000 rev=0x00 hdr=0x00 vendor=0x168c device=0x003c subvendor=0x0000 subdevice=0x0000
    vendor     = 'Qualcomm Atheros'
    device     = 'QCA986x/988x 802.11ac Wireless Network Adapter'
    class      = network

B) Below is the boot log. Can you advise how can I check if the wireless interface is detected ? Thanks

Copyright (c) 1992-2023 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 14.0-CURRENT amd64 1400094 #1 RELENG_2_7_2-n255948-8d2b56da39c: Wed Dec  6 20:45:47 UTC 2023
    root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/obj/amd64/StdASW5b/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/FreeBSD-src-RELENG_2_7_2/amd64.amd64/sys/pfSense amd64
FreeBSD clang version 16.0.6 (https://github.com/llvm/llvm-project.git llvmorg-16.0.6-0-g7cbf1a259152)
VT(vga): resolution 640x480
CPU: Intel(R) Atom(TM) Processor E3930 @ 1.30GHz (1286.40-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x506ca  Family=0x6  Model=0x5c  Stepping=10
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x4ff8ebb7<SSE3,PCLMULQDQ,DTES64,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,RDRAND>
  AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
  AMD Features2=0x101<LAHF,Prefetch>
  Structured Extended Features=0x2294e283<FSGSBASE,TSCADJ,SMEP,ERMS,NFPUSG,MPX,PQE,RDSEED,SMAP,CLFLUSHOPT,PROCTRACE,SHA>
  Structured Extended Features3=0xac000400<MD_CLEAR,IBPB,STIBP,ARCH_CAP,SSBD>
  XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
  IA32_ARCH_CAPS=0x69<RDCL_NO,SKIP_L1DFL_VME,MDS_NO>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
  TSC: P-state invariant, performance statistics
real memory  = 4294967296 (4096 MB)
avail memory = 3887525888 (3707 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <INTEL  EDK2    >
WARNING: L1 data cache covers fewer APIC IDs than a core (0 < 1)
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-119
Launching APs: 1
TCP_ratelimit: Is now initialized
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff807475a0, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff80747650, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff80747700, 0) error 1
iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff80765180, 0) error 1
iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff80765230, 0) error 1
iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff807652e0, 0) error 1
random: entropy device external interface
kbd1 at kbdmux0
WARNING: Device "spkr" is Giant locked and may be deleted before FreeBSD 14.0.
netgate0: <unknown hardware>
smbios0: <System Management BIOS> at iomem 0xf05e0-0xf05fe
smbios0: Version: 3.0, BCD Revision: 3.0
acpi0: <ALASKA A M I >
acpi0: Power Button (fixed)
unknown: I/O range not supported
cpu0: <ACPI CPU> on acpi0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
atrtc0: <AT realtime clock> port 0x70-0x77 irq 8 on acpi0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 19200000 Hz quality 950
Event timer "HPET" frequency 19200000 Hz quality 550
Event timer "HPET1" frequency 19200000 Hz quality 440
Event timer "HPET2" frequency 19200000 Hz quality 440
Event timer "HPET3" frequency 19200000 Hz quality 440
Event timer "HPET4" frequency 19200000 Hz quality 440
Event timer "HPET5" frequency 19200000 Hz quality 440
Event timer "HPET6" frequency 19200000 Hz quality 440
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0xf000-0xf03f mem 0x90000000-0x90ffffff,0x80000000-0x8fffffff irq 19 at device 2.0 on pci0
vgapci0: Boot video device
pci0: <simple comms> at device 15.0 (no driver attached)
pci0: <simple comms> at device 15.1 (no driver attached)
pci0: <simple comms> at device 15.2 (no driver attached)
ahci0: <Intel Apollo Lake AHCI SATA controller> port 0xf090-0xf097,0xf080-0xf083,0xf040-0xf05f mem 0x91710000-0x91711fff,0x91716000-0x917160ff,0x91715000-0x917157ff irq 19 at device 18.0 on pci0
ahci0: AHCI v1.31 with 2 6Gbps ports, Port Multiplier supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
pcib1: <ACPI PCI-PCI bridge> irq 22 at device 19.0 on pci0
pci1: <ACPI PCI bus> on pcib1
re0: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0xe000-0xe0ff mem 0x91600000-0x91600fff,0x91b00000-0x91b03fff irq 22 at device 0.0 on pci1
re0: Using 1 MSI-X message
re0: turning off MSI enable bit.
re0: Chip rev. 0x4c000000
re0: MAC rev. 0x00000000
miibus0: <MII bus> on re0
rgephy0: <RTL8251/8153 1000BASE-T media interface> PHY 1 on miibus0
rgephy0:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re0: Using defaults for TSO: 65518/35/2048
re0: Ethernet address: 7c:5a:1c:d6:4b:b4
re0: netmap queues/slots: TX 1/256, RX 1/256
pcib2: <ACPI PCI-PCI bridge> irq 23 at device 19.1 on pci0
pci2: <ACPI PCI bus> on pcib2
re1: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0xd000-0xd0ff mem 0x91500000-0x91500fff,0x91a00000-0x91a03fff irq 23 at device 0.0 on pci2
re1: Using 1 MSI-X message
re1: turning off MSI enable bit.
re1: Chip rev. 0x4c000000
re1: MAC rev. 0x00000000
miibus1: <MII bus> on re1
rgephy1: <RTL8251/8153 1000BASE-T media interface> PHY 1 on miibus1
rgephy1:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re1: Using defaults for TSO: 65518/35/2048
re1: Ethernet address: 7c:5a:1c:d6:4b:b5
re1: netmap queues/slots: TX 1/256, RX 1/256
pcib3: <ACPI PCI-PCI bridge> irq 20 at device 19.2 on pci0
pci3: <ACPI PCI bus> on pcib3
re2: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0xc000-0xc0ff mem 0x91400000-0x91400fff,0x91900000-0x91903fff irq 20 at device 0.0 on pci3
re2: Using 1 MSI-X message
re2: turning off MSI enable bit.
re2: Chip rev. 0x4c000000
re2: MAC rev. 0x00000000
miibus2: <MII bus> on re2
rgephy2: <RTL8251/8153 1000BASE-T media interface> PHY 1 on miibus2
rgephy2:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re2: Using defaults for TSO: 65518/35/2048
re2: Ethernet address: 7c:5a:1c:d6:4b:b6
re2: netmap queues/slots: TX 1/256, RX 1/256
pcib4: <ACPI PCI-PCI bridge> irq 21 at device 19.3 on pci0
pci4: <ACPI PCI bus> on pcib4
re3: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0xb000-0xb0ff mem 0x91300000-0x91300fff,0x91800000-0x91803fff irq 21 at device 0.0 on pci4
re3: Using 1 MSI-X message
re3: turning off MSI enable bit.
re3: Chip rev. 0x4c000000
re3: MAC rev. 0x00000000
miibus3: <MII bus> on re3
rgephy3: <RTL8251/8153 1000BASE-T media interface> PHY 1 on miibus3
rgephy3:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re3: Using defaults for TSO: 65518/35/2048
re3: Ethernet address: 7c:5a:1c:d6:4b:b7
re3: netmap queues/slots: TX 1/256, RX 1/256
pcib5: <ACPI PCI-PCI bridge> irq 22 at device 20.0 on pci0
pci5: <ACPI PCI bus> on pcib5
pci5: <network> at device 0.0 (no driver attached)
xhci0: <Intel Apollo Lake USB 3.0 controller> mem 0x91700000-0x9170ffff irq 17 at device 21.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
sdhci_pci0: <Intel Apollo Lake eMMC 5.0 Controller> mem 0x91718000-0x91718fff,0x91717000-0x91717fff irq 39 at device 28.0 on pci0
sdhci_pci0: 1 slot(s) allocated
mmc0: <MMC/SD bus> on sdhci_pci0
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
acpi_button0: <Power Button> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
ppc1: <Parallel port> port 0x378-0x37f irq 5 on acpi0
ppc1: Generic chipset (NIBBLE-only) in COMPATIBLE mode
ppbus0: <Parallel port bus> on ppc1
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
ns8250: UART FCR is broken
ns8250: UART FCR is broken
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
ns8250: UART FCR is broken
uart0: console (38400,n,8,1)
ns8250: UART FCR is broken
ns8250: UART FCR is broken
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff pnpid PNP0900 on isa0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
Timecounter "TSC" frequency 1286399832 Hz quality 1000
Timecounters tick every 1.000 msec
ZFS filesystem version: 5
ZFS storage pool version: features support (5000)
ugen0.1: <Intel XHCI root HUB> at usbus0
uhub0 on usbus0
uhub0: <Intel XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
mmcsd0: 16GB <MMCHC DG4016 0.1 SN C5525510 MFG 11/2019 by 69 0x0000> at mmc0 200.0MHz/8bit/8192-block
mmcsd0boot0: 4MB partition 1 at mmcsd0
mmcsd0boot1: 4MB partition 2 at mmcsd0
mmcsd0rpmb: 4MB partition 3 at mmcsd0
Trying to mount root from zfs:pfSense/ROOT/default []...
uhub0: 15 ports with 15 removable, self powered
CPU: Intel(R) Atom(TM) Processor E3930 @ 1.30GHz (1286.40-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x506ca  Family=0x6  Model=0x5c  Stepping=10
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x4ff8ebb7<SSE3,PCLMULQDQ,DTES64,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,RDRAND>
  AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
  AMD Features2=0x101<LAHF,Prefetch>
  Structured Extended Features=0x2294e283<FSGSBASE,TSCADJ,SMEP,ERMS,NFPUSG,MPX,PQE,RDSEED,SMAP,CLFLUSHOPT,PROCTRACE,SHA>
  Structured Extended Features3=0xac000400<MD_CLEAR,IBPB,STIBP,ARCH_CAP,SSBD>
  XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
  IA32_ARCH_CAPS=0xc69<RDCL_NO,SKIP_L1DFL_VME,MDS_NO>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
  TSC: P-state invariant, performance statistics

stephenw10

@kwangmien said in pfSense on Sophos XG85 and XG106:

vendor=0x168c device=0x003c

That's a .11ac device. It might one day be supported by the athp driver but that is not yet in FreeBSD:
https://github.com/erikarn/athp/blob/master/otus/freebsd/src/sys/dev/athp/if_athp_pci.c#L132

It's not supported by pfSense in any version.

stephenw10

If you really want a wifi device in there you can probably swap it out for an older .11n device like:

ath0@pci0:17:0:0:	class=0x028000 rev=0x01 hdr=0x00 vendor=0x168c device=0x0030 subvendor=0x168c subdevice=0x3112
    vendor     = 'Qualcomm Atheros'
    device     = 'AR93xx Wireless Network Adapter'
    class      = network

kwangmien

@stephenw10

swap out the device means to replace the physical Wifi interface in the Sophos XG85W with a .11n device ?

stephenw10

Yup

kwangmien

@stephenw10

ok. Thanks for the info.

stephenw10

No worries.

But using a real access point is still better. In almost every way!

Vessel7430

@stephenw10 you can use any consumer grade wifi routers (configured as bridge) and it should work fine, and you can use real access points like UniFi or Meraki to get wider coverage. Tying the single wifi at the pfsense works only if your pfsense is located at the center of the location for reasonable coverage.

---

pfsense 2.7.2 on proxmox virtualized Sophos SG230, Intel(R) Xeon(R) CPU E3-1225 v3 @ 3.20GHz 2Gb RAM, 6x GbE | Tailscale | pfblocker | Unifi AP AC Lite x 2 |

stephenw10

Yup, that's one of the many advantages a real AP offers over using WiFi hardware in pfSense directly.