Sophos XG Firewall Virtual Appliance: Getting Started Guide

Download as pdf or txt
Download as pdf or txt
You are on page 1of 10

Sophos XG Firewall Virtual

Appliance
getting started guide
Contents
Introduction............................................................................................................................................... 1
Installation procedure............................................................................................................................... 2
Configuring XG Firewall........................................................................................................................... 4
Activation and Registration............................................................................................................4
Basic Configuration....................................................................................................................... 4
Legal notices............................................................................................................................................ 8

(2020/12/14)
Sophos XG Firewall Virtual Appliance

1 Introduction
Welcome to the Getting Started guide for Sophos XG Firewall Virtual Appliance (referred to in this
document as “XG Firewall”) for VMware ESX/ESXi platform. This guide describes how you can
download, deploy and run XG Firewall as a virtual machine on VMware ESX/ESXi.

Minimum hardware requirement


1. One vCPU
2. 2GB vRAM
3. 2 vNIC
4. Primary Disk with a minimum of 4 GB space
5. Report Disk with a minimum of 80 GB space

Note
SFOS 17 supports hard drives with a maximum of 512 GB.

XG Firewall will go into fail-safe mode if the minimum requirements are not met.

Note
To optimize the performance of your XG Firewall, configure vCPU and vRAM according to the
license you have purchased. When configuring a number of vCPUs, make sure that you do not
exceed the maximum number specified in your license.

Copyright © Sophos Limited 1


Sophos XG Firewall Virtual Appliance

2 Installation procedure
Make sure that VMware ESX/ESXi version 5.0 or later is installed in your network. For VMware ESX/
ESXi installation instructions, refer to the VMware documentation http://www.vmware.com/support/
pubs/vsphere-esxi-vcenter-server-pubs.html.
You need to:
1. Download and extract the OVF image
2. Access the ESX/ESXi Host via vSphere Client
3. Deploy the OVF Template
4. Power on
1. Download the .zip file containing the OVF image from https://secure2.sophos.com/en-us/products/
next-gen-firewall/free-trial.aspx and save it.
2. Log in to the ESX/ESXi host server on which you want to deploy the OVF template through
VMware vSphere Client.

Note
In this guide, we are using VMware vSphere client to connect to the ESX/ESXi host server on
which the OVF template is to be deployed.

a) Go to File > Deploy OVF Template to open the downloaded .ovf file in the vSphere Client.
b) Select the sf_virtual file and click Open.
3. To deploy the OVF template:
a) Select the location of the .ovf file for XG Firewall and click Next to continue.

2 Copyright © Sophos Limited


Sophos XG Firewall Virtual Appliance

b) Verify the OVF template details and click Next to continue.

c) Specify a name and location for the OVF template to be deployed and click Next to continue.

d) Select the host/cluster within which you want to deploy the OVF template and click Next to
continue.

Note
Here, we are deploying the OVF template on a single/standalone server. The configuration
may be different in a cluster environment.

e) Select the format in which you want to store the virtual disks from the available options:
Thin Provision: It uses the minimum required space for the OVF template, saving the rest
for other use.
Thick Provision: It uses the entire allotted virtual disk for OVF template installation, wiping
out additional data on the disk.
In case of VMware ESXi 5.0 or later, three storage options are available: Thin Provision,
Thick Provision Lazy Zeroed and Thick Provision Eager Zeroed. For more information,
refer to http://www.vmware.com/.

f) Click Next to continue.


g) Select the networks to be used by the OVF template and click Next to continue.

h) Verify the deployment settings for the OVF Template and click Finish to initiate the deployment
process of XG Firewall.
This installs XG Firewall on your machine.
4. Right-click the deployed XG Firewall and go to Power > Power On.

a) Enter the administrator password: ‘admin’ to continue to the Main Menu.

Copyright © Sophos Limited 3


Sophos XG Firewall Virtual Appliance

3 Configuring XG Firewall
1. Browse to "https://172.16.16.16" from the management computer.
2. Click Start to begin the wizard and follow the on-screen instructions.

Note
The wizard will not start if you have changed the default administrator password from the
console.

3.1 Activation and Registration


1. Review and accept the License Agreement. You must accept the Sophos End User License
Agreement (EULA) to proceed further.
2. Register Your Firewall. Enter the serial number, if you have it. You can also use your UTM 9
license if you are migrating.
Otherwise, you can skip registration for 30 days or start a free trial.
a) You will be redirected to the MySophos portal website. If you already have a MySophos
account, specify your sign-in credentials under “Login”. If you are a new user, sign up for a
MySophos account by filling in the details under “Create Sophos ID”.

b) Complete the registration process.


Post successful registration of the device, the license is synchronized and the basic setup is done.
3. Finish the basic setup. Click Continue and complete the configurations through the wizard. When
you finish the process, the Network Security Control Center appears.

You can now use the navigation pane to the left to navigate and configure further settings.

3.2 Basic Configuration


You can:
1. Set up Interfaces
2. Create Zones
3. Create Firewall Rules
4. Set up a Wireless Network
1. To set up interfaces:
a) You can add network interfaces and RED connections in the Configure > Network >
Interfaces menu.
b) You can add wireless networks in the Protect > Wireless > Wireless Networks menu.
SSIDs will also be shown in the interfaces menu once created.
c) You can add access points in Protect > Wireless > Access Points.

4 Copyright © Sophos Limited


Sophos XG Firewall Virtual Appliance

2. Zones are essential in creating firewall rules and, therefore, central to the security model in XG
Firewall. If you wish to create custom zones in addition to the default zones, go to Configure >
Network > Zone. You can use these custom zones when creating interfaces, and security policies.
3. You can create the following types of firewall rules in Protect > Firewall > Add Firewall Rule. Two
types of firewall rules are available:

Option Description

Business Application Rule To secure a server or service, and allow


internal or external users access to it, use a
business application rule.

User/Network Rule To control user access to web and application


content, or to control traffic by source, service,
destination, zone, and user, use a user/
network rule.

4. To set up a wireless network:


a) Go to Protect > Wireless > Wireless Networks.
b) Click Add to add a new wireless network.
c) Configure the wireless network as shown in the image.

The wireless network will be added successfully.


d) Similarly, add another wireless network for guest access.

Copyright © Sophos Limited 5


Sophos XG Firewall Virtual Appliance

You can see both these wireless networks in Protect > Network > Wireless Networks.

e) Go to Protect > Wireless > Access Point Groups.


f) Click Add to add a new access point group.
g) Add both the wireless networks, and the new access point.

If new APs have been installed, you can view these in Control Center.
h) Click the pending APs to accept the new access points.

i) Configure the settings of the new APs as shown in the image.

6 Copyright © Sophos Limited


Sophos XG Firewall Virtual Appliance

j) Click Save.

Copyright © Sophos Limited 7


Sophos XG Firewall Virtual Appliance

4 Legal notices
Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise unless you are either a valid licensee where the documentation
can be reproduced in accordance with the license terms or you otherwise have the prior permission
in writing of the copyright owner.
Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos
Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned
are trademarks or registered trademarks of their respective owners.
Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise unless you are either a valid licensee where the documentation
can be reproduced in accordance with the license terms or you otherwise have the prior permission
in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group.
All other product and company names mentioned are trademarks or registered trademarks of their
respective owners.

8 Copyright © Sophos Limited

You might also like