Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Manage Sophos Firewall

You can manage Sophos Firewall through Sophos Central or using the firewall's consoles, such as the web admin console and command-line interface (CLI).

Sophos Central

Sophos Central is a web-based management solution to centrally manage your Sophos Firewall devices, endpoints, and servers. You can use it to manage firewall devices individually or as a group. You'll need a Sophos Central account. Using Sophos Central, you can install firewall devices with a Zero Touch configuration file.

Here are some Sophos Central resources:

Sophos Firewall

You can manage firewall devices through the following consoles:

  • Web admin console: A web-based application to configure, monitor, and manage your firewall device. Access the console through any browser using HTTPS.

    https://<LAN IP address of Sophos Firewall>:4444

    The default IP address is 172.16.16.16.

    See Web admin console.

  • Command-line interface: The CLI allows you to manage and monitor certain components of the firewall, as well as to diagnose and troubleshoot issues. The firewall offers SSH access to the CLI. You can access it in one of the following ways:

    • Go to the web admin console and select admin > Console in the upper-right corner.
    • Use an SSH client, such as PuTTY.

    The firewall closes idle SSH sessions after 15 minutes.

    See Command line help.

Administrative access

As an administrator, you can access Sophos Firewall using the web admin console or CLI. The administrator sign-in profile defines the admin's rights to access the firewall.

Sophos Firewall is shipped with one administrator account and four administrator profiles.

Administrator type Sign-in credentials Console access Privileges
Super administrator admin/admin

Web admin console

CLI console

Full privileges for all configurations performed through either of the consoles.

Note

Change the password of the "admin" user immediately after deployment.

Ports

You can use the LAN port with the default IP address 172.16.16.16 to access the web admin console and CLI console.

However, Sophos Firewall 1U and higher appliance models have one or more management ports. You can use these to access the web admin console and CLI console. The default IP address of the management port is 10.0.1.1.

For information about how to configure the management ports, see How to configure management ports.