Firewall PDF

Sophos Firewall OS virtual and
software appliances
Getting started guide
Contents
Virtual and software appliances...............................................................................................................1
VMware.....................................................................................................................................................2
Installing on VMware.....................................................................................................................2
Microsoft Hyper-V.....................................................................................................................................9
Installing on Hyper-V.....................................................................................................................9
KVM........................................................................................................................................................ 19
Installing on KVM........................................................................................................................ 19
XenApp................................................................................................................................................... 29
Installing on XenApp................................................................................................................... 29
Software appliance.................................................................................................................................35
Installing on Windows................................................................................................................. 35
Installing on macOS.................................................................................................................... 36
Activating and registering XG Firewall...................................................................................................38
(2020/05/07)
Sophos Firewall OS virtual and software appliances
1 Virtual and software appliances

You can install XG Firewall as a virtual or software appliance.
With XG Firewall virtual and software appliances, you can implement network security and
Synchronized Security (for endpoints) within the virtual infrastructure. These appliances deliver the
full security of the hardware appliances. You can manage these centrally through Sophos Central.
Virtual appliances
You can install XG Firewall as a virtual appliance on VMware ESX and VMware ESXi, Microsoft
Hyper-V 2008 and 2012, KVM (Kernel-based Virtual Machine), and Citrix XenApp platforms.
Software appliances
You can install XG Firewall as a software appliance on custom hardware over Windows or macOS
systems.
Copyright © Sophos Limited 1

2 VMware
You can deploy the XG Firewall virtual appliance in a VMware ESX or VMware ESXi environment.
Prerequisites
• Install VMware ESX or VMware ESXi 5.0 or later on a server that meets the minimum hardware
requirements below.
• Install vSphere Client (VMware management software) on a management device that has network
access to the server.
For instructions, go to the vSphere installation and setup guide.
Table 1: Minimum hardware requirements
Hardware Specification
vCPU 1
vRAM 4 GB minimum
vNIC 2
Primary disk 16 GB minimum
Report disk 80 GB minimum
If the minimum requirements aren’t met for new deployments of SFOS 18.0 or when migrating from
an earlier version, XG Firewall goes into fail-safe mode.
CAUTION
Configure the vCPU and vRAM based on the purchased license. Do not exceed the maximum
number of vCPUs specified in the license.
2.1 Installing on VMware

You can deploy an XG Firewall OVF image in a VMware environment.
1. Go to XG Firewall free trial and download the .zip file containing the XG Firewall OVF image.
Extract and save the image on the device that has the vSphere client installed.
2. To deploy the OVF image, follow these steps:
a) Use the vSphere client to sign in to the VMware host server using its IP address, username,
and password.
2 Copyright © Sophos Limited

b) Go to File and select Deploy OVF Template.
c) Select the file sf_virtual and select Open. When the file path opens in the vSphere client,
select Next.

d) Verify the OVF template details.
e) Specify a name and location for the OVF template.

f) Select the host or cluster within which you want to deploy the OVF template.
This image shows deployment on a standalone server. Configuration can differ in cluster
environments.
g) Select the storage format to install the OVF template:

• Thick Provision Lazy Zeroed: Space required for the virtual disk is allocated during disk
creation. Data remaining on the physical device is not erased during creation, but is zeroed
out on demand later on first write from the virtual machine. You can’t convert this disk to a
thin disk.

• Thick Provision Eager Zeroed: Supports clustering features such as Fault Tolerance (FT).
Space required for the virtual disk is allocated at the time of creation. Data remaining on
the physical device is zeroed out when the virtual disk is created. May take longer to create
disks in this format.
• Thin Provision: Minimum space required. Use this format to save storage space.
For details, go to VMware disk provisioning policies.
h) Select the networks to be used by the OVF template.
i) Verify the deployment settings and select Finish.

XG Firewall will be installed on the server.

3. Configure XG Firewall.
a) Right-click XG Firewall. Select Power and then select Power on.
b) Enter the administrator password admin. The Main menu appears.

c) From the management device, go to https://172.16.16.16.
d) Select Start to open the wizard and complete the basic configuration.
CAUTION
The wizard will not start if you’ve changed the default password from the console.

You need to activate and register XG Firewall.

3 Microsoft Hyper-V
You can deploy the XG Firewall virtual appliance on the Microsoft Hyper-V platform.
Prerequisites
• Install Microsoft Hyper-V Server 2008 or 2012 on a server that meets the minimum hardware
requirements below. For instructions, go to Server 2008 or Server 2012.
• Install Hyper-V Manager (Hyper-V management software) on a management device that has
network access to the server. For details, go to Hyper-V Manager.
vCPU 1
vRAM 4 GB minimum
vNIC 2
CAUTION
3.1 Installing on Hyper-V

You can deploy an XG Firewall VHD (Virtual Hard Disk) on Hyper-V platform.
1. Go to XG Firewall free trial and download the .zip file containing the VHD. Extract and save the
image on the management device that has the Hyper-V Manager installed.
2. To deploy the VHD, follow these steps:
a) Open the Hyper-V Manager. Go to Action > Connect to Server to connect to the host server.

b) Go to Action > New and select Virtual Machine.
c) Specify a name and location for the virtual appliance.

d) Select Generation 1.

e) For Startup memory (vRAM), enter 4096 MB or higher.

f) Select the network interface for the appliance.

g) Select the primary virtual hard disk. Select Use an existing virtual hard disk and select the
extracted VHD file.
h) Verify the summary and select Finish.

The virtual machine’s basic setup is complete.

3. To add the network interface and auxiliary disk, follow these steps:
a) Right-click the appliance and select Settings.
b) Under Hardware, select Network Adapter and select Add.

c) To add an auxiliary disk, select SCSI Controller. Select Hard Drive and select Add.

d) Select the auxiliary disk.

e) To connect to the virtual appliance, right-click the appliance and select Connect.
a) Enter the administrator password admin. The Main menu appears.
b) Accept the Sophos end user license agreement.
CAUTION

4 KVM
You can deploy the XG Firewall virtual appliance on the KVM (Kernel-based Virtual Machine) platform.
Prerequisites
• You must have a server with x86 architecture with a recent Linux kernel and one of these
processors:
— Intel processor with VT (virtualization technology) extensions
— AMD processor with SVM extensions (AMD-V)
• Check if the CPU supports Intel VT or AMD-V, using these commands:
— Intel VT: grep --color vmx /proc/cpuinfo
— AMD-V: grep --color svm /proc/cpuinfo
• Install the virt-manager (Virtual Machine Manager) application on a management device to
manage the KVM. For details, go to KVM FAQs.
vCPU 1
vRAM 4 GB minimum
vNIC 2
CAUTION
4.1 Installing on KVM

You can deploy an XG Firewall QCOW2 disk on KVM platform.
1. Go to XG Firewall free trial and download the .zip file containing the QCOW2 disk. Extract and save
the disk on the device that has the virt-manager installed.
2. To connect to the server, open the virt-manager and go to File > Add Connection.
3. Enter a name and select the QEMU/KVM connection.

4. To import the XG Firewall image for the primary disk, select the .qcow2 file and select Open.

5. Select the storage location and select Forward.

6. Set virtual memory (vRAM) to 4096 MB or higher and CPU to 1.

7. Select the following Advanced options:

a) Network interface of the host device.
b) Fixed MAC address, if required.
c) Set Virt Type to kvm.
d) Chipset architecture.
e) Select Customize configuration before install and select Finish.
8. Specify the advanced settings for Disk 1 (primary disk):
Disk bus: Virtio
Storage format: qcow2

9. To add the auxiliary disk, go to Add Hardware > Storage. Under Select managed or other
existing storage, select the auxiliary disk.

10. To configure the network settings for the appliance, go to Add Hardware > Network. Specify the
host device, MAC address and device model.

11. To specify the network interface cards.

a) For Virtual Network Interface (NIC 1), set Device model to Hypervisor default.

b) For Virtual Network Interface (NIC 2), set Device model to Virtio.

12. Select Begin Installation.

CAUTION

5 XenApp
You can deploy the XG Firewall virtual appliance on Citrix XenApp platform.
Prerequisites
• Install XenServer in your network.
• Install the XenCenter application on a management device to manage the XenServer.
For instructions, go to XenApp quick start guide.
vCPU 1
vRAM 4 GB minimum
vNIC 2
CAUTION
5.1 Installing on XenApp

You can deploy an XG Firewall OVF image on the XenApp platform.
1. Go to XG Firewall free trial and download the .zip file containing the XG Firewall OVF image.
Extract and save the image on the device that has XenCenter installed.
2. To deploy the OVF image, follow these steps:
a) Start XenCenter. Select Import Source and select the OVF image.

b) Select Location to place the virtual machine. Go to Import VM(s) to and select the location.
Alternatively, you can specify a Home Server.
c) Select Storage and specify the storage repository in the destination pool.

d) Select Networking and select the network interface through which the virtual appliance will
connect to the internet.
e) For OS Fixup Settings, retain the default selection: Don't use Operating System Fixup.

f) Select Transfer VM Settings and specify the network settings.
g) Review the configuration summary.

h) To connect to the appliance, right-click the virtual appliance and select Start.


CAUTION

6 Software appliance
You can deploy the XG Firewall software appliance on custom hardware over Windows and macOS
systems.
Prerequisites
Network interface cards 2
RAM 4 GB minimum
HDD or SSD 10 GB minimum

64 GB recommended
USB pen drive 1 GB
CAUTION
6.1 Installing on Windows

You can deploy an XG Firewall ISO image on a Windows server.
1. Go to XG Firewall free trial and download the XG Firewall software (ISO) image on your computer.
2. Insert a standard USB pen drive that has the specified minimum space. You will need the pen drive
to install the ISO.
3. To install the ISO using Windows utility, follow these steps:
a) Go to Win32 Disk Imager and download Win32 Disk Imager.
b) Start the utility. The utility looks for IMG files. To allow the utility to find the downloaded ISO file,
change the file filter to *.*. Select the Sophos Firewall ISO file.
c) To install the ISO on the pen drive, select the USB pen drive.
Installing the ISO will erase the pen drive’s existing data.
4. To install XG Firewall on the server, follow these steps:
a) For the pen drive to start, you may need to change the BIOS settings.
b) Connect a monitor, keyboard, and a serial cable to the server.
c) When the prompt to start installation appears, type y and press Enter.
You will receive two prompts.

d) When installation is complete, remove the pen drive and restart the server. A first-time restart
will take a few minutes.
XG Firewall is installed as a software appliance.
a) From the management device, go to https://172.16.16.16.
b) Select Start to open the wizard and complete the basic configuration.
CAUTION
6.2 Installing on macOS

You can deploy an XG Firewall ISO image on a macOS server.
1. Go to XG Firewall free trial and download the XG Firewall software (ISO) image on your computer.
2. Insert a standard USB pen drive that has the specified minimum space. You will need the pen drive
to install the ISO.
3. To install the software on macOS, follow these steps:
a) Open the disk utility included in macOS.
b) Locate the pen drive.
c) Go to Partitions, make the following changes and select Apply.
• Volume scheme: 1 partition
• Format: Free Space
d) Open a terminal window and go to the ISO location.
e) To convert the ISO file into a new format, run the command:
hdiutil convert -format UDRW -o sf.img.dmg SW-SFOS_15.01.0-376.iso
f) The converted ISO will be renamed sf.img.dmg.
g) Run the diskutil list and locate the path of the pen drive.
h) To write the converted ISO to the pen drive, use the following command for reference:
dd if=./sf.img.dmg of=/dev/rdisk9 bs=1m
The pen drive’s path is /dev/disk9. Replace this with the path used on your computer.
• The = path adds an r before the device path name. This is deliberate and enables RAW
disk access. If you leave the r out, the process will be slower.
• For the imaging to work on your system, you may need to run sudo dd <rest of
command>.
The process will take a few minutes. When the command prompt appears, you can remove
the pen drive.
4. To install XG Firewall on the server, follow these steps:
a) For the pen drive to start, you may need to change the BIOS settings.
b) Connect a monitor, keyboard, and a serial cable to the server.

c) When the prompt to start installation appears, type y and press Enter.
You will receive two prompts.
d) When installation is complete, remove the pen drive and restart the server. A first-time restart
will take a few minutes.
XG Firewall is installed as a software appliance.
a) From the management device, go to https://172.16.16.16.
b) Select Start to open the wizard and complete the basic configuration.
CAUTION

7 Activating and registering XG Firewall

You can activate XG Firewall and register it.
1. Review and accept the Sophos End User License Agreement (EULA).
2. To register XG Firewall, enter the serial number if you have one. Alternatively, you can start a free
trial, which provides a temporary serial number, or skip registration for 30 days. If you’re migrating
from UTM 9, you can enter its license.

3. You will be redirected to the MySophos portal. Create a Sophos ID or sign in and complete the
registration.
Once you register, the license is synchronized.
4. Complete the basic setup. Select Continue and complete the configuration through the wizard.
When you finish the process, the web admin console appears.

You can configure the other settings, including interfaces, zones, wireless networks, and firewall
rules. For details, go to online help.

Firewall PDF

Uploaded by

Copyright:

Available Formats

Firewall PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Firewall PDF

Uploaded by

Copyright:

Available Formats

Sophos Firewall OS virtual and

1 Virtual and software appliances

Copyright © Sophos Limited 1

Table 1: Minimum hardware requirements

Primary disk 16 GB minimum

Report disk 80 GB minimum

2.1 Installing on VMware

2 Copyright © Sophos Limited

b) Go to File and select Deploy OVF Template.

Copyright © Sophos Limited 3

d) Verify the OVF template details.

e) Specify a name and location for the OVF template.

4 Copyright © Sophos Limited

g) Select the storage format to install the OVF template:

Copyright © Sophos Limited 5

h) Select the networks to be used by the OVF template.

i) Verify the deployment settings and select Finish.

6 Copyright © Sophos Limited

b) Enter the administrator password admin. The Main menu appears.

Copyright © Sophos Limited 7

You need to activate and register XG Firewall.

8 Copyright © Sophos Limited

Table 2: Minimum hardware requirements

Primary disk 16 GB minimum

Report disk 80 GB minimum

3.1 Installing on Hyper-V

Copyright © Sophos Limited 9

b) Go to Action > New and select Virtual Machine.

c) Specify a name and location for the virtual appliance.

10 Copyright © Sophos Limited

Copyright © Sophos Limited 11

e) For Startup memory (vRAM), enter 4096 MB or higher.

12 Copyright © Sophos Limited

f) Select the network interface for the appliance.

Copyright © Sophos Limited 13

14 Copyright © Sophos Limited

The virtual machine’s basic setup is complete.

Copyright © Sophos Limited 15

16 Copyright © Sophos Limited

d) Select the auxiliary disk.

Copyright © Sophos Limited 17

You need to activate and register XG Firewall.

18 Copyright © Sophos Limited

Table 3: Minimum hardware requirements

Primary disk 16 GB minimum

Report disk 80 GB minimum

4.1 Installing on KVM

Copyright © Sophos Limited 19

20 Copyright © Sophos Limited

5. Select the storage location and select Forward.

Copyright © Sophos Limited 21

6. Set virtual memory (vRAM) to 4096 MB or higher and CPU to 1.

22 Copyright © Sophos Limited

7. Select the following Advanced options:

Copyright © Sophos Limited 23

24 Copyright © Sophos Limited

Copyright © Sophos Limited 25

11. To specify the network interface cards.

26 Copyright © Sophos Limited