Add a firewall with Zero Touch

You can deploy Sophos XG Firewall using Zero Touch configuration.

Zero Touch lets you specify all the firewall settings in a configuration file. You then send that file to another administrator (for example, in a branch office) who can use it to deploy the firewall, without entering any more settings.

Zero Touch configuration is available for hardware appliances that will be managed from Sophos Central.

Here are the key steps:

  1. In Sophos Central Admin, go to Firewall management > Firewalls.
  2. Click Add Firewall and select the option to add a new firewall.
  3. The installer guides you through these steps:
    1. Enter the serial number of the appliance.
    2. Register the firewall.
    3. Accept the license agreement.
    4. Configure the firewall (LAN settings and setting up a protected network).
  4. Download the Zero Touch file or send it to the administrator who will use it.
    If you need to configure any internet settings, you can do so before you download or send the file.
At the site where the firewall needs to be deployed, the local administrator must do as follows:
  1. Copy the Zero Touch configuration file onto a USB stick.
  2. Put the USB stick into the appliance and start the firewall.
    The firewall detects the Zero Touch configuration file and accepts the internet settings (if any).
In Sophos Central Admin, you must do as follows:
  1. When you are prompted, “accept” the new firewall.

    Once the firewall is accepted, the remaining settings get applied.

    When the firewall is accessed, a message prompts Super Admin administrators to set a password for the firewall.

    Note If this admin password isn't set, admins may have trouble accessing the firewall if it loses its connection or is disconnected from Sophos Central Admin in future.