Skip to content

Configuring Sophos XG Custom Firewall

Sophos XG Firewall introduces an innovative approach to the way that you manage your firewall, and how you can detect and respond to threats on your network. It has been built to expose hidden risks, block both known and unknown threats and automatically respond to incidents.

In this tutorial, we will explain what is Sophos XG Firewall and the reason behind using it, then go through a step-by-step guide on how to create a Cloudspace and configure Sophos XG Firewall on it.

Sophos Features

  • Sophos XG Firewall has lots of features like extreme levels of visibility, protection, and performance through stream-based packet processing, TLS inspection offers high performance, DPI Engine provides stream scanning protection for IPS, AV, Web, App Control, and TLS Inspection in a single-high performance engine and more.

  • You can check Sophos XG Official Documentation to learn more about Sophos XG architecture, user interface and how it works.

How to create a virtual firewall with Sophos Firewall (Step by Step)?

Step 1 : Create a cloudspace with a custom firewall

  1. On the left side of the page in the navigation drawer of whitesky.cloud BV portal, click Cloudspaces. The previously created cloudspaces will be listed.

  2. At the top of the page, click Create Cloudspace.

  3. Select the location, then choose that your cloudspace should be connected to external network, and in the Select virtual firewall part select Using a custom virtual firewall.

  4. Now you need to configure your cloudspace and firewall, enter your cloudspace name and subnet (Sophos Firewall has a default IP address of 172.16.16.16/24 so a subnet in that range will allow you to connect to the new firewall easily) and in the search bar under custom firewall configuration search for "Sophos XG(S) Installer" and select it.

    Note: We will use an ISO attached to a VM to install our virtual firewall..

  5. Determine the disk size, vCPUs and memory configuration as you like (e.g 20GB for the boot disk, 2 vCPUs and 4096MB RAM), then click Create Cloudspace.

    Note: The minimum specifications to run Sophos XG Firewall are 4GB of RAM, 10GB of hard disk.

Step 2 : Installing Sophos XG Firewall

Before you install the firewall, you'll need to add a second disk (Used for logging and reporting). You can add a disk by opening the firewall_vm details page then click ADD DISK at the top of the page. Now add the new disk name (e.g Report Disk) and select the disk size (e.g 80GB), then the Disk will be added and will appear under the disks list.

  1. Open your cloudspace and select firewall_vm to go to the VM details page.

  2. At the top of the firewall_vm page click Console. Enter y in the command line interface to continue the installation of Sophos Firmware. This will take a while, just wait until it finishes.

    image image

  3. The command line will ask you to reboot the system. However, you need to remove the CDROM first before rebooting. Minimize the command line window and open the virtual machine window, then click CDROM IMAGES and open the Sophos XG(S) Installer, then click Detach to remove the CDROM from the firewall_vm.

  4. After removing the disk go back to the console and press "y" to reboot.

    image

  5. After reboot, log in with the default root password - admin

    image

  6. Accept End User License Agreement by typing A.

    image

  7. First activate the device with the license key received on purchase or registration. After login type AA and enter for Device Activation

    image

  8. Enter the Serial Number and re-enter it to confirm (e.g. Serial Number: C01001QDGJP8R0D).

    image

  9. Press Enter, the device has now been activated.

    image

Step 3 : Configuring Sophos XG Firewall

Note: Most of the firewalls allow users to access their web portals, and this can't be done using the Firewall VM itself because it doesn't have a GUI.

To configure your firewall, you have four options:

  1. Enable public access from the firewall console.
  2. Create a Desktop VM to open the firewall web portal using the browser.
  3. Deploy a VPN and connect to it, then use a browser on your localhost.
  4. Use Port Forward on your VM using SSH.

We will create a new VM called "Management_VM" and use it to configure our firewall using the web portal.

  1. Go to your cloudspace and click Create VM at the top of the page.
  2. Choose Create from an image, then select Ubuntu Desktop 20.04 and set your preferable compute size (you are free to add an extra data disk or not).
  3. Finally add your VM's configuration details and click Create Virtual Machine.
  4. After creating your machine successfully, open its details page and click Console at the top of the page.
  5. You will have your VM up and running in an external window, just log in with your initial password (you can find it on your VM details page).
  6. Open Firefox on your VM and go to https://172.16.16.16:4444 to finish the firewall setup. Click Advanced then continue to the website.

    Note: This will only happen if you chose a subnet from 172.16.16.0/24; if any other subnet was used, then you have to first assign the correct IP using the firewall_vm console.

    image

  7. Accept the Sophos End User License Agreement and click Start Setup.

    image

  8. Enter a new admin password with at least 10 characters mixed case, a special character and a number and click Continue.

    image

  9. You can change the Firewall Name and Time Zone then click Continue.

    image

  10. Select "I have an existing serial number" and check the "I do not want to register now" box, then click Continue.

    image

  11. Click Continue.

    image

  12. Network configuration LAN (Port 1). Change the IP address to the IP assigned by G8 automatically, disable the DHCP by unchecking the box then click Continue.

    image

  13. You can configure the users' permissions. However, you are free to ignore all the options for now and click Continue.

    image

  14. Enter the email addresses of the sender and recipient to have quick access to backups, then click Continue.

    image

  15. Read the final Configuration Summary and click Finish.

    image

  16. Log in again with your username (admin) and the password you entered in Step 8, then you will be redirected to the Sophos Home Page which provides you with all information and insights about your firewall.

    image

Use Different IP Address

If you want to use a subnet other than 172.16.16.0/24 then you will have to set the IP Address of Port1 from the console after Step 9.

  1. Select 1 to open Network Configuration

    image

  2. Select 1 to open Interface Configuration

    image

  3. Press Enter to Continue

    image

  4. Press Enter to Continue

    image

  5. Enter "y" to set IPv4 Address

    image

  6. Enter the New IP address

    image

  7. Enter the New Mask

    image

  8. After Changing IP address is done, press Enter to continue. (Port2 address is not changed.)

    image

  9. Press Enter to ignore IPv6, then you will be redirected back to Network Configuration Screen.

    image

  10. Enter 0 to exit the network configuration screen.

    image