Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Registration and basic setup

You can use the setup assistant for the basic setup and registration.

To use the assistant, see the following video:

After you complete the setup assistant, the firewall upgrades to the latest firmware. If there's a loss of connection during the upgrade, the firewall restarts with the firmware with which it was shipped.

Secure administrator access to Sophos Firewall

  1. Configure a complex administrator password. Change the default admin password or use public key authentication for administrators. For more information, see Set up public key authentication for administrators.
  2. Configure sign-in security.

    • Sign out administrator session: Specify the inactivity period of the administrator.
    • Prevent brute force sign-in attacks: Specify the number of unsuccessful attempts to sign in within a time frame from the same IP address. Specify the duration of blocked access.
    • Recommended settings: We’ve specified all our recommendations as default settings, for example automatic installation of hotfixes, device access to Sophos Firewall.

When you use the default admin password, the following restrictions apply:

  1. You can't use the Secure Copy Protocol (SCP) in the LAN and WAN zones.
  2. You can't sign in through SSH from the WAN zone. Sophos Firewall closes the connection silently.
  3. You can't access the web admin console from the WAN zone. A forbidden error message is shown.

Test and validate

Whenever possible, test Sophos Firewall offline first, that is, configure the policies on a test network or in a lab and validate that the required access permissions are being implemented as expected.

To simulate the integration of your real network with it, you can deploy Sophos Firewall on the live network but with a different gateway IP address and point the users to the new gateway. This allows a staged approach to integrating Sophos Firewall into your live network, ensuring that the process does not interrupt day-to-day operations.

Additionally, carry out acceptance testing and an iterative process of tuning to finalize the configuration.

Go live

Once you’ve tested and validated Sophos Firewall, you can move to it either by switching IP addresses and removing the old device or by changing the default gateway.

Licensing

You can now manage your firewall licenses and subscriptions on Administration > Licensing. See Licensing. If you're using Sophos Central, see Firewall licenses.