Follow these recommendations if you are new to XG Firewall. You learn how to secure the access to your XG Firewall, test and validate it, and finally how to go live once you feel comfortable.
The control center provides a single-screen snapshot of the status and health of the security system.
Keep track of currently signed-in local and remote users, current IPv4, IPv6, IPsec, SSL, and wireless connections.
Reports provide a unified view of network activity for the purpose of analyzing traffic and threats and complying with regulatory bodies. For example, you can view a report that includes all web server protection activities taken by the firewall, such as blocked web server requests and identified viruses.
View information about network traffic passing through the firewall and security threats.
View information about application and internet usage on your network.
View information about network usage and associated threats.
View information about remote users connecting to your network using IPsec VPN, SSL VPN, and clientless access.
View information about email traffic on your network.
View information about regulatory compliance.
Create reports that include only the criteria that you specify.
Bookmarks allow you to access frequently used reports quickly. For example, you may need to refer to a report that identifies intrusion attacks for a specified period to isolate a specific threat.
Report settings let you specify configuration options for reports. For example, you can specify data to show in custom reports and manage report schedules for all report groups. Other options let you specify data retention times and purge data.
Custom views allow you to select report groups so that all of the information you need is displayed in a report. For example, you may need to view Sandstorm protection activity and web users in a single report.
Report schedules specify report groups, email recipients, and email frequency. You can select any default or custom report group. Reports are sent in PDF format. ConnectWise and security audit options are available.
The firewall logs activity that is used to produce reports. You can specify log retention settings in order to optimize your disk space usage.
You can manually purge report logs to optimize your disk space usage. Manual purges are executed immediately.
Bookmark groups provide a convenient way to manage your bookmarks. For example, you may wish to organize all bookmarks for application technologies and network threats in one group.
In order to create pre-defined ConnectWise reports, you must enable ConnectWise and specify settings such as server URL and user credentials.
Select a custom logo to display on your generated reports.
This menu allows checking the health of your device in a single shot. Information can be used for troubleshooting and diagnosing problems found in your device.
System graphs page displays graphs pertaining to system related activities for different time intervals.
Rules and polices enable traffic flow between zones and networks while enforcing security controls, address translation, and decryption and scanning.
With intrusion prevention, you can examine network traffic for anomalies to prevent DoS and other spoofing attacks. Using policies, you can define rules that specify an action to take when traffic matches signature criteria. You can specify protection on a zone-specific basis and limit traffic to trusted MAC addresses or IP–MAC pairs. You can also create rules to bypass DoS inspection.
Web protection keeps your company safe from attacks that result from web browsing and helps you increase productivity. You can define browsing restrictions with categories, URL groups, and file types. By adding these restrictions to policies, you can block websites or display a warning message to users. For example, you can block access to social networking sites and executable files. General settings let you specify scanning engines and other types of protection. Exceptions let you override protection as required for your business needs.
Application protection helps keeps your company safe from attacks and malware that result from application traffic exploits. You can also apply bandwidth restrictions and restrict traffic from applications that lower productivity. Application filters allow you to control traffic by category or on an individual basis. With synchronized application control, you can restrict traffic on endpoints that are managed with Sophos Central. Managing cloud application traffic is also supported.
Wireless protection lets you define wireless networks and control access to them.
Manage email routing and protect domains and mail servers. You can configure SMTP/S, POP/S, and IMAP/S policies with spam and malware checks, data protection, and email encryption.
You can protect web servers against Layer 7 (application) vulnerability exploits. These attacks include cookie, URL, and form manipulation. Use these settings to define web servers, protection policies, and authentication policies for use in Web Application Firewall (WAF) rules. General settings allow you to protect web servers against slow HTTP attacks.
Advanced threat protection allows you to monitor and analyze all traffic on your network for threats and take appropriate action, for example drop the packets. You can also view Sandstorm activity and the results of any file analysis. Use these results to determine the level of risk posed to your network by releasing these files.
By synchronizing with Sophos Central, you can use Security Heartbeat to enable devices on your network to share health information. Synchronized Application Control lets you detect and manage applications in your network. Additionally, you can manage your XG Firewall devices centrally through Sophos Central.
A Virtual Private Network (VPN) is a tunnel that carries private network traffic from one endpoint to another over a public network such as the internet. VPN allows users to transfer data as if their devices were directly connected to a private network. You can use a VPN to provide secure connections from individual hosts to an internal network and between networks. VPNs are commonly used to secure communication between off-site employees and an internal network and from a branch office to the company headquarters.
Network objects let you enhance security and optimize performance for devices behind the firewall. You can use these settings to configure physical ports, create virtual networks, and support Remote Ethernet Devices. Zones allow you to group interfaces and apply firewall rules to all member devices. Network redundancy and availability is provided by failover and load balancing. Other settings allow you to provide secure wireless broadband service to mobile devices and to configure advanced support for IPv6 device provisioning and traffic tunnelling.
A route provides a device information so that it can forward a packet to a specific destination. You can configure static and dynamic routes on XG Firewall.
You can set up authentication using an internal user database or third-party authentication service. To authenticate themselves, users must have access to an authentication client. However, they can bypass the client if you add them as clientless users. The firewall also supports two-factor authentication, transparent authentication, and guest user access through a captive portal.
Use system services to configure the RED provisioning service, high availability, and global malware protection settings.
Profiles allow you to control users’ internet access and administrators’ access to the firewall. You can define schedules, access time, and quotas for surfing and data transfer. Network address translation allows you to specify public IP addresses for internet access. You can specify levels of access to the firewall for administrators based on work roles.
You can define and manage system hosts and services.
Administration allows you to manage device licenses and time, administrator access, centralized updates, network bandwidth and device monitoring, and user notifications.
You can manage the configuration, firmware versions, hotfixes, and pattern updates.
Certificates allows you to add certificates, certificate authorities, and certificate revocation lists.
Logs include analyses of network activity that let you identify security issues and reduce malicious use of your network. You can send logs to a syslog server or view them through the log viewer. Using data anonymization, you can encrypt identities in logs and reports.
You can get help in various ways.
