Getting Started With Sophos XG Firewall on Nobus

Sophos XG Firewall brings a fresh new approach to the way you manage your firewall, respond to threats, and monitor what’s happening on your network.

It provides all the latest advanced technology you need to protect your network from ransomware and advanced threats including top- rated IPS, Advanced Threat Protection, Cloud Sandboxing and full AI-powered threat analysis, Dual AV, Web and App Control, Email Protection and a full-featured Web GUI.

Note
If the following minimum server requirements are not met, XG Firewall will go into failsafe mode:
  • Two vCPU
  • 4 GB vRAM
  • 2 vNIC. ( warning! the Network maximum transmission unit (MTU) for Nobus is 1458 )
  • DiskI with code name Security-Sophos-XG-Firewall-DiskI: Minimum 30 GB
  • DiskII with code name Security-Sophos-XG-Firewall-DiskII: Minimum 80 GB
For optimal XG Firewall performance, configure vCPU and vRAM according to the license you have purchased. Do not exceed the maximum number of vCPUs specified in the license.

Procedure

Create Two Root Volumes (Primary and Auxiliary)

The boot source of the two volumes are; (a) Security-Sophos-XG-Firewall-DiskI: Minimum 30 GB and (b) Security-Sophos-XG-Firewall-DiskII: Minimum 80 GB images respectively.

To create these volumes, log in to the Nobus Management Console.

Goto Project > Volumes > Volumes

Click on the “ + Create Volume” button. On the new Create Volume window, provide the neccessary inputs as specified below.

  1. Volume Name
  2. Description (optional): primary volume
  3. Volume Source: Select Image
  4. Use image as a source: Choose Security-Sophos-XG-Firewall-DiskI
  5. Size: minimum 30 GB
  6. No need to specify other inputs
  7. Click on the Create Volume button below to create the volume

Repeat the steps above to create the auxiliary volume but this time;

  1. Use image as a source: Choose Security-Sophos-XG-Firewall-DiskII
  2. Size: minimum 80 GB
  3. No need to specify other inputs
  4. Click on the Create Volume button below to create the volume

After the two root volumes had finished creating, you can then proceed to creating your sophos xg firewall instance with the next step.

Creating Your Sophos XG Firewall Instance

Important! If the following minimum server requirements are not met, XG Firewall will go into failsafe mode:

  • Two vCPU
  • 4 GB vRAM
  • 2 vNIC (LAN and WAN).

    Important!
    You must first launch the instance using the WAN interface. After which, you can then attach the second interface (LAN) to the running instance. You can then access the Sophos Admin GUI using the LAN interface IP address. See Accessing the Sophos Admin GUI

  • DiskI with code name Security-Sophos-XG-Firewall-DiskI: Minimum 30 GB
  • DiskII with code name Security-Sophos-XG-Firewall-DiskII: Minimum 80 GB

For optimal XG Firewall performance, configure vCPU and vRAM according to the license you have purchased. Do not exceed the maximum number of vCPUs specified in the license.

To create an instance, log in to the Nobus Management Console.

Goto Project > Compute > Instance

Click on the “ + Launch Instance” button. On the new Create Instance window, provide the neccessary inputs as specified below.

The dashboard shows the instances with its name, its private and floating IP addresses, size, status, task, power state, and so on.

Details tab

Instance Name

Assign a name to the Sophos XG Firewall virtual machine.

The name you assign here becomes the initial host name of the server.

Description

You can assign a brief description of the virtual machine.

Availability Zone

By default nova.

Count

To launch several instances, enter a value greater than 1. The default is 1.

Source tab

Instance Boot Source

Select:

Boot from volume

when you choose this option, a new field for Volume displays.

(Optionally) Click the Delete Volume on Instance Delete option to delete the volume on deleting the instance.

Select the volume name from the dropdown list Choose the Primary volume ( first volume you created from the Security-Sophos-XG-Firewall-DiskI image boot source) from the list.

Flavor tab

Flavor

Specify the size of the instance to launch.
Minimum requirement:

  • Two vCPU
  • 4 GB vRAM
  • 30gb Disk

This is equivalent to selecting the Si.2.4.30.l flavor.

Networks tab

Requires a minimum of 2 vNICs (your LAN and WAN interfaces)

Selected Networks

To add an existing network to the instance, click the + in the Available field.

See Nobus flexible network interface (FNI) to learn about network interfaces.

Network Ports tab

Ports

Activate the ports that you want to assign to the instance.

Security Groups tab

Security Groups

Activate the security groups that you want to assign to the instance.

See Security group rules and references for more infomation.

Leave out others at their default.

Click Launch Instance.

To launch your sophos xg firewall instance

Please note that initializing your instance may take several minutes.

Attach the Auxiliary Volume to your running Sophos XG Firewall Instance

To attach the second volume:

Goto Project > Compute > Instances

Locate your Sophos XG Firewall Instance

Under "Actions" Click on the dropdown arrow list

Select "Attach Volume" . On the new Attach Volume window, Choose the Auxiliary volume ( second volume you created from the Security-Sophos-XG-Firewall-DiskII image boot source) from the list

Click on the Attach Volume button below to attach the volume to the your running instance

Confirm that the volume attached by clicking on the instance. Under the Instance "Overview" tab, scan through the informations, under "Volume Attached" section, you should see the attached volumes in the form -- Attached To volume-name on /dev/vdb. Note that the first volume attached on /dev/vda.

After confirmation, "Hard Reboot" the instance to effect the changes made. See the next step.

Hard Reboot Your Instance

To hard reboot your instance,

Goto Project > Compute > Instances

Locate your Sophos XG Firewall Instance

Under "Actions" Click on the dropdown arrow list

Select the "Hard Reboot Instance" .

On the new "Confirm Hard Reboot Instance" window, you would see the note; "You have selected: instance-name. Please confirm your selection. Restarted instances will lose any data not saved in persistent storage." confirm by clicking the "Hard Reboot Instance" button below.

Once the instance reboot has completed, you now have a functional sophos xg firewall server and can proceed to access the GUI for activation, registration and customized configurations. See the succeeding steps.

Accessing the Sophos XG Firewall GUI

Sophos Firewall OS uses a web 2.0 based easy-to-use graphical interface termed as the web admin console to configure and manage the device. You can access the device for HTTPS web browser-based administration from any of the interfaces. XG Firewall when connected and powered up for the first time, it will have the following web admin console access configuration for HTTPS service.

Goto Project > Compute > Instances

Locate your Sophos XG Firewall Instance

Under "IP Address" take note of your LAN and WAN IPs.

Browse to you LAN IP Address with the default specified TCP port "4444" (example; "https://172.12.12.12:4444") from the management computer. See "Using the web admin console" section of the sophos xg firewall documentation at https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/PDF/sfos_ug.pdf for more information.

You can update the default ports for HTTPS service from Administration > Admin settings

The default USERNAME is admin and PASSWORD is 2M-baj3524/ .

Important!
Take the steps below to change the default password via Web Admin (Recommended):

    Navigate to Administration > Device Access > Default admin password settings · Change the password · Click Apply.

Activation and Registration

Register Your Firewall. Enter the serial number, if you have it. You can also use your UTM 9 license if you are migrating.

Otherwise, you can skip registration for 30 days or start a free trial.
(a) You will be redirected to the MySophos portal website. If you already have a MySophos account, specify your sign-in credentials under “Login”. If you are a new user, sign up for a MySophos account by filling in the details under “Create Sophos ID”.
(b) Complete the registration process.
Post successful registration of the device, the license is synchronized and the basic setup is done

Finish the basic setup. Click Continue and complete the configurations through the wizard. When you finish the process, the Network Security Control Center appears.

Note: By continuing, you accept the Sophos End User License Agreement (EULA) available at https://www.sophos.com/en-us/legal/sophos-end-user-license-agreement.aspx

See Nobus Service Terms for more information.

You can now use the navigation pane to the left to navigate and configure further settings.

Configuring your sophos xg firewall instance

You can:

  1. Set up Interfaces
  2. Create Zones
  3. Create Firewall Rules
  4. Set up a Wireless Network

See the sophos xg firewall documentation at https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/PDF/sfos_ug.pdf for more information on basic and further configurations.