Deploy Sophos Firewall in gateway mode
When you deploy Sophos Firewall in gateway mode, Sophos Firewall acts as a gateway for your network.
Introduction
When you configure Sophos Firewall as a layer 3 bridge (in gateway mode), you can use all of its security features and also use it to route traffic.
In this example, you have a network with a firewall serving as a gateway. You'll replace the existing firewall with Sophos Firewall without changing the existing network LAN schema.
The following network diagram shows a network where Sophos Firewall is deployed in gateway mode.
Note
The IP addresses shown in the diagram are examples. Your network may be different.
Gateway mode deployment
Sophos Firewall is shipped with the following default configuration:
- Port A IP address (LAN zone): 172.16.16.16/255.255.255.0.
- Port B IP address (WAN zone): DHCP IP assignment.
Connect port A of Sophos Firewall to an endpoint computer's Ethernet interface and set the endpoint computer's IP address to 172.16.16.2/24
. Browse to https://172.16.16.16:4444
to access the graphical user interface (GUI) and follow the steps in the assistant.
Configure Sophos Firewall in gateway mode
-
Select Click to begin.
-
Set a new password for the admin account.
-
If required, click Manual configuration.
-
Click Continue.
-
Choose a name for the firewall and set the time zone.
-
Register your firewall.
-
Sign in or create a Sophos Central account.
If you selected a 30-day trial, select a licensing option and click Claim firewall.
The serial number is assigned to your Sophos Firewall.
-
Click Continue.
-
Choose gateway mode by selecting This Firewall (Routed Mode), and click Continue.
-
Click Enable TAP/Discover Mode if required and select one or more ports for passive network monitoring.
-
For models with an integrated wireless radio, configure the protected wireless network and guest wireless network, then click Continue.
Note
Sophos Firewall models XGS 88w, 108w, 118w, and 128w don't have the Bridge wireless network with LAN setting. To allow wireless clients to access the LAN directly, go to Wireless > Access points, select LocalWifi0, and turn on Bridge to Ethernet.
-
Select network protection options as required and click Continue.
-
Set an email recipient for notifications and backups and click Continue.
-
Review the configuration summary, and click Finish.
Sophos Firewall applies the configuration changes and reboots.