Phil Pang

Sophos XG 18 Home install on Hyper-V (WS 2019 Std)

For whatever reason, there’s a lot of older info about installing <v17 but not v18. My configuration is Windows Server 2019 Standard running on a HPE DL380p Gen9. WS2019 serves DNS and DHCP on my network.

Below that are instructions on how to connect to the initial install at – that’s where most of us n00b/hobbyist/home users get hung up at.

TL;DR: Sophos expects you to connect to on the WAN (Port B) side of the appliance.

Virtual Machine Installation

  1. It’s difficult to find the pre-built VM images, so I looked through the Sophos XG Release Notes blog until I found the latest entry for XG 18. As of this writing, it was 18 MR-1 build 396. Scroll down to the list of ISOs and VM images. Download the Hyper-V zip file.
  2. Extract the downloaded zip into your Hyper-V Virtual Hard Disks folder. There should be two files, PRIMARY-DISK.vhd and AUXILLARY-DISK.vhd. Rename or leave the filenames as you see fit. I renamed mine to Sophos XG Primary.vhd and Sophos XG Auxillary.vhd.
  3. In Hyper-V Manager, create a new virtual machine.
    – Generation 1. Next.
    – 4096MB RAM minimum. Next.
    – Define network adapter connection to your internal LAN (this will be Port A in Sophos XG). Next.
    – Select Use Existing Virtual Hard Disk, click Browse and select the PRIMARY-DISK.vhd. Click Next. Finish.
  4. Back in the main Hyper-V Manager window, go into settings for the Sophos VM.
    • – Add the AUXILLARY-DISK.vhd to the VM by adding a new hard disk controller with Add Hardware, or add Hard Drive on the existing controller. Mine is on IDE Controller 0. If both .vhd files are on the same physical drive or controller, there’s no performance gain or impact from using separate virtual controllers.
      Auxillary Hard Disk Settings
    • Add a second Network Adapter in Add Hardware. Select connection to your internal LAN. This will be WAN (Port B) in Sophos XG. (You should now have two NICs both on internal LAN.)
      2x LAN
  5. Start and Connect to the console of your Sophos VM.
  6. Default password is admin, and read and accept the license agreement.
  7. Don’t change any other settings in the CLI.

Initial Configuration

This is the part where you may, including myself, got hung up on. Sophos simply tells you to go to What they don’t tell you is that it expects you to connect on the WAN side (Port B) of VM.

  1. Spin up/install/power on/connect to a virtual or physical computer connected to the Hyper-V LAN switch. Platform and flavour doesn’t matter long as it has a modern browser, you’re good.
  2. Change the IP address of the NIC to static or anything except .16.
  3. You should be able to ping and connect to at this point. Hopefully you’re greeted by a screen like this:
  4. Complete the initial Sophos XG configuration. Sophos will take several minutes to configure and will reboot at the end.
  5. Back in Hyper-V Manager>Sophos XG VM>Settings, change the second Network Adapter to your Hyper-V switch that’s connected to the WAN.
    LAN and WAN NICs
  6. Revert the IP settings of the computer you used to do the initial config so you’ll have internet connectivity soon again.
  7. After the Sophos VM reboots and a few minutes of bootup time, connect to it with your internal LAN IP and password that you specified during initial configuration. Remember to add the :4444 port to connect to the admin portal.
  8. Continue with regular configuration of your cable modem or PPPoE settings in Configure>Network>Port B.
  9. You can also now add additional Network Adapters in Hyper-V settings for more connectivity, failover, etc. Note: Hyper-V doesn’t do USB passthrough so your cellular backup method is limited to devices with ethernet connectivity like a Cradlepoint router.

Leave a Reply

Your email address will not be published. Required fields are marked *