My Blog

Blog

  • Auditing Our Sophos XGS128 Firewall — Full Configuration Report

    Overview

    As part of our ongoing infrastructure documentation, we performed a comprehensive configuration audit of our Sophos XGS128 next-generation firewall — the gateway and security layer for our entire 10.8.2.0/24 network. This post covers everything uncovered during the audit: hardware specs, network interfaces, routing, VPN status, and a live ARP table showing every device on the network.

    Hardware & Firmware

    ModelSophos XGS128
    HostnameX125093H3FVY29E
    FirmwareSFOS 22.0.0 GA-Build411
    CPUIntel Atom C1110 @ 2.1 GHz — 4 cores
    RAM7.6 GB total / ~3.3 GB available
    Uptime5 days, 22 hours at time of audit
    Disk UsageConfig 11% | Content 8% | Reports 16%
    LicenseActivated and synced

    Network Interfaces

    The XGS128 has 9 physical ports plus a management port. Only two are currently active:

    PortRoleIP AddressSpeedStatus
    Port1LAN10.8.2.1/241 GbpsUP — Active
    Port2WAN (Internet)144.6.62.49/221 GbpsUP — Active
    GuestAPGuest WiFi10.255.0.1/24No link
    Ports 3–9, PortF1, LAG1UnusedNo link

    Port1 serves the entire 10.8.2.0/24 LAN. Port2 connects to our ISP with a public IP in the 144.6.60.0/22 block. Port1 has received 1.6 GiB inbound while Port2 has handled 34 GiB inbound — reflecting heavy internet traffic flowing into the network.

    Routing Configuration

    • WAN Load Balancing: Session Persistence — Source IP Only (single WAN link)
    • Static Routes: None — all traffic via default gateway
    • SD-WAN Policy Route: Not configured
    • Policy-based IPSec routing: Not configured

    VPN Status

    • PPTP: Not configured
    • L2TP: Not configured
    • IPSec: No active tunnels

    VPN is not currently in use. All remote access is via direct SSH and web admin interfaces within the LAN. This is something we may revisit for secure external access in future.

    Live ARP Table — Every Device on 10.8.2.0/24

    We queried the firewall’s ARP table to get a real-time snapshot of every device that has communicated through the firewall. This gives us our complete network device inventory:

    IP AddressMAC AddressDevice
    10.8.2.1C8:4F:86:EE:EB:89Sophos XGS128 — LAN gateway
    10.8.2.360:a4:b7:70:fe:44tobirama — KVM hypervisor (RHEL 9.4)
    10.8.2.590:b1:1c:1a:03:0aProxmox VE host (pve1)
    10.8.2.690:b1:1c:1a:03:0ciDRAC management card
    10.8.2.1152:54:00:83:5f:dcghost-vm1 — backupthecloud.info
    10.8.2.1252:54:00:7a:af:10ghost-vm2 — connectedtech.com.au
    10.8.2.1352:54:00:88:9e:9cghost-vm3 — blog.ctsolutions.com.au
    10.8.2.1552:54:00:02:1e:dcghost-vm5 — momentums.com.au
    10.8.2.2052:54:00:ed:fd:4acaddy-vm — reverse proxy
    10.8.2.2152:54:00:04:5b:2fanalytics-vm — Plausible Analytics
    10.8.2.2552:54:00:ef:23:dcelk-vm — ELK Stack (Kibana)
    10.8.2.50bc:24:11:65:1a:78WordPress VM (Proxmox) — this server
    10.8.2.51bc:24:11:f2:ab:9eNginx Webserver VM (Proxmox)
    10.8.2.52bc:24:11:83:9b:bdPeerTube VM (Proxmox) — self-hosted video

    The ARP table also showed stale entries at 10.8.2.138, 10.8.2.142–144 — these are old DHCP leases from before we migrated our Proxmox VMs to static IPs. The firewall ARP cache hasn’t expired them yet, which is normal behaviour.

    How We Audited the Firewall

    The Sophos XGS128 restricts API access by source IP, so we connected via SSH and used the built-in Device Console to run diagnostic commands directly. After accepting the access warning banner and selecting option 4 (Device Console), we used tab completion to discover available commands and ran the following:

    show network interfaces           # Interface IPs, speeds, traffic counters
show network static-route         # Static routes
show routing wan-load-balancing   # WAN load balance method
show vpn configuration            # VPN tunnel status
system diagnostics show version   # Firmware and model info
system diagnostics show memory    # RAM usage breakdown
system diagnostics show uptime    # System uptime
system diagnostics show disk      # Disk partition usage
system diagnostics utilities arp show  # Live ARP table

    Key Takeaways

    • The firewall is healthy — low resource usage, 5+ day uptime, license active
    • Only Port1 (LAN) and Port2 (WAN) are in use — 7 ports free for future expansion (VLANs, DMZ, etc.)
    • No VPN configured — remote access is LAN-only for now
    • No static routes — simple flat network with default gateway routing
    • The ARP table confirmed all newly provisioned Proxmox VMs are live on the network
    • Full DHCP scope configuration is only visible via the Sophos web UI at https://10.8.2.1

  • Complete Infrastructure IP Address Reference

    This post serves as a complete reference for all services and IP addresses across our infrastructure — both the existing KVM environment on tobirama and the new Proxmox platform.

    Network Overview

    • Subnet: 10.8.2.0/24
    • Gateway / Firewall: 10.8.2.1 (Sophos XG)

    Network Infrastructure

    Device IP Address Access Notes
    Sophos XG Firewall 10.8.2.1 https://10.8.2.1:4444 Gateway, DHCP server, firewall

    Proxmox Infrastructure (Dell PowerEdge T620)

    Service IP Address Access URL Credentials
    Proxmox VE Host 10.8.2.5 https://10.8.2.5:8006 root / (see admin)
    iDRAC (Out-of-band management) 10.8.2.6 https://10.8.2.6 Dell iDRAC login
    Webserver VM (Nginx) 10.8.2.51 http://10.8.2.51 ubuntu / ubuntu (SSH)
    WordPress VM 10.8.2.50 https://blog.picklecomputers.au WP Admin: https://blog.picklecomputers.au/wp-admin
    PeerTube VM 10.8.2.52 http://10.8.2.52 Setup on first visit

    KVM Infrastructure (tobirama.konoha.local)

    Service IP Address Access URL Notes
    tobirama KVM Hypervisor 10.8.2.3 SSH: josephdizon@10.8.2.3 RHEL 9.4, KVM/QEMU
    Ghost CMS — backupthecloud.info 10.8.2.11 https://backupthecloud.info ghost-vm1
    Ghost CMS — connectedtech.com.au 10.8.2.12 https://connectedtech.com.au ghost-vm2
    Ghost CMS — blog.ctsolutions.com.au 10.8.2.13 https://blog.ctsolutions.com.au ghost-vm3
    Ghost CMS — momentums.com.au 10.8.2.15 https://momentums.com.au ghost-vm5
    Caddy Reverse Proxy 10.8.2.20 SSH only TLS termination for Ghost sites
    Plausible Analytics 10.8.2.21 https://analytics.momentums.com.au analytics-vm
    ELK Stack (Kibana) 10.8.2.25 http://10.8.2.25:5601 Elasticsearch, Logstash, Kibana

    VM Specs Summary

    VM IP vCPUs RAM Disk OS
    Webserver (Nginx) 10.8.2.51 2 2 GB 20 GB Ubuntu 24.04
    WordPress 10.8.2.50 2 2 GB 20 GB Ubuntu 24.04
    PeerTube 10.8.2.52 4 4 GB 50 GB Ubuntu 24.04
    ghost-vm1 10.8.2.11 2 2 GB 4.7 GB Ubuntu 24.04
    ghost-vm2 10.8.2.12 2 2 GB 4.9 GB Ubuntu 24.04
    ghost-vm3 10.8.2.13 2 2 GB 4.8 GB Ubuntu 24.04
    ghost-vm5 10.8.2.15 2 2 GB 4.8 GB Ubuntu 24.04
    caddy-vm 10.8.2.20 1 1 GB 885 MB Ubuntu 24.04
    analytics-vm 10.8.2.21 2 4 GB 3.3 GB Ubuntu 24.04
    elk-vm 10.8.2.25 2 4 GB 160 GB Ubuntu 24.04

    Last updated: April 2026. All Proxmox VMs use static IPs configured via Netplan. KVM VMs are on fixed IPs configured at provisioning time.

  • Network Static IP Migration — Proxmox Infrastructure

    To ensure reliable access to all our new infrastructure, we migrated all devices from DHCP to static IP addresses.

    IP Assignment Summary

    Device Old IP (DHCP) New IP (Static)
    Proxmox Host 10.8.2.138 10.8.2.5
    iDRAC 10.8.2.104 10.8.2.6
    WordPress VM 10.8.2.143 10.8.2.50
    Webserver VM 10.8.2.142 10.8.2.51
    PeerTube VM 10.8.2.144 10.8.2.52

    How It Was Done

    • Proxmox host: Updated /etc/network/interfaces and reloaded networking
    • iDRAC: Configured via IPMI commands (ipmitool lan set)
    • Ubuntu VMs: Configured via Netplan (/etc/netplan/50-cloud-init.yaml)

    With static IPs in place, all services are reliably accessible regardless of DHCP lease renewals or server reboots.

  • Deploying PeerTube — Our Self-Hosted Video Platform

    The third VM on our Proxmox server runs PeerTube v8.1.5 — a fully self-hosted, open-source video platform similar to YouTube.

    VM Specifications

    • VM ID: 102
    • Name: peertube
    • OS: Ubuntu 24.04 LTS
    • vCPUs: 4
    • RAM: 4 GB
    • Disk: 50 GB
    • IP: 10.8.2.52 (static)

    Stack

    • Runtime: Node.js 20
    • Package manager: pnpm 10.15.1
    • Database: PostgreSQL
    • Cache: Redis
    • Web server: Nginx (reverse proxy)
    • Video processing: FFmpeg (transcoding enabled)

    Features

    • Video uploading and streaming
    • Multiple resolution transcoding (240p through 1080p)
    • Channels and playlists
    • Comments and user accounts
    • Federation support

    Access PeerTube at http://10.8.2.52.

  • Setting Up a Self-Hosted WordPress Site on Proxmox

    Our second Proxmox VM runs a full WordPress installation — the very platform powering this blog!

    VM Specifications

    • VM ID: 101
    • Name: wordpress
    • OS: Ubuntu 24.04 LTS
    • vCPUs: 2
    • RAM: 2 GB
    • Disk: 20 GB
    • IP: 10.8.2.50 (static)

    Stack

    • Web server: Nginx 1.24
    • Database: MySQL 8.0
    • PHP: PHP 8.3-FPM
    • CMS: WordPress (latest)

    Automated Setup

    The entire WordPress installation was automated using WP-CLI — no browser-based setup wizard required. This included:

    • Database creation and user setup
    • WordPress core installation
    • Permalink structure configuration
    • Initial blog posts created automatically

    The site URL was later updated when we migrated to a static IP, with all database references updated using WP-CLI’s search-replace functionality.

  • Deploying an Nginx Web Server VM on Proxmox

    The first virtual machine we deployed on our new Proxmox server was a lightweight Ubuntu 24.04 web server running Nginx.

    VM Specifications

    • VM ID: 100
    • Name: webserver
    • OS: Ubuntu 24.04 LTS (cloud image)
    • vCPUs: 2
    • RAM: 2 GB
    • Disk: 20 GB
    • IP: 10.8.2.51 (static)

    Deployment Process

    Rather than using a full ISO installer, we used the Ubuntu 24.04 cloud image for rapid deployment. The process involved:

    1. Downloading the Ubuntu cloud image directly to Proxmox
    2. Importing the disk image into a new VM
    3. Configuring cloud-init for automated first-boot setup
    4. Resizing the disk to 20 GB
    5. Installing Nginx via SSH

    Result

    Nginx is running and enabled at boot, accessible at http://10.8.2.51. The whole deployment from zero to running web server took just minutes using the cloud image approach.

  • Building Our Proxmox Virtualisation Server

    We recently commissioned a brand new virtualisation platform built on Proxmox VE, running on a Dell PowerEdge T620 server with serious hardware specs.

    Hardware

    • Server: Dell PowerEdge T620
    • CPU: 24 vCPUs
    • RAM: 196 GB
    • Storage: Local LVM-Thin pool (171 GB) + local directory storage
    • Network: Bridged via vmbr0 on the 10.8.2.0/24 network

    Management Interfaces

    • Proxmox Web UI: https://10.8.2.5:8006
    • iDRAC (out-of-band management): https://10.8.2.6

    The iDRAC gives us full out-of-band access to the server — remote console, power control, and hardware health monitoring even if the OS is unresponsive.

    Static IP Configuration

    All management interfaces were assigned static IPs to ensure reliable access:

    • Proxmox host: 10.8.2.5
    • iDRAC: 10.8.2.6

  • About This Server

    This WordPress site runs on a virtual machine managed by Proxmox VE.

    Stack

    • Proxmox VE hypervisor
    • Ubuntu 24.04 LTS
    • Nginx web server
    • MySQL 8.0 database
    • PHP 8.3-FPM

  • Getting Started with Self-Hosted WordPress

    Running your own WordPress instance gives you full control over your content, data, and performance.

    Why Self-Host?

    • Full control over your data
    • No monthly subscription fees
    • Custom plugins and themes
    • Better performance tuning

    This blog is hosted on Ubuntu 24.04 with Nginx, MySQL, and PHP 8.3.

  • Welcome to My Blog

    Welcome to My Blog

    Welcome to my new blog! This site is running on WordPress hosted on a Proxmox VM.

    Stay tuned for more posts coming soon.