Skip to content

Interfaces

Sophos Firewall uses interfaces to connect to your network. If you have a physical device, you have at least four physical interfaces in the form of network ports. If you have a virtual device, you need at least two physical network ports.

Sophos Firewall always has one default interface configured on initial start-up using the IP address 172.16.16.16. If you used the initial setup assistant, you might have already changed this and set up additional interfaces. For example, a WAN interface to access the internet.

Interfaces are assigned a zone. Zones are separated network segments that don't allow traffic to flow between them without a dedicated firewall rule in place.

The assigned zone determines the network permissions assigned to network traffic on that interface. The following zones are available:

Zone Description
LAN The LAN zone contains your main internal network where most of your endpoint computers are located and has the least restrictive default permissions.
WAN The WAN zone connects to the internet. An interface in this zone is normally assigned a public IP address. However, if you have deployed Sophos Firewall behind another router, a private IP address may still be used. By default, only those permissions required to allow traffic out to the internet are allowed in this zone.
DMZ The DMZ zone is a more restricted internal network zone normally used for hosts, such as web servers. This lets you allow access to web services from the internet without allowing access to your main internal LAN network.
WiFi The Wi-Fi zone is like the LAN zone and is assigned to all wireless networks. It has many services turned on by default to allow connected endpoints access to the internet and other domain services. This is the interface to which you connect your access points.

You can control permissions for zone services in the device access settings on Administration > Device access.

You can control permissions for specific networks in Firewall rules, which you can set up on Rules and policies > Firewall rules.