![]() ![]() This is a simple and straightforward tool for Windows users. So here is a brief and, we trust, unpushy list of four free tools you can find on our website. It’s well-meant advice, but it begs the questions, “How? What tools and techniques would you recommend? Where do I start?” Of course, that’s a bit like saying to a student with a examination coming up, “Don’t forget to do your revision!” The first task we ask you to do, especially if you act as unofficial home IT support for friends and family, is to get serious about keeping malware out. You may have seen our popular article entitled DO THESE 3, where we give you three ways to boost the safety and security of your on-line life. Nevertheless, we’d like to offer you some free Sophos stuff. We have the domain name nakedsecurity.sophos.com, and our corporate logo appears on every page, where we say, “Award-winning news, opinion, advice and research from SOPHOS.” The brand we represent is pretty obvious, after all. (Yes you can start multiple, because each can get their own IP, serial number and license).Regular readers of Naked Security will know that we aren’t terribly prone to commercialism. Then you can access your new XG via the new IP address. When you create an instance from the snapshot it will have a new dynamic IP address, which is different and you will need to set this in the console interface, which works perfectly for setting the default gateway after setup (Sophos, why not during setup?). I did not register or install licenses or even started a trial and only updated the XG after setup and then I made a snapshot of the XG, because I wanted to release the reserved IP address, as it costs extra unnecessarily.IMPORTANT: make sure you give yourself access to the admin interface from the WAN link otherwise you are locking yourself out and you can start again.You will get the normal XG web interface and you can then make the adjustments in your network settings to get internet access on your XG and register and update etc. Once setup is complete go back into the web interface and login with your new password.put your email addresses in the next step (can be changed later).Continue without ticks on network protection (can be changed later).Otherwise you will loose access to the instance and have to start from scratch. ![]() The next step is critical to get right put only the IP address and the subnet mask exactly like in the command interface in the “LAN Address and Internal Client Network Size” fields.Give your machine a name and select your timezone (although you can also change that later).select “Continue offline” and confirm you want to continue.In the Sophos web interface setup enter new password, disable install new firmware and agree to license.I used a Linux instance, which I ssh’d into and made a tunnel to the XG web interface but there is no reason (other than cost) why you could not use a Windows instance to access the same web interface from there. Start another instance of choice with the other reserved IP address in the same subnet.Then the web interface becomes visible to this network subnet only. Login and set the port 1 IP address to the IP address you have allocated above.This will reboot the instance and setup will continue. Go through the off ISO setup process for Sophos XG.Start an instance to install from that ISO and assign one of those 2 reserved IP addresses.Shutdown the 2 instances whose IP addresses you have taken.“Converted” those 2 IP addresses to “reserved IP addresses” – this way you keep them to assign them to the 2 instances you need for this setup process.Shutdown the other 8 servers as soon as possible, as they cost money.Started 10 (yes ten) servers of the cheapest kind in the hope to get 2 IP addresses in the same subnet, which I did.Console access to the running instances, which is provided freely by Vultr.2 IP addresses in the same subnet (necessary because the XG will only see IPs in the same subnet).2 instances (1 for the XG and another – Linux or Windows – to initially manage the XG).So these problems require certain things from Vultr: Changing network settings in web admin during initialisation causes loss of access (in this setup case).Pre initialisation command line does not allow setting static IP of all interfaces (only on interface 1).Pre initialisation command line does not allow setting default gateway of any interfaces.Sophos UTM (the predecessor) used to be easy to install, but with XG Firewall Sophos have gone back to inflexibility with some basics, that, in my opinion, are unnecessary (SOPHOS, these are things you should fix): There are some tricks required to overcome Sophos’ install idiosyncrasies when trying to install Sophos XG firewall from ISO on a Vultr virtual server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |