Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Deploy Sophos Firewall in gateway mode

When you deploy Sophos Firewall in gateway mode, Sophos Firewall acts as a gateway for your network.

Introduction

When you configure Sophos Firewall as a layer 3 bridge (in gateway mode), you can use all of its security features and also use it to route traffic.

In this example, you have a network with a firewall serving as a gateway. You'll replace the existing firewall with Sophos Firewall without changing the existing network LAN schema.

The following network diagram shows a network where Sophos Firewall is deployed in gateway mode.

Network diagram showing Sophos Firewall deployed in gateway mode.

Note

The IP addresses shown in the diagram are examples. Your network may be different.

Gateway mode deployment

Sophos Firewall is shipped with the following default configuration:

  • Port A IP address (LAN zone): 172.16.16.16/255.255.255.0.
  • Port B IP address (WAN zone): DHCP IP assignment.

Connect port A of Sophos Firewall to an endpoint computer's Ethernet interface and set the endpoint computer's IP address to 172.16.16.2/24. Browse to https://172.16.16.16:4444 to access the graphical user interface (GUI) and follow the steps in the assistant.

Configure Sophos Firewall in gateway mode

  1. Select Click to begin.

    Start screen.

  2. Set a new password for the admin account.

    Basic configuration screen where you create your admin password.

  3. If required, click Manual configuration.

    Internet connection screen with manual configuration button.

    1. Configure the network settings as required and click Apply.

      Manual configuration screen where you configure settings.

      Note

      The network settings shown in the image are examples only. You must configure settings that are appropriate for your network.

    2. Click OK.

      Screen showing that the interface has been updated successfully.

  4. Click Continue.

    Internet connection screen with the continue button.

  5. Choose a name for the firewall and set the time zone.

    Name and time zone screen.

  6. Register your firewall.

    • If you have a serial number, choose the first option and enter your serial number.

      Screenshot showing where you register your serial number.

    • If you don't have a serial number, choose the second option, which provides you a temporary serial number valid for a 30-day trial.

      Screenshot showing where you get a temporary serial number.

  7. Sign in or create a Sophos Central account.

    Screenshot showing how to sign in or create a Sophos Central account.

    If you selected a 30-day trial, select a licensing option and click Claim firewall.

    The serial number is assigned to your Sophos Firewall.

  8. Click Continue.

    Screenshot showing that the basic setup is complete.

  9. Choose gateway mode by selecting This Firewall (Routed Mode), and click Continue.

    Network configuration screen where you can choose gateway mode.

  10. Click Enable TAP/Discover Mode if required and select one or more ports for passive network monitoring.

    Screenshot showing where to enable TAP/Discover mode, and the passive network monitoring screen.

  11. For models with an integrated wireless radio, configure the protected wireless network and guest wireless network, then click Continue.

    Network configuration screen where you can set up wireless networks.

    Note

    Sophos Firewall models XGS 88w, 108w, 118w, and 128w don't have the Bridge wireless network with LAN setting. To allow wireless clients to access the LAN directly, go to Wireless > Access points, select LocalWifi0, and turn on Bridge to Ethernet.

  12. Select network protection options as required and click Continue.

    Network protection screen where you can enable network protection.

  13. Set an email recipient for notifications and backups and click Continue.

    Notifications and backups screen where you can set the email recipient.

  14. Review the configuration summary, and click Finish.

    Configuration summary screen.

    Sophos Firewall applies the configuration changes and reboots.

    Finishing screen.