Looking for users with specific Sophos x86-based routers!

We're working on improving support (detection, LEDs for WiFi, port naming/ordering) of Sophos x86-based routers in OpenWrt and between me and @NC1 we don't have a few models. Some of them should be hardware-compatible to what we have, but I'd like to confirm a few details.

If you have access to the following Sophos products and either run OpenWrt on it or can temporarily boot an OpenWrt image from a flash-drive on it, please let me know. These are the models of interest:

  1. SG/XG-125/135 revision 1 only. These are the 8-port models, the product names would be sophos-sg-125r1, sophos-xg-125r1, sophos-sg-135r1, sophos-xg-135r1.
  2. Any revision Sophos x85/x86 models.
  3. Any revision Sophos XG-106/116 models.

Please let me know if you have any of those and either are running OpenWrt or can boot OpenWrt from flash-drive on them.

Thanks!

I have an XG 86w running OpenWrt, what exactly are you looking for?

1 Like

Thanks for your reply. For that model, I need:

  1. Specific model ID/revision. Is it sophos-xg-86w or something like sophos-xg-86wr1, etc?
  2. Since it's an XG, are the ports marked on the case as LAN/1, WAN/2, DMZ/3 and just 4?
  3. Does OpenWrt enumerate eth ports correctly? If not, what are the inconsistencies?
  4. Can you post the device paths? Please post the output of:
find /sys/devices -type d -name eth0
find /sys/devices -type d -name eth1
find /sys/devices -type d -name eth2
find /sys/devices -type d -name eth3
find /sys/devices -type d -name eth4

Thanks!

PS. Does it have ath9k or ath10k radio?

As far as I am aware there were no revisions of the XG86(w) and Sophos directly went to the XGS 87 next.

Correct.

Yes, that aspect is already taken care of.

/sys/devices/pci0000:00/0000:00:13.0/0000:02:00.0/net/eth0
/sys/devices/pci0000:00/0000:00:13.1/0000:03:00.0/net/eth1
/sys/devices/pci0000:00/0000:00:13.2/0000:04:00.0/net/eth2
/sys/devices/pci0000:00/0000:00:13.3/0000:05:00.0/net/eth3

You wouldn't happen to know how to address the power LED on the case (the wifi LED is attached to the wifi card, but I couldn't get the power LED to react to anything).

QCA9882 chipset, ath10k with qca988x drivers

I don't think the preinit correctly sets the board_name for ubus call system board for this model, doesn't it? If it already does, what's the output of ubus call system board?

If not, what's the output of:

for file in sys_vendor board_vendor product_name board_name product_version; do
cat /sys/devices/virtual/dmi/id/$file
done
{
        "kernel": "5.10.138",
        "hostname": "Oram",
        "system": "Intel(R) Atom(TM) Processor E3930 @ 1.30GHz",
        "model": "Sophos XG-86Wr1",
        "board_name": "sophos-xg-86wr1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.0",
                "revision": "r19685-512e76967f",
                "target": "x86/64",
                "description": "OpenWrt 22.03.0 r19685-512e76967f"
        }
}

(As you can see I'm running an early version of 22.03). The model string is technically not completely incorrect (again, the device specific commit is responsible), but the aesthetics rubbed me the rwong way and I'm doing

 echo "Sophos XG 86w" > /tmp/sysinfo/model

in rc.local. That's why I had to reboot to get the actual info.

Sophos
Sophos
XG
XG
86Wr1
1 Like

P.S.: How far are you taking this X86 firewall appliances specific thing? I have a few devices that are a bit more exotic than the Sophos devices. (Currently struggling with bringing up a member of the Saxa SS5000 series -- Japan has really funky X86-based "UTM" devices let me tell you.)

1 Like

There's only so much I can do. My goal is to properly identify all of Sophos models, properly assign LEDs and properly enumerate/label ports. It all started with @Hurricos commit for Cisco MX100 showing the way and my desire to fix the incorrect order/labeling of ports on 8-port revision 3 model I have.

I have the following Sophos models that I could boot OpenWrt flash drive on:

  • SG 105 Rev 1
  • SG 105w Rev 2
  • SG 115 Rev 2
  • SG 125 Rev 2
  • SG 135w Rev 2
  • UTM110/120 Rev 5
  • XG 105 Rev 2
  • XG 105 Rev 3
  • XG 106 Rev 1
  • XG 115 Rev 3
  • XG 85W Rev 1
  • XG 86 Rev 1
2 Likes

For the XG-85 and XG-106, could you please post the output of:

find /sys/devices -type d -name eth0
find /sys/devices -type d -name eth1
find /sys/devices -type d -name eth2
find /sys/devices -type d -name eth3
find /sys/devices -type d -name eth4

for file in sys_vendor board_vendor product_name board_name product_version; do
cat /sys/devices/virtual/dmi/id/$file
done

Results for XG 85w:

root@Sophos-XG85W:/# find /sys/devices -type d -name eth0
/sys/devices/pci0000:00/0000:00:1c.0/0000:01:00.0/net/eth0
root@Sophos-XG85W:/# find /sys/devices -type d -name eth1
/sys/devices/pci0000:00/0000:00:1c.1/0000:02:00.0/net/eth1
root@Sophos-XG85W:/# find /sys/devices -type d -name eth2
/sys/devices/pci0000:00/0000:00:1c.2/0000:03:00.0/net/eth2
root@Sophos-XG85W:/# find /sys/devices -type d -name eth3
/sys/devices/pci0000:00/0000:00:1c.3/0000:04:00.0/0000:05:01.0/0000:06:00.0/net/eth3
root@Sophos-XG85W:/# find /sys/devices -type d -name eth4
root@Sophos-XG85W:/# for file in sys_vendor board_vendor product_name board_name
 product_version; do
> cat /sys/devices/virtual/dmi/id/$file
> done
Sophos
AMI Corporation
XG
Aptio CRB
85Wr1
root@Sophos-XG85W:/# 

Results for XG 106:

root@OpenWrt:/# find /sys/devices -type d -name eth0
/sys/devices/pci0000:00/0000:00:13.0/0000:01:00.0/net/eth0
root@OpenWrt:/# find /sys/devices -type d -name eth1
/sys/devices/pci0000:00/0000:00:13.1/0000:02:00.0/net/eth1
root@OpenWrt:/# find /sys/devices -type d -name eth2
/sys/devices/pci0000:00/0000:00:13.2/0000:03:00.0/net/eth2
root@OpenWrt:/# find /sys/devices -type d -name eth3
/sys/devices/pci0000:00/0000:00:13.3/0000:04:00.0/net/eth3
root@OpenWrt:/# find /sys/devices -type d -name eth4
root@OpenWrt:/#
root@OpenWrt:/# for file in sys_vendor board_vendor product_name board_name prod
uct_version; do
> cat /sys/devices/virtual/dmi/id/$file
> done
Sophos
Default string
XG
Default string
106r1
root@OpenWrt:/#
1 Like

hI.
Model
Sophos XG-85r1
Architecture
Intel(R) Atom(TM) CPU E3805 @ 1.33GHz
Target Platform
x86/64

/sys/devices/pci0000:00/0000:00:1c.0/0000:01:00.0/net/eth0
/sys/devices/pci0000:00/0000:00:1c.1/0000:02:00.0/net/eth1
/sys/devices/pci0000:00/0000:00:1c.2/0000:03:00.0/net/eth2
/sys/devices/pci0000:00/0000:00:1c.3/0000:04:00.0/net/eth3

root@TappersRouter:~# for file in sys_vendor board_vendor product_name board_nam
e product_version; do

cat /sys/devices/virtual/dmi/id/$file
done
Sophos
AMI Corporation
XG
Aptio CRB
85r1

1 Like

Hopefully not completely unrelated: Is there any hope of identifying a board that self-identifies as

{
        "system": "Intel(R) Atom(TM) CPU  E3805  @ 1.33GHz",
        "model": "To be filled by O.E.M. To be filled by O.E.M.",
        "board_name": "to-be-filled-by-o-e-m-to-be-filled-by-o-e-m"
}

with the following sys_vendor board_vendor product_name board_name product_version

To be filled by O.E.M.
AMI Corporation
To be filled by O.E.M.
Aptio CRB
To be filled by O.E.M.

(This is a Rohde & Schwarz Cybersecurity[sic] GP-U 50, to all intents and purposes an early contemporary of the Sophos devices.)

The GP-U 100/200 would be easy to identify, as that one has the system name filled in, but the GP-U 50 leaves pretty all markers as to be filled in (Aptio CRB is pretty much the only marker, but that BIOS is (too) commonly used). Unless there is something else that is unique, that one is going to be hard.

There are other files in /sys/devices/virtual/dmi/id/, anything device-specific? If not, my (limited) understanding is that you can build a custom base-files IPK file to set model name and model id and configure network. If you want to include the custom base-files IPK in the images built with image builder, make cure to override the version number in the Makefile.

Only one, perhaps: product_uuid yields 03000200-0400-0500-0006-000700080009

If it's only for myself, I can configure the device (and its model strings) for myself already, that's not the issue. But we're not working towards configuring the devices for ourselves, are we? :wink:

@tapper @RaylynnKnight thank you! Shocking to see a difference in device paths between the non-wireless and wireless versions for XG-85. I'll have to retest (and potentially ask for more paths here) some of the other devices.

I also wanted to double-check that on all XG devices you have, the ports are marked LAN/1 WAN/2 DMZ/3 and just 4 and that the OpenWrt enumerates them in the correct order.

Labeling as you described is correct for XG 85w, for the XG 106 there is a minor difference in that 4 is labeled Shared with a line to the SFP cage also labeled 4. I'll have to check if they are enumerated correctly on the XG 106, but I'm positive they are on the XG 85w as I submitted the pull request that added support for the XG 85 and XG 86 devices.

1 Like

My suggestions for port names for the 4-port devices are:
SG-line: LAN WAN DMZ HA
XG-line: LAN1 WAN DMZ LAN4

As I'm not sure if people are using the SFP for WAN or LAN I don't know how to approach it.

Not unique, same uuid on my Sophos device. No idea on how to solve this.