This guide covers installing the Sophos XG Home (V17-MR3) firewall on a Qotom Q355G4.
1. Download the “Firewall OS Software ISO for Intel Hardware” under “Software Installers” from the official Sophos website (www.sophos.com).
Note: You will have to create an account/register to receive the download link and a home use serial number which will be required if you want to use Sophos XG beyond a 30-day trial.
2. Burn the ISO to a USB drive using a program like Etcher (www.etcher.io).
3. Start up the Qotom Q355G4 and press the ‘DEL’ key during the boot up process to access the BIOS.
4. In the BIOS, select the ‘Advanced’ tab and open the ‘USB Configuration’ page. From there, set ‘XHCI Mode’ to ‘Disabled’, exit the BIOS and restart the device with the USB drive plugged in. Of note, this step may not be required based on your setup. Disabling XHCI Mode will make your on-board USB 3.0 ports function like USB 2.0 ports.
Note: Recommend setting ‘Restore From AC Power Loss’ option to automatically turn on your device after a power loss event.
5. With the USB drive plugged in, press ‘F10’ during boot up and select the USB drive as your boot device.
Note: If ‘F10’ is not working, you can also go back into the BIOS and select ‘UEFI: <your USB drive name>’ under ‘Save & Exit’ -> ‘Boot Override’. This will force a boot to your USB drive.
6. Follow the installation instructions. Once the initial part of the installation is complete, you will be asked to remove the install media and reboot the device. After the device reboot, the setup process will continue eventually leading to a prompt asking for a password. At this point, Sophos XG is up and running and you only need to log in if you need to shut down the device or wish to configure Sophos XG from the console. The default password is ‘admin’.
7. Connect a computer to Port 1 on the Q355G4 (this is ‘eth0’ within Sophos XG). Sophos XG will automatically assign an IP address as it has a DHCP server running by default. Connect the internet modem to Port 4 on the Q355G4 (this is actually ‘eth1’ within Sophos XG).
Note: The Qotom Q355G4 network ports aren’t actually in the order as listed on the physical device. The ports labeled 1-2-3-4 on the physical device are actually ports 1-3-4-2 within Sophos XG (which is technically eth0-eth2-eth3-eth1). Additionally, connecting your internet modem to Port 4 isn’t required unless you want to activate Sophos XG during the initial setup. You can choose to skip the activation process and do it at a later time.
8. From your web browser, access the web GUI by browsing to https://172.16.16.16:4444
9. You will receive a security/error message in regards to the website’s security certificates which you can ignore and continue browsing to the website. This occurs because your web browser does not have the Sophos XG SSL certificate.
10. Follow the Sophos XG Configuration Wizard.
Note: Many users of the Qotom devices have reported lower CPU temperatures by reapplying the thermal paste between the CPU and heat sink. I used this Arctic Silver kit which includes cleaning solution and non-conductive thermal paste.