Follow these recommendations if you are new to XG Firewall. You learn how to secure the access to your XG Firewall, test and validate it, and finally how to go live once you feel comfortable.
Deployment options
This section provides information about the different deployment options available for XG Firewall.
Managing XG Firewall
Learn about the interfaces through which you can manage XG Firewall.
Architecture
Xstream architecture enables the offloading and streaming of packet processing for high levels of protection and performance.
Web admin console
Manage your XG Firewall using the web admin console.
Control center
The control center provides a single-screen snapshot of the status and health of the security system.
Keep track of currently signed-in local and remote users, current IPv4, IPv6, IPsec, SSL, and wireless connections.
Live users
Live users are users who are currently signed in to XG Firewall.
Live connections
You can see the connection details of IPv4 traffic by the application, username, and source IP address.
Live connections IPv6
You can see the connection details of IPv6 traffic by the application, username, and source IP address.
IPsec connections
The page displays list of all the connected IPsec tunnels and you can filter the list based on connection name, local server
name, local subnet, user name, remote server/host or remote subnet.
Remote users
Use Remote users page to view a list of active remote users.
Reports provide a unified view of network activity for the purpose of analyzing traffic and threats and complying with
regulatory bodies. For example, you can view a report that includes all web server protection activities taken by the
firewall, such as blocked web server requests and identified viruses.
Dashboards
View information about network traffic passing through the firewall and security threats.
Applications & web
View information about application and internet usage on your network.
Network & threats
View information about network usage and associated threats.
VPN
A Virtual Private Network (VPN) is a tunnel that carries private network traffic from one endpoint to another over a public
network such as the internet. VPN allows users to transfer data as if their devices were directly connected to a private network.
You can use a VPN to provide secure connections from individual hosts to an internal network and between networks. VPNs are
commonly used to secure communication between off-site employees and an internal network and from a branch office to the company
headquarters.
Email
View information about email traffic on your network.
Compliance
View information about regulatory compliance.
Custom
Create reports that include only the criteria that you specify.
Bookmarks
Bookmarks allow you to access frequently used reports quickly. For example, you may need to refer to a report that identifies intrusion attacks for a specified period to isolate a specific
threat.
Report settings
Report settings let you specify configuration options for reports. For example, you can specify data to show in custom reports
and manage report schedules for all report groups. Other options let you specify data retention times and purge data.
This menu allows checking the health of your device in a single shot. Information can be used for troubleshooting
and diagnosing problems found in your device.
Tools
Using the Tools page, one can view the statistics to diagnose the connectivity problem, network problem and test network communication.
It assists in troubleshooting issues such as hangs, packet loss, connectivity, discrepancies in the network.
Policy test
You can test firewall rules, SSL/TLS inspection rules, and web policies to see the action that XG Firewall would take for traffic matching these criteria.
System graphs page displays graphs pertaining to system related activities for different time intervals.
Support access
You can allow Sophos Technical Support to temporarily access your XG Firewall for troubleshooting purposes.
Rules and polices enable traffic flow between zones and networks while enforcing security controls, address translation,
and decryption and scanning.
Firewall rules
With firewall rules, you can allow or disallow traffic flow between zones and networks. You can implement policies
and actions to enforce security controls and traffic prioritization.
Web server protection (WAF) rules
The WAF rules protect applications and websites hosted on physical or cloud-based web servers from exploits and attacks.
NAT rules
With Network Address Translation (NAT), you can modify the IP addresses and ports for traffic flowing between networks,
generally between a trusted and an untrusted network.
SSL/TLS inspection rules
With SSL/TLS inspection rules, you can intercept and decrypt SSL and TLS connections over TCP, enabling XG Firewall to enforce secure connections between clients and web servers.
With intrusion prevention, you can examine network traffic for anomalies to prevent DoS and other spoofing attacks.
Using policies, you can define rules that specify an action to take when traffic matches signature criteria. You can
specify protection on a zone-specific basis and limit traffic to trusted MAC addresses or IP–MAC pairs. You can also create rules to bypass DoS inspection.
DoS attacks
DoS attack status allows you to see if traffic limits have been applied and the amount of data dropped after the limit
has been exceeded. The firewall applies the traffic limits specified in DoS settings and logs the corresponding events.
Data is available for the source and destination in real time.
IPS policies
With IPS policies, you can prevent network attacks using rules.
Custom IPS signatures
With custom signatures, you can protect your network from vulnerabilities related to network objects such as servers,
protocols, and applications. You can create custom signatures and later add them to IPS policy rules.
DoS & spoof protection
To prevent spoofing attacks, you can restrict traffic to only that which matches recognized IP addresses, trusted MAC addresses,
and IP–MAC pairs. You can also set traffic limits and flags to prevent DoS attacks and create rules to bypass DoS inspection. The
firewall logs dropped traffic.
Web protection keeps your company safe from attacks that result from web browsing and helps you increase productivity.
You can define browsing restrictions with categories, URL groups, and file types. By adding these restrictions to policies,
you can block websites or display a warning message to users. For example, you can block access to social networking sites
and executable files. General settings let you specify scanning engines and other types of protection. Exceptions let
you override protection as required for your business needs.
Policies
With web policies, you can create rules to control end users’ web browsing activities.
Policy quota status
You can see the time quota remaining for individual users in specific web policies within a 24-hour period.
User activities
User activities combine web categories, file types, and URL groups in one container. You can include user activities
in policies to control access to websites or files that match any of the criteria specified.
Categories
With web categories, you can organize and classify domains and keywords in a container. You can use categories within
policies to control access to websites.
URL groups
URL groups contain one or more domains that you can use in web policies to control access to websites.
Exceptions
With exceptions, you can override protection settings for all web traffic that matches the specified criteria, regardless
of any policies or rules in effect.
General settings
The firewall scans HTTP(S) and FTP traffic for threats as specified by your firewall rules and for inappropriate web
usage when a web policy is selected for a rule. These settings apply only to traffic that matches firewall rules with
these options set. You can specify the type of scanning, maximum file size to be scanned, and additional checking.
You can also create policy overrides to allow end users to access otherwise blocked websites.
File types
A file type is a classification determined by the file extension or MIME type.
Surfing quotas
Surfing quotas allow you to allocate internet access time to your users.
User notifications
The firewall displays a notification to users when a web policy is set to block access or warn before connecting.
Content filters
A content filter is a named list of terms. You can use content filters in policies to restrict access to websites
that contain any of the terms listed. The default set of filters includes terms that are blocked by many organizations.
Enhance web protection
You may want to use scanning behavior that is stronger than the default. To do this, you select a scanning engine,
specify maximum file size, and enable other options.
Customize web protection
Sometimes you may need to customize web protection settings for certain categories of traffic or certain domains.
For example, you may not want to decrypt HTTPS traffic for financial services websites because they contain sensitive
financial data. You also may want to skip malware scanning and Sandstorm analysis for sites that you know are low-risk. You can specify this behavior using exceptions.
Control access to websites
Many organizations need to control access to certain categories, and often the access varies according to user group.
For example, you may wish to allow some users to access websites that are blocked by the default workplace policy.
Block content using a list of terms
You may want to block all users from accessing websites that contain terms that your company considers offensive.
To do this, you create a list of terms and apply it in a policy.
Application protection helps keeps your company safe from attacks and malware that result from application traffic exploits.
You can also apply bandwidth restrictions and restrict traffic from applications that lower productivity. Application
filters allow you to control traffic by category or on an individual basis. With synchronized application control, you
can restrict traffic on endpoints that are managed with Sophos Central. Managing cloud application traffic is also supported.
Application filter
With application filter policies, you can control access to applications for users behind the firewall.
Synchronized Application Control
Synchronized Application Control monitors all applications on endpoints connected through Security Heartbeat.
Cloud applications
By analyzing cloud application traffic, you can mitigate the risks posed by cloud application usage. Options allow
you to classify traffic and apply a traffic shaping policy.
Application list
The application list contains many commonly used applications.
Traffic shaping default
You can implement bandwidth restrictions using traffic shaping policies. You can apply default traffic shaping policies
to categories or individual applications.
Application object
An Application object is used together with a SD-WAN policy route enabling easy control of how application traffic is routed through the network.
Block high-risk applications
To guard their networks against malware, many organizations need to control access to applications that are considered
high risk. You can create policies to restrict traffic to all applications categorized as high risk. When the application signature database is updated, new applications are automatically added to application
filters and firewall rules. For example, if a new signature is added for a high-risk application and there
is already an application filter that blocks all high-risk applications, the new application will be blocked.
Wireless protection lets you define wireless networks and control access to them.
Wireless client list
The wireless client list displays all clients that are currently connected to a wireless network through
an access point. You can view clients by access point or SSID. Connection characteristics such as signal strength and frequency are also
displayed.
Wireless networks
A wireless network provides common connection settings for wireless clients. These settings include SSID,
security mode, and the method for handling client traffic.
Access points
A wireless access point (WAP) is a hardware device that allows Wi-Fi clients to connect to your wired
network. The firewall obtains configuration and status details from access points using AES-encrypted communication. Use these
settings to allow Sophos access points to connect to your network and to manage the access points on your network.
Access point groups
With access point groups, you can assign wireless networks and specify VLAN tagging to a group of access
points. Groups provide a convenient method of managing wireless networks for several access points, rather than individually.
Mesh networks
A mesh network is a network topology in which each node relays data for the network, allowing the network
to extend over a large area. In a mesh network, access points can act as root or as mesh nodes. You can deploy a mesh network as a wireless repeater
or as a wireless bridge.
Hotspots
A hotspot is a network node that provides internet connectivity using a Wi-Fi device such as a wireless
router. Hotspots are typically used to provide guest access in public areas. When you add an interface to a hotspot, the
associated access points act as hotspots. Hotspots support a full suite of protection features and authentication
methods.
Hotspot voucher definition
Hotspot voucher definitions specify network access. You can use voucher definitions to limit the validity period, time quota, and data volume for users who have access
to voucher-type hotspots.
Rogue AP scan
Scan your network for unauthorized access points and mark them.
Wireless settings
Use these settings to enable wireless protection, to set notification time-out, and to configure a RADIUS
server for enterprise authentication.
Hotspot settings
Use these settings to configure various hotspot settings such as deletion options and certificates to
use for HTTPS authentication.
Manage email routing and protect domains and mail servers. You can configure SMTP/S, POP/S, and IMAP/S policies with
spam and malware checks, data protection, and email encryption.
Troubleshooting email protection
Emails are not delivered. They remain in the mail spool.
You can protect web servers against Layer 7 (application) vulnerability exploits. These attacks include cookie, URL, and
form manipulation. Use these settings to define web servers, protection policies, and authentication policies for use in
Web Application Firewall (WAF) rules. General settings allow you to protect web servers against slow HTTP attacks.
Web servers
Define the servers to be protected. Web servers specify a host, a type, and other connection settings. You can protect plain text (HTTP) and encrypted (HTTPS) servers.
Protection policies
Using policies, you can define protection from vulnerability exploits, such as cookie, URL, and form manipulation.
Authentication policies
Using authentication policies, you can provide basic or form-based reverse-proxy authentication for your web servers.
You can also use them to control access to the paths specified in firewall rules. The firewall supports basic HTTP
authentication as described in RFC 7617. Authentication policies specify an authentication method and users.
Authentication templates
Authentication templates define HTML forms for use in form-based authentication policies.
General settings
You can configure slow HTTP protection and set the TLS version.
Protect a web server against attacks
You can protect a web server against attacks using a firewall rule.
Advanced threat protection allows you to monitor and analyze all traffic on your network for threats and take appropriate action, for example
drop the packets. You can also view Sandstorm activity and the results of any file analysis. Use these results to determine the level of risk posed to your network
by releasing these files.
Advanced threat protection
Advanced threat protection analyzes incoming and outgoing network traffic (for example, DNS requests, HTTP requests,
and IP packets) for threats.
Threat intelligence
Activity records provide basic information such as the date and time on which files or emails containing suspicious
attachments were sent to Sandstorm.
Sandstorm settings
Use these settings to specify a data center and to exclude files from Sandstorm analysis.
By synchronizing with Sophos Central, you can use Security Heartbeat to enable devices on your network to share health information. Synchronized Application Control lets you detect and manage applications in your network. Additionally, you can manage your XG Firewall devices centrally through Sophos Central.
Security Heartbeat
Security Heartbeat is a feature that allows endpoints and firewalls to communicate their health status with each other. Find the details
on how it works, what different health statuses there are, and what they mean.
Synchronized user ID authentication
Synchronized user ID authentication uses the Security Heartbeat to provide user authentication for endpoint users.
A Virtual Private Network (VPN) is a tunnel that carries private network traffic from one endpoint to another over a public
network such as the internet. VPN allows users to transfer data as if their devices were directly connected to a private network.
You can use a VPN to provide secure connections from individual hosts to an internal network and between networks. VPNs are
commonly used to secure communication between off-site employees and an internal network and from a branch office to the company
headquarters.
Create a remote access SSL VPN
You want to configure and deploy a connection to enable remote users to access a local network. The VPN establishes
an encrypted tunnel to provide secure access to company resources through TCP on port 443.
Create a site-to-site SSL VPN
You want to establish secure, site-to-site VPN tunnels using an SSL connection. This VPN allows a branch office to
connect to the head office. Users in the branch office will be able to connect to the head office LAN.
Create a site-to-site IPsec VPN
You want to create and deploy an IPsec VPN between the head office and a branch office. You use a preshared key for
authentication.
Create a route-based VPN
You want to create and deploy a route-based VPN (RBVPN) between your head office (HO) and branch office (BO), with
traffic allowed both ways.
IPsec connections
Create and manage IPsec VPN connections and failover groups.
SSL VPN (remote access)
With remote access policies, you can provide access to network resources by individual hosts over the internet using
point-to-point encrypted tunnels. Remote access requires SSL certificates and a username and password.
SSL VPN (site-to-site)
With a site-to-site SSL VPN, you can provide access between internal networks over the internet using point-to-point
encrypted tunnels.
Sophos Connect client
Sophos Connect client is VPN software that runs on Microsoft Windows 7 SP2 and later, and Mac OS 10.12 and later. It establishes highly
secure, encrypted VPN tunnels for off-site employees.
L2TP (remote access)
The Layer Two Tunneling Protocol (L2TP) enables you to provide connections to your network through private tunnels
over the internet. The firewall supports L2TP as defined in RFC 3931.
Clientless access
Allow users to access services and areas on your network such as remote desktops and file shares using only a browser, and
without the need for additional plug-ins. Clientless access policies specify users (policy members) and bookmarks.
Bookmarks
Bookmarks specify a URL, a connection type, and security settings. Use bookmarks with clientless access policies to give
users access to your internal networks or services. For example, you may want to provide access to file shares or allow
remote desktop access. Users can access bookmarks through the VPN page in the user portal.
Bookmark groups
Bookmark groups allow you to combine bookmarks for easy reference. For example, you can create a group containing all of the
bookmarks for remote desktops so that you do not need to specify access on an individual basis.
PPTP (remote access)
Using the Point-to-Point Tunneling Protocol (PPTP), you can provide connections to your network through private tunnels
over the internet. The protocol itself does not describe encryption or authentication features. However, the firewall
supports several authentication options including Password Authentication Protocol (PAP), Challenge Handshake Authentication
Protocol (CHAP), and Microsoft Challenge Handshake Authentication Protocol (MS-CHAPv2). The firewall supports PPTP
as described in RFC 2637.
IPsec policies
Internet Protocol Security (IPsec) policies specify a set of encryption and authentication settings for an Internet
Key Exchange (IKE).
VPN settings
Define settings requested for remote access using SSL VPN and L2TP. These include protocols, server certificates,
and IP addresses for clients.
Network objects let you enhance security and optimize performance for devices behind the firewall. You can use these
settings to configure physical ports, create virtual networks, and support Remote Ethernet Devices. Zones allow you
to group interfaces and apply firewall rules to all member devices. Network redundancy and availability is provided
by failover and load balancing. Other settings allow you to provide secure wireless broadband service to mobile devices
and to configure advanced support for IPv6 device provisioning and traffic tunnelling.
Interfaces
The firewall is shipped with physical and virtual interfaces. A physical interface, for example, Port1, PortA, or eth0. A virtual interface is a logical representation of an interface that lets you extend your network using existing
ports. You can bind multiple IP addresses to a single physical interface using an alias. You can also create and configure interfaces that support Remote Ethernet Devices.
Zones
A zone is a grouping of interfaces. Zones also specify the services that can be used to administer devices and authenticate
users. When used with firewall rules, zones provide a convenient method of managing security and traffic for a group
of interfaces.
WAN link manager
The WAN link manager allows you to configure gateways to support failover and load balancing.
DNS
You can obtain the address of a DNS server from a DHCP or PPPoE server, or you can specify static DNS servers. Other options
allow you to resolve requests for specific hosts using a specified IP address and to resolve requests for external domains
using DNS servers on your network.
DHCP
The firewall supports the Dynamic Host Configuration Protocol as defined in RFC 2131 (IPv4) and RFC 3315 (IPv6). You can use DHCP servers to dynamically allocate unique IP addresses to devices on a network. Using a DHCP relay, you can provide dynamic address allocation for clients that are not on the same subnet
as the DHCP server. You can also view lease records.
IPv6 router advertisement
The firewall supports stateless address auto-configuration (SLAAC) for IPv6 devices. Using SLAAC, IPv6 devices automatically
create unique link-local addresses for IPv6 enabled interfaces, and clients use router advertisement messages to configure
their own IP address automatically.
Cellular WAN
Cellular WAN networks provide secure wireless broadband service to mobile devices.
IP tunnels
An IP tunnel is a mechanism that encapsulates one network protocol as a payload for another network protocol. Using a tunnel,
you can encapsulate an IPv6 packet into an IPv4 packet for communication between IPv6-enabled hosts/networks over an IPv4
network, or vice versa.
Neighbors (ARP–NDP)
The firewall uses the Address Resolution Protocol (ARP) and Neighbor Discover Protocol (NDP) to enable communication
between hosts residing on the same subnet. Using these protocols, the firewall creates IP/MAC mappings and stores
them in neighbor caches. Static mappings are also supported. The firewall uses cached entries to detect neighbor poisoning
attempts.
Dynamic DNS
Using Dynamic DNS, you can ensure that the firewall is accessible even when it is provisioned with a dynamic IP address.
When the firewall receives a new IP address, it contacts the Dynamic DNS service and updates the public DNS name with
the new address. Using DDNS, the public DNS name will always point to the correct IP address.
A route provides a device information so that it can forward a packet to a specific destination. You can configure
static and dynamic routes on XG Firewall.
Static routing
You can create a static route to forward packets to a destination other than the configured default gateway.
SD-WAN policy routing
SD-WAN (software-defined wide area networking) policy routing allows you to implement routing decisions based on the
policies that you specify.
Gateways
Shows a list of configured IPv4 and IPv6 gateways.
BGP
You can manage BGP routes.
Information
You can view any dynamic routes configured using the RIP, OSPF, BGP, and PIM-SM protocols.
RIP
You can manage RIP routes and add, update, or delete the network and interface configuration.
You can set up authentication using an internal user database or third-party authentication service. To authenticate
themselves, users must have access to an authentication client. However, they can bypass the client if you add them
as clientless users. The firewall also supports two-factor authentication, transparent authentication, and guest user
access through a captive portal.
Servers
External servers authenticate users who are attempting to access the firewall and associated services. Use these settings to define servers and manage access to them.
Services
Select the authentication servers for the firewall and other services such as VPN. You can configure global authentication settings, as well as settings for Kerberos and NTLM, web client, and RADIUS
single sign-on. Web policy actions let you specify where to direct unauthenticated users.
Groups
Groups contain policies and settings that you can manage as a single unit. With groups, you can simplify
policy management for users. For example, you may want to create a grouping of settings that specifies a surfing quota and limits the access time
for guest users.
Users
The firewall distinguishes between end users, who connect to the internet from behind the firewall, and
administrator users, who have access to firewall objects and settings. You can add or import user records to be used for authentication. When you add (register) a user, you specify the
user type and associate the record with a group. The user inherits the policies defined in the group, but the user's
policy overrides the group settings.
One-time password
You can implement two-factor authentication using one-time passwords, also known as passcodes. Passcodes are generated by Sophos Authenticator or any third-party authenticator on a mobile device or tablet without the need for an internet connection. When users
log on, they must provide a password and a passcode.
Web authentication
You can use Active Directory SSO or the captive portal to authenticate users. Users will then appear in logging and
reporting and will be used as matching criteria in firewall rules and web policies.
Guest users
Guest users are users who do not have an account and want to connect to your network in order to access
the internet. You can add (register) guest users or allow them to register themselves through the guest
user portal. You can print credentials or send them through SMS. After authentication, the guest user is granted access according to the selected policies or is redirected
to the captive portal.
Clientless users
Clientless users are not required to authenticate using a client to access the internet. Instead, the
firewall authenticates these users by matching a user name to an IP address.
Guest user settings
Guest users are users who do not have an account and want to connect to your network in order to access
the internet. You can add (register) guest users or allow them to register themselves through the guest
user portal. Use these settings to enable guest users to register through the guest user registration page and to configure guest
user authentication settings and default group.
Client downloads
Use these settings to download the clients and components that support single sign-on, transparent authentication,
and email encryption.
STAS
Sophos Transparent Authentication Suite (STAS) enables users on a Windows domain to sign in to XG Firewall automatically when signing in to Windows. This eliminates the need for multiple sign-ins and for SSO clients on each
client device.
Troubleshooting authentication
How to investigate and resolve common authentication issues.
Use system services to configure the RED provisioning service, high availability, and global malware protection settings.
High availability
High availability refers to the hardware configuration and settings that allow the firewall to continue functioning during a power
loss, disk failure, or other event.
Traffic shaping settings
Use these settings to specify maximum bandwidth, traffic optimization, and bandwidth allocation for internet-bound
traffic. These settings are usually applied to traffic that doesn't have a policy applied to it.
RED
A Remote Ethernet Device is a network appliance that provides a secure tunnel between a remote site and
the firewall. The RED provisioning service supports RED deployment and provides security options.
Malware protection
Specify global malware protection settings.
Log settings
The firewall provides extensive logging capabilities for traffic, system, and network protection functions. You can
use logs to analyze network activity to help identify security issues and reduce network abuse. You can store logs
locally. You can also send them to syslog servers securely using TLS encryption. The firewall supports syslog as defined
in RFC 5424.
Notification list
You can send alerts to an administrator about system-generated events through email notifications and SNMP traps.
Data anonymization
Using data anonymization, you can encrypt identities in logs and reports. Identities include user names, IP addresses, MAC addresses and email addresses. When you enable data anomymization, you
specify one or more administrators who are authorized to de-anonymize the data. You can override anonymization using
exceptions.
Traffic shaping
Using traffic shaping policies, you can manage bandwidth and prioritize network traffic to reduce the impact of heavy
bandwidth usage.
Services
View system service status and manage services.
Profiles allow you to control users’ internet access and administrators’ access to the firewall. You can define schedules,
access time, and quotas for surfing and data transfer. Network address translation allows you to specify public IP addresses
for internet access. You can specify levels of access to the firewall for administrators based on work roles.
Schedule
Schedules specify the duration for which rules and policies are in effect.
Access time
You can control internet access time for users, groups, and guest users. You can allow or deny internet access based
on a scheduled time period.
Surfing quotas
Surfing quotas allow you to allocate internet access time to your users.
Network traffic quota
Use network traffic quota policies to control data transfer by users and groups.
Decryption profiles
Decryption profiles enable you to enforce decryption settings on SSL/TLS connections.
Device access
You can create role-based access to the firewall for administrators.
You can define and manage system hosts and services.
IP host
Shows a list of all dynamic hosts, default hosts, and manually added hosts.
IP host group
Shows a list of all host groups. You can add new host groups, edit existing host groups, and delete host groups.
MAC host
You can assign a hostname to one or more MAC addresses.
FQDN host
Shows predefined fully qualified domain name (FQDN) hosts. You can add new hosts, and edit or delete existing hosts.
FQDN host group
You can add individual FQDN hosts to one or more host groups.
Country group
Shows a list of predefined country groups based on their continent.
Services
Shows a list of all default and custom services.
Service group
Shows a list of all default and custom service groups.
Administration allows you to manage device licenses and time, administrator access, centralized updates, network bandwidth
and device monitoring, and user notifications.
Licensing
You can see the device registration information and the subscription status. You can activate or evaluate subscription
modules.
Device access
Device access allows you to limit administrative access to certain services from custom and default zones (LAN, WAN,
DMZ, VPN, Wi-Fi).
Admin settings
Modify the admin port settings and sign-in parameters. Customize the sign-in parameters to restrict local and remote
user access based on time duration.
Central management
Sophos Firewall Manager (SFM), Sophos Central Firewall Manager(CFM) or Sophos Central centrally manages your Sophos XG Firewall (device). Central management allows you to configure keep-alive requests and to enable configuration and
signature updates of the device through the firewall manager.
Time
Set the XG Firewall clock.
Notification settings
Configure a mail server and email settings to send and receive alert emails.
Netflow
You can add, update, or delete Netflow servers. The device offers Netflow, a network protocol, to monitor network
bandwidth usage and traffic flow. Netflow records of source, destination and volume of traffic are exported to the
Netflow server. The records help you identify the protocols, policies, interfaces and users consuming high bandwidth.
Data analyzing tools like Open Source Data Analyzer and PRTG software can generate reports from the Netflow records.
Messages
Use messages to notify users and issue administrative alerts. You can send messages of up to 256 characters to one
or more users.
SNMP
SNMP (Simple Network Management Protocol) gives access to XG Firewall information, for example, status of the firewall, service availability, CPU, memory, and disk usage. XG Firewall supports SNMPv3, SNMPv1 and SNMPv2c protocols.
You can manage the configuration, firmware versions, hotfixes, and pattern updates.
Import export
You can import and export the full or selective configuration of XG Firewall.
Firmware
You can manage firmware versions, install hotfixes, and change the default language.
Certificates allows you to add certificates, certificate authorities, and certificate revocation lists.
Certificate revocation lists
Certificates can be revoked when the key or CA has been compromised, or the certificate is no longer valid for the
original purpose. CAs maintain a list of revoked certificates.
Install a subordinate certificate authority (CA) for HTTPS inspection
Create and install a subordinate CA so that you can use one certificate across all your XG Firewall appliances for SSL/TLS scanning.
Logs include analyses of network activity that let you identify security issues and reduce malicious use of your network.
You can send logs to a syslog server or view them through the log viewer. Using data anonymization, you can encrypt identities in logs and reports.
Log viewer
Display event information for different modules and filter logs. Take action on linked rules and policies.