Jump to main content
Getting started
Follow these recommendations if you are new to Sophos Firewall. You learn how to secure the access to your Sophos Firewall, test and validate it, and finally how to go live once you feel comfortable.
Control center
The control center provides a single-screen snapshot of the status and health of the security system.
IPv6 features
This document lists IPv6 features that Sophos Firewall supports and IPv6 features that aren't supported.
Current activities
Keep track of currently signed-in local and remote users, current IPv4, IPv6, IPsec, SSL, and wireless connections.
Reports provide a unified view of network activity for the purpose of analyzing traffic and threats and complying with regulatory bodies.
You can check the health of your Sophos Firewall. You can use this information to troubleshoot and diagnose issues.
Rules and policies
Rules and polices enable traffic flow between zones and networks while enforcing security controls, address translation, and decryption and scanning.
Intrusion prevention
With intrusion prevention, you can examine network traffic for anomalies to prevent DoS and other spoofing attacks. Using policies, you can define rules that specify an action to take when traffic matches signature criteria. You can specify protection on a zone-specific basis and limit traffic to trusted MAC addresses or IP–MAC pairs. You can also create rules to bypass DoS inspection.
Web protection keeps your company safe from attacks that result from web browsing and helps you increase productivity. You can define browsing restrictions with categories, URL groups, and file types. By adding these restrictions to policies, you can block websites or display a warning message to users. For example, you can block access to social networking sites and executable files. General settings let you specify scanning engines and other types of protection. Exceptions let you override protection as required for your business needs.
Application protection helps keeps your company safe from attacks and malware that result from application traffic exploits. You can also apply bandwidth restrictions and restrict traffic from applications that lower productivity. Application filters allow you to control traffic by category or on an individual basis. With synchronized application control, you can restrict traffic on endpoints that are managed with Sophos Central. Managing cloud application traffic is also supported.
Wireless protection lets you define wireless networks and control access to them.
Manage email routing and protect domains and mail servers. You can configure SMTP/S, POP/S, and IMAP/S policies with spam and malware checks, data protection, and email encryption.
Web server
You can protect web servers against Layer 7 (application) vulnerability exploits. These attacks include cookie, URL, and form manipulation. Use these settings to define web servers, protection policies, and authentication policies for use in Web Application Firewall (WAF) rules. General settings allow you to protect web servers against slow HTTP attacks.
Advanced threat
Advanced threat protection allows you to monitor and analyze all traffic on your network for threats and take appropriate action, for example drop the packets. You can also view Sandstorm activity and the results of any file analysis. Use these results to determine the level of risk posed to your network by releasing these files.
Central synchronization
By synchronizing with Sophos Central, you can use Security Heartbeat to enable devices on your network to share health information. Synchronized Application Control lets you detect and manage applications in your network.
Network objects let you enhance security and optimize performance for devices behind the firewall. You can use these settings to configure physical ports, create virtual networks, and support Remote Ethernet Devices. Zones allow you to group interfaces and apply firewall rules to all member devices. Network redundancy and availability is provided by failover and load balancing. Other settings allow you to provide secure wireless broadband service to mobile devices and to configure advanced support for IPv6 device provisioning and traffic tunnelling.
A route provides a device information so that it can forward a packet to a specific destination. You can configure static and dynamic routes on Sophos Firewall.
You can set up authentication using an internal user database or third-party authentication service. To authenticate themselves, users must have access to an authentication client. However, they can bypass the client if you add them as clientless users. The firewall also supports two-factor authentication, transparent authentication, and guest user access through a captive portal.
System services
Use system services to configure the RED provisioning service, high availability, and global malware protection settings.
Profiles allow you to control users' internet access and administrators' access to the firewall. You can define schedules, access time, and quotas for surfing and data transfer.
Hosts and services
You can define and manage system hosts and services.
Administration allows you to manage device licenses and time, administrator access, centralized updates, network bandwidth and device monitoring, and user notifications.
Backup and firmware
You can manage the configuration, firmware versions, hotfixes, and pattern updates.
Certificates allows you to add certificates, certificate authorities, and certificate revocation lists.
Logs provide insight into network activity and system events that let you identify security issues and see which of the configured rules apply. You can send logs to a syslog server or view them through the log viewer. Using data anonymization, you can encrypt identities in logs and reports.
Open Source Software Attributions
Download client
You can download the authentication clients and server CA certificates for your endpoints. You can also download the SPX email encryption client.
You can download remote access IPsec and SSL VPN clients to your Windows, macOS, and iOS devices.
Internet Usage
This page displays the overall Internet Usage of the user.
You can allow or block emails from specific senders by specifying their email addresses or wildcard addresses.
My policy overrides
Policy overrides allow you to temporarily unblock websites that are blocked by web policies.
The menu Hotspots allows cafés, hotels, companies, etc. to provide time- and traffic-restricted Internet access to guests.
OTP Token
This page describes how to sign in using a one time password.
Accessing Command Line Console
Network configuration
Use this menu for the following settings;
System settings
Use this menu to configure and manage various system settings.
Route configuration
Use this menu to configure the following routing options:
Device console
This page describes the CLI console and the various commands available in the base console.
Device Management
Device management allows you to reset the firewall configuration to factory default, check the firmware versions currently installed, access the advanced shell, and flush reports stored on the appliance.
VPN Management
VPN Management allows you to regenerate RSA keys and restart VPN services. RSA keys are used for authenticating IPsec VPN connections for both user and site-to-site connections.
Reset to factory settings
Reset allows you to reset your Sophos Firewall to factory default settings. Resetting to factory default settings does not affect registration.
Appendix A – DHCP Options (RFC 2132)
A DHCP server can provide optional configurations to the client. Sophos Firewall provides support to configure following DHCP Options as defined in RFC 2132.
Appendix B – DHCPv6 Options (RFC 3315)
Control center
The Control center shows the features in use, and the health and security of the network..
Sophos Firewall allows you to create, deploy, and manage wireless networks. You can deploy wireless networks using the built-in access point if you're using a hardware model that includes one. Or you can use a separate Sophos access point.
Configure Active Directory authentication
You can add existing Active Directory users to Sophos Firewall. Add an Active Directory server, import groups, and set the primary authentication method.
Security management and best practices
Create a remote access SSL VPN with the legacy client
You want to configure and deploy a connection to allow remote users to access a local network. The VPN establishes an encrypted tunnel to provide secure access to corporate resources through TCP on port 443.
About HA
HA configuration
Options for configuring high availability.
Verifying HA status
How to verify that HA has been configured.
Manage HA
Actions you can perform to manage your HA cluster effectively.
Upgrading HA
How Sophos Firewall firmware upgrades work when HA is turned on.
HA license transfer
License transfer provides the ability to transfer a license from one serial number to another. You must only use it to cover exceptions when moving the license to a different serial number.
How to troubleshoot HA issues.
Virtual and software appliances
You can install Sophos Firewall as a virtual or software appliance.
Microsoft Hyper-V
You can deploy the Sophos Firewall virtual appliance on the Microsoft Hyper-V platform.
Nutanix Prism
You can install the Sophos Firewall virtual appliance on the Nutanix Prism platform.
You can deploy the Sophos Firewall virtual appliance on the KVM (Kernel-based Virtual Machine) platform.
Software appliance
You can deploy the Sophos Firewall software appliance on custom hardware over Windows and macOS systems.
You can deploy the Sophos Firewall virtual appliance in a VMware ESX or VMware ESXi environment.
You can deploy the Sophos Firewall virtual appliance on Citrix XenApp platform.
Activating and registering Sophos Firewall
You can activate Sophos Firewall and register it.
You can get help in various ways.
Open Source Software Attributions
Copyright notice

About this Help

This help file provides information about Sophos Firewall OS and Sophos Firewall and explains procedures step by step.

Administrator help

Administrators find information on how to configure Sophos Firewall and how Sophos Firewall works in the Administrator help.

User portal help

End-users find information about the Sophos Firewall user portal, such as how to manage their quarantined emails, download authentication clients, and use clientless access in the User portal help.

Command line help

Administrators find information on how to use the command-line interface of Sophos Firewall in the Command line help.

Startup help

New customers of Sophos Firewall find information about the user interface and best practices, as well as step-by-step configuration examples for common scenarios in the Startup help.

High availability startup guide

Administrators learn how to set up HA using QuickHA or the interactive mode in the High availability startup guide.

Sophos Firewall virtual and software appliances help

Administrators find help on setting up Sophos Firewall on Hyper-V, Nutanix Prism, KVM, VMware, XenApp, and as a software appliance in the Sophos Firewall virtual and software appliances help.

Release notes

You can find information about Sophos Firewall releases in Release notes.

Can't find what you need?

Try the following:

  • Use the Search bar above.
  • Go to the Support section of our website and search there. This finds knowledge base articles or Sophos Community posts.
  • Find technical videos on many topics at Sophos Techvids.