This is not a supported configuration by Sophos 😉
I thought I discovered the issue in that the permitted network (Local Subnet) via the tunnel was set as only a single host IP, 192.168.2.0. I adjusted this under IP Host from single host to subnet address, changed the firewall rule to allow access to the local subnet 192.168.2.0/24 and permitted access to the subnet under SSL VPN network resources, but it still will not allow me to access the LAN. Mar 11, 2020 This article lists the Sophos SG appliances that are eligible for an upgrade to Sophos XG Firewall. Select the relevant tab to check if your appliance is eligible for an upgrade If your current appliance does not support an upgrade, click XG Series to learn more about the latest appliances. Sophos Central is the unified console for managing all your Sophos products. Sign into your account, take a tour, or start a trial from here.
Normally when you get an old hardware Appliance, ex. UTM 220, 320 etc, you cannot use this in your home environment (With your free home license), without paying for a hardware license.
This can be “solved”, by making the hardware installation think, it’s going software 🙂
The steps are listed here:
- Take a backup of your running UTM configuration in WebAdmin, if you have such running at the moment.
- Download the hardware image for appliances, theese starts with “SSI” in the file name. (Google “Download Sophos UTM”)
- Burn this to a CD-rom or to USB following this link. (This will format the harddrive of the appliance, so logs and stats are lost!)
- Install the hardware appliance as you would do normally.
- After installation, you now have a complete clean Sophos UTM 9 installation.
- Connect a VGA screen and a USB keyboard to the appliance.
- At the login prompt: login as root – it will tell you to change password, just do that (Old password is <blank>).
- When you’re logged in, do this:
“vi /etc/asg”
delete the “ASG_ID….”-entry in the file and save and close - Reboot
Now the UTM will boot running software license, and you can use your home license with it 🙂
This workaround will not swap interface names, and if you have one of the bigger models, 220 and beyond, with LCD, then will this just work as it did with hardware config – software installations do not have support for the LCD driver – but this way it works.
Happy UTM’ing 😉
Sg230 Sophos
Update: 15/11-2016
When replacing a harddrive with ex. a SSD or other drive, the hardware installer will not install, due to hardware replacement (It looks for specific harddrives with special firmware!), then you cannot use the installer above, you will then have to go with the SOFTWARE ISO instead of the HARDWARE ISO. Install will proceed as normal, but after install, the LCD display will no longer work, cause it’s now a “software” install and not hardware appliance install.
There have been written a lot here about a fix:
WiFi Explorer Pro 3 is a Wi-Fi scanner and analyzer for Mac built to assist WLAN and IT professionals in the design, validation and troubleshooting of wireless networks. Latest Version: 3.0.2 Licence: $19.99 What does WiFi Explorer do? Discover, monitor, and troubleshoot wireless networks with WiFi Explorer. Quickly identify channel conflicts, signal overlapping or configuration problems that may be affecting the connectivity and performance of your home, office or enterprise wireless network. WiFi Explorer Pro 3.0.4 macOS. WiFi Explorer Pro takes the code base of WiFi Explorer, and adds a set of features that makes it the right tool for WLAN and IT professionals.
But the link above does only make the display work with one view “Sophos UTM %version% and uptime”, this is due to the missing /etc/lcd.data file, because this file is only generated on appliances (hardware install).
The main reason it does not work, is that the /etc/asg file is now missing, because this file tells the installer that it is running on an appliance, you cannot copy this from another appliance solely, because you need to modify it (Ex. remove ASG_id and ASG_Serial lines):
Do a “vi /etc/asg”
It creates a new file and then insert:
Sophos Sg230 Specs
Ex. for SG 210
ASG_VERSION=”210″
LCD4LINUX_HW=”LCD-SERIAL300″
ASG_SUBTYPE=”r1″
Ex. for UTM 220 Navicat for sqlite.
ASG_VERSION=”220″
LCD4LINUX_HW=”LCM-162″
ASG_SUBTYPE=”r5″
As you see UTM and SG’s have different LCD controller.
Sophos Sg 230 License
Pole positionunblocked evrything. Now reboot and watch the display cycle through the widgets, you can also see if /etc/lcd.data is being populated 🙂