Sophos XG Firewall Virtual Appliance: Getting Started Guide
Sophos XG Firewall Virtual Appliance: Getting Started Guide
Sophos XG Firewall Virtual Appliance: Getting Started Guide
Appliance
getting started guide
Contents
Introduction............................................................................................................................................... 1
Installation procedure............................................................................................................................... 2
Configuring XG Firewall........................................................................................................................... 4
Activation and Registration............................................................................................................4
Basic Configuration....................................................................................................................... 4
Legal notices............................................................................................................................................ 8
(2020/12/14)
Sophos XG Firewall Virtual Appliance
1 Introduction
Welcome to the Getting Started guide for Sophos XG Firewall Virtual Appliance (referred to in this
document as “XG Firewall”) for VMware ESX/ESXi platform. This guide describes how you can
download, deploy and run XG Firewall as a virtual machine on VMware ESX/ESXi.
Note
SFOS 17 supports hard drives with a maximum of 512 GB.
XG Firewall will go into fail-safe mode if the minimum requirements are not met.
Note
To optimize the performance of your XG Firewall, configure vCPU and vRAM according to the
license you have purchased. When configuring a number of vCPUs, make sure that you do not
exceed the maximum number specified in your license.
2 Installation procedure
Make sure that VMware ESX/ESXi version 5.0 or later is installed in your network. For VMware ESX/
ESXi installation instructions, refer to the VMware documentation http://www.vmware.com/support/
pubs/vsphere-esxi-vcenter-server-pubs.html.
You need to:
1. Download and extract the OVF image
2. Access the ESX/ESXi Host via vSphere Client
3. Deploy the OVF Template
4. Power on
1. Download the .zip file containing the OVF image from https://secure2.sophos.com/en-us/products/
next-gen-firewall/free-trial.aspx and save it.
2. Log in to the ESX/ESXi host server on which you want to deploy the OVF template through
VMware vSphere Client.
Note
In this guide, we are using VMware vSphere client to connect to the ESX/ESXi host server on
which the OVF template is to be deployed.
a) Go to File > Deploy OVF Template to open the downloaded .ovf file in the vSphere Client.
b) Select the sf_virtual file and click Open.
3. To deploy the OVF template:
a) Select the location of the .ovf file for XG Firewall and click Next to continue.
c) Specify a name and location for the OVF template to be deployed and click Next to continue.
d) Select the host/cluster within which you want to deploy the OVF template and click Next to
continue.
Note
Here, we are deploying the OVF template on a single/standalone server. The configuration
may be different in a cluster environment.
e) Select the format in which you want to store the virtual disks from the available options:
Thin Provision: It uses the minimum required space for the OVF template, saving the rest
for other use.
Thick Provision: It uses the entire allotted virtual disk for OVF template installation, wiping
out additional data on the disk.
In case of VMware ESXi 5.0 or later, three storage options are available: Thin Provision,
Thick Provision Lazy Zeroed and Thick Provision Eager Zeroed. For more information,
refer to http://www.vmware.com/.
h) Verify the deployment settings for the OVF Template and click Finish to initiate the deployment
process of XG Firewall.
This installs XG Firewall on your machine.
4. Right-click the deployed XG Firewall and go to Power > Power On.
3 Configuring XG Firewall
1. Browse to "https://172.16.16.16" from the management computer.
2. Click Start to begin the wizard and follow the on-screen instructions.
Note
The wizard will not start if you have changed the default administrator password from the
console.
You can now use the navigation pane to the left to navigate and configure further settings.
2. Zones are essential in creating firewall rules and, therefore, central to the security model in XG
Firewall. If you wish to create custom zones in addition to the default zones, go to Configure >
Network > Zone. You can use these custom zones when creating interfaces, and security policies.
3. You can create the following types of firewall rules in Protect > Firewall > Add Firewall Rule. Two
types of firewall rules are available:
Option Description
You can see both these wireless networks in Protect > Network > Wireless Networks.
If new APs have been installed, you can view these in Control Center.
h) Click the pending APs to accept the new access points.
j) Click Save.
4 Legal notices
Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise unless you are either a valid licensee where the documentation
can be reproduced in accordance with the license terms or you otherwise have the prior permission
in writing of the copyright owner.
Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos
Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned
are trademarks or registered trademarks of their respective owners.
Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise unless you are either a valid licensee where the documentation
can be reproduced in accordance with the license terms or you otherwise have the prior permission
in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group.
All other product and company names mentioned are trademarks or registered trademarks of their
respective owners.