Getting started

Follow these recommendations if you are new to XG Firewall. You learn how to secure the access to your XG Firewall, test and validate it, and finally how to go live once you feel comfortable.

Secure administrator access to XG Firewall

  1. Configure a high complexity setting for the administrator password. Change the default administrator password or use public key authentication for the “admin” user. You can find more information on how to set up public key authentication in the knowledge base article 127200.
  2. Configure sign-in security.
    • Lock or sign out administrator session: Specify the inactivity period of the administrator.
    • Prevent brute force sign-in attacks: Specify the number of unsuccessful attempts to sign in within a time frame from the same IP address. Specify the duration of blocked access.
    • Recommended settings: We’ve specified all our recommendations as default settings, for example, automatic installation of hotfixes, device access to XG Firewall.

Test and validate

Whenever possible, test XG Firewall offline first, that is, configure the policies on a test network or in a lab and validate that the required access permissions are being implemented as expected.

To simulate the integration of your real network with it, you can deploy XG Firewall on the live network but with a different gateway IP address and point the users to the new gateway. This allows a staged approach to integrating XG Firewall into your live network, ensuring that the process does not interrupt day-to-day operations.

Additionally, carry out acceptance testing and an iterative process of tuning to finalize the configuration.

Go live

Once you’ve tested and validated the new XG Firewall, you can move to it either by switching IP addresses and removing the old device or by changing the default gateway.

Add new services

XG Firewall offers a wide range of new features compared to your previous vendor. Read more about these features in Sophos XG Firewall documentation. Finally, complete the migration by adding any new feature, service, or function that fits your business need.