Follow these recommendations if you're new to Sophos Firewall. You learn how to secure access to your Sophos Firewall, test and validate it, and finally how to go live once you feel comfortable.
Secure administrator access to Sophos Firewall
- Configure a complex administrator password. Change the default admin password or use public key authentication for administrators. For more information, see Set up public key authentication for administrators.
- Configure sign-in security.
- Sign out administrator session: Specify the inactivity period of the administrator.
- Prevent brute force sign-in attacks: Specify the number of unsuccessful attempts to sign in within a time frame from the same IP address. Specify the duration of blocked access.
- Recommended settings: We’ve specified all our recommendations as default settings, for example automatic installation of hotfixes, device access to Sophos Firewall.
Test and validate
Whenever possible, test Sophos Firewall offline first, that is, configure the policies on a test network or in a lab and validate that the required access permissions are being implemented as expected.
To simulate the integration of your real network with it, you can deploy Sophos Firewall on the live network but with a different gateway IP address and point the users to the new gateway. This allows a staged approach to integrating Sophos Firewall into your live network, ensuring that the process does not interrupt day-to-day operations.
Additionally, carry out acceptance testing and an iterative process of tuning to finalize the configuration.
Once you’ve tested and validated Sophos Firewall, you can move to it either by switching IP addresses and removing the old device or by changing the default gateway.
Add new services
Sophos Firewall offers a wide range of new features compared to your previous vendor. Read more about these features in the help. Finally, complete the migration by adding any new feature, service, or function that fits your business need.