Hi all,
Time for a quick post π
If you have an old Sophos SG appliance laying around, don’t throw it out, it runs the free PFSense Community Edition just fine π
For VGA install:
Attach a HDMI Monitor and a USB keyboard to the device.
Download installer here:
Download pfSense Community Edition
Use RUFUS to create a bootable USB stick and choose the downloaded PFSense Image.
Boot the appliance from the USB stick.
Choose the standard settings in the installer, and choose the disk to install PFSense to.
After reboot, set up the intial settings (All PFSense releated and not covered here)
Now to get the LCD working for the 1U rack mount SG devices π
Install the LCDPROC package in PFSense package manager, and setup like this:
To add a little extra “hello” and “goodbye” messages, for fun, edit the file:
/usr/local/etc/LCDd.conf
[server]
DriverPath=/usr/local/lib/lcdproc/
Driver=hd44780
Bind=127.0.0.1
Port=13666
ReportLevel=3
ReportToSyslog=yes
User=nobody
Foreground=no
ServerScreen=no
Hello=” IKT-PEOPLE APS”
Hello=”+45 70 40 50 28″
GoodBye=”Firewall”
GoodBye=”shutting down…”
WaitTime=5
TitleSpeed=5
ToggleRotateKey=Enter
PrevScreenKey=Left
NextScreenKey=Right
ScrollUpKey=Up
Restart service “service LCDd onerestart”
Result:
This is a tiny bit (but only a tiny bit) overoptimistic. Sophos devices generally work very well with pfSense, but there are exceptions.
Specifically, every SG 105 I’ve tried gets stuck when it boots pfSense from USB. Pretty early, too; it can’t load a specific kernel module (I forget which, since it’s been a while). As far as I can tell, this has something to do with the fact that SG 105 (at least up to Revision 2, inclusive), despite having a 64-bit processor, has a 32-bit BIOS, which is no longer supported on pfSense. So pfSense just can’t deal with it and hangs on boot. Incidentally, OPNsense has an identical issue, which leads me to believe that this goes all the way down to FreeBSD…
This said, both OpenWrt and IPFire install and run on SG 105 with zero issues.
Thanks for the info π
I have only tried with SG2xx and up, they worked perfect π
Best regards
Martin
Meanwhile, I am happy to report that I just installed pfSense on two SG 125 rev 2 units and have experienced no problems. So SG 125 definitely works with pfSense (at least in revision 2), and the only question mark I have now is SG 115…
Thanks for sharing – great job π
Best regards
Martin
Nick and Martin,
I was able to install pfSense on a SG 115 just the other day thanks to the forum post linked below.
Here are the instructions I followed (from user pfme):
In BIOS Settings:
Advanced menu > USB Configuration > Disable “Port 60/40 emulation”
Reboot, at the PFSense menu, select option 3 and type:
set kern.vty=”sc” press Enter
boot press Enter
After install, add to the loader.conf file:
In shell mode type vi /boot/loader.conf then Enter
Add kern.vty=”sc” to the last line
Type :wq then Enter
Type reboot then Enter
Hope this helps!
https://forum.netgate.com/topic/133355/installing-pfsense-on-sophos-xg-105-rev-2/
Thanks for getting back on this og sharing the fix π
Best regards
Martin
Matt,
Thank you for sharing this solution! I just tested it on a Sophos SG 105 Rev 2, and it worked without a hitch.
Hi all, what Harddisk driver does this use?
Assuming you mean drive rather than driver, it depends.
Depending on the model and revision, a desktop Sophos SG or XG device can have any of the following:
β 8 GB eMMC module
β 16 GB eMMC module
β 320 GB SATA hard drive
β 64 GB SATA SSD
β 64 GB mSATA SSD
Rack-mountable devices have SATA mounts and can use either hard drives or SSDs (again, depending on the model and revision)
Guten morgen,
ich habe PFSense (pfSense-CE-2.7.0-RELEASE-amd64.iso) auf einem Sophos SG201 v2 und einem Sophos SG201 v3 installiert.
Mit LCDproc habe ich das Display unter PFSense auf dem SG201 v2 zum laufen gebracht, aber nicht
auf dem SG201 v3.
Ich habe mehrere Tage nach LΓΆsungen gesucht, aber nichts gefunden.
Hat einer von euch das Display mit LCDproc auf dem SG201 v3 zum laufen gebracht?
Oder geht das grundsΓ€tzlich nicht auf der v3?
Vielen lieben dank schon mal im Vorraus π
Liebe GrΓΌΓe
Steffen
Hi,
I will respond in english – I understand your german very well, but not that good in writing π
Have your tried mixing the drivers and port? That’s what I did, it took 2 hours, but then it finally worked π
Best regards
Martin
Hello, sorry that I’m just getting in touch. In what combination do you have the mixture?
Hi, sorry for the delay, just had a SG310 setup today, it works fine with the above settings. have you checked that you are using the “alternate” com port 2?
Hello,
I have a sophos SG-210 Ver 2.0 and would like to get the LCDProc working. Pfsense CE 2.7.0-Release. I have tried the following settings:
COM port = Serial COM port 2(/dev/cua1)
Driver = HD44780 and compatible
Connection Type = Portwell EZIO-100 and EZIO-300
Port Speed = Default
Screen stays backlight and says “SOPHOS Protection”
Any Help would be great!
Hi, You need to use the “alerternate” com port 2 π
Hallo,
Was meinen Sie damit, die Ports zu bisschen?
Hi, I have LCDProc working well on sophos SG-210 Ver 2.0 and would like the backlight of the LCD to turn off and only come on when any of the input buttons are pressed. Not sure if this is possible though?
Thanks
HI,
No I think the LED is permanemt mounted on the PCB π
Best regards Martin
Certainly like the Sophos XG units for running pfsense. I’ve run XG Home and Opnsense on them, but back at pfsense.
Currently have XG 125 Rev3 and XG 230 Rev 2, the XG 125 is in use with pfsense plus as it has QAT on the chip. Not how much that makes a difference Vs the Skylake CPU based XG230.
I know this is an older post but I’m hoping you can answer this. I bought a UTM 320 rev. 5 for a song and want to see if I can install PFSense on it using the same methods as you laid out in this tutorial. I’ve had zero luck trying to install a sophos home license on it, probably my own stupidity, and don’t want to use the UTM home license because it limits the IP’s to 50 from my understanding… any who, thanks for any light you can shed.
Hi,
Have not tried SFOS on UTM, but I think it can be done, if you are installing the free Sophos Firewall home license. You get a ISO file and serial number by mail. Connect a screen and keyboard to the UTM, and give it a shot π
Br. Martin
You absolutely can install pfSense on UTM 320. It’s completely straightforward. The only trick is getting the LCD screen to work, but fear not, here are the LCDproc settings you need:
Com port: Parallel port (/dev/lpt0)
Display size: 2 rows 16 columns
Driver: Watchguard Firebox with SDEC
Port speed: Default
Thanks for this π
Br. Martin
I ended up figuring out how to install the Sophos Home to it and Bingo Bango was in business! still fighting the LCD but hey, everything else is choice and it is cloud managed as well!
Thanks for the info guys!
How got is the AV scanning with pfsense compared to utm9 software. I mainly used mine as mail filter
UTM9 was way better in my opinion, but using the scanner anymore, thus got external in Microsoft 365 π
Best regards
MArtin
I dont think as homeuser you can use o365 for that I got O365 family with office and 6x 1TB onedrive but not mail thats still running here (onpremise)
Ah! – HomeUSer, not you need to use som other scanner π
Best regards
Martin