Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Deploy Sophos Firewall in Microsoft Azure

You can deploy a Sophos Firewall virtual machine (VM) in Microsoft Azure.

This guide includes instructions for third-party products. We recommend that you check the vendors' latest documentation.

Microsoft Azure configuration

You can use a basic stock-keeping unit (SKU) or a standard SKU public IP address for the firewall. See Public IP addresses.

The firewall only supports a dynamic basic SKU public IP address. To deploy the firewall using a basic SKU public IP address, do as follows:

  1. Sign in to Microsoft Azure portal.
  2. Go to Marketplace. You can also search for it in the search box.

    Microsoft Azure Marketplace service.

  3. Search for Sophos Firewall in the Marketplace search box and click Sophos Firewall.

    Microsoft Azure Sophos Firewall.

  4. Click Create.

  5. Under Basics, configure the following settings:

    1. Subscription: Select the subscription associated with your Microsoft Azure portal account.
    2. Resource group: Select a resource group or create a new one.
    3. Region: Select a region. We recommend you select the region closest to your location.
    4. VM name: Enter a name.
    5. Password: Enter a password. The 'admin' user will use this password to sign in to the firewall.
    6. Confirm password: Re-enter the password.
  6. Click Next.

  7. Under Instance details, configure the following settings:

    1. License type: Select the license type.

      • BYOL: You can get a Bring Your Own License (BYOL) from a Sophos reseller. Contact your Sophos account representative or send an email to publiccloud@sophos.com for more information.
      • PAYG: You can pay hourly using Pay As You Go (PAYG).
    2. Virtual machine size: Select the size of the VM instance. The default size and minimum requirement for the firewall is Standard F2s v2 (2 virtual CPUs and 4 GB memory). You can click Change size to change the size of the VM according to your requirements.

    3. Virtual network: Select a virtual network. To edit the virtual network, click Edit virtual network.
    4. LAN subnet: Select a LAN subnet. To edit the subnet, click Edit subnet.
    5. WAN subnet: Select a WAN subnet. To edit the subnet, click Edit subnet.
    6. Public IP name: For the public IP address you select here, make sure SKU is set to Basic and Assignment to Dynamic.

      Note

      Creating a Standard SKU public IP address here isn't supported.

    7. Domain name: Enter a unique domain name. Use this to access the web admin console and CLI console of the firewall.

    8. Storage account: Select a storage account or create a new one.
  8. Click Next.

    A validation test starts. If it fails, check your configuration.

  9. When the validation test succeeds, review the details and click Create.

    The deployment process takes a few minutes.

  10. When the deployment is complete, click Go to resource group to see the resources deployed in your account.

    VM deployment complete.

A standard SKU public IP address is static and supports availability zones. To deploy the firewall using a standard SKU public IP address, do as follows:

Create a standard SKU public IP address

  1. Sign in to Microsoft Azure portal.
  2. Go to Public IP addresses. You can also search for it in the search box.

    Microsoft Azure Public IP addresses service.

  3. Click Create.

  4. Under Basics, configure the following settings:

    1. Subscription: Select the subscription associated with your Microsoft Azure portal account.
    2. Resource group: Select a resource group or create a new one.
    3. Region: Select a region. We recommend you select the region closest to your location.
    4. Name: Enter a name.
    5. IP version: Select IPv4.
    6. SKU: Select Standard.
    7. Availability zone: Select 1.

      Note

      The firewall only supports one availability zone.

    8. Tier: Select Regional.

    9. IP address assignment: Select Static.
    10. Routing preference: Select Microsoft network.
    11. Idle timeout (minutes): Enter an idle timeout duration.
    12. DNS name label: Enter a DNS name.
    13. Domain name label scope (preview): Select None.
  5. Under DDoS protection > Protection type, select Network, then click Next.

  6. Under Tags, click Next.

    A validation test starts. If it fails, check your configuration.

  7. When the validation test succeeds, review the details and click Create.

    The deployment process takes a few minutes.

  8. When the deployment is complete, click Go to resource to see the details.

    Standard SKU public IP address complete.

    Standard SKU public IP address.

Deploy the firewall

  1. Go to Marketplace. You can also search for it.

    Microsoft Azure Marketplace service.

  2. Search for Sophos Firewall in the Marketplace and click Sophos Firewall.

    Microsoft Azure Sophos Firewall.

  3. Click Create.

  4. Under Basics, configure the following settings:

    1. Subscription: Select the subscription associated with your Microsoft Azure portal account.
    2. Resource group: Select a resource group or create a new one.
    3. Region: Select the same region you used for the standard SKU public IP address.
    4. VM name: Enter a name.
    5. Password: Enter a password. The 'admin' user will use this password to sign in to the firewall.
    6. Confirm password: Re-enter the password.
  5. Click Next.

  6. Under Instance details, configure the following settings:

    1. License type: Select the license type.

      • BYOL: You can get a Bring Your Own License (BYOL) from a Sophos reseller. Contact your Sophos account representative or send an email to publiccloud@sophos.com for more information.
      • PAYG: You can pay hourly using Pay As You Go (PAYG).
    2. Virtual machine size: Select the size of the VM instance. The default size and minimum requirement for Sophos firewall is Standard F2s v2 (2 virtual CPUs and 4 GB memory). You can click Change size to change the size of the VM according to your requirements.

    3. Virtual network: Select a virtual network. To edit the virtual network, click Edit virtual network.
    4. LAN subnet: Select a LAN subnet. To edit the subnet, click Edit subnet.
    5. WAN subnet: Select a WAN subnet. To edit the subnet, click Edit subnet.
    6. Public IP name: Select the standard SKU public IP address you created.
    7. Domain name: This is automatically filled with the DNS name of the standard SKU public IP address. Use this to access the web admin console and CLI console of the firewall.

      Standard SKU public IP address domain.

    8. Storage account: Select a storage account or create a new one.

  7. Click Next.

    A validation test starts. If it fails, check your configuration.

  8. When the validation test succeeds, review the details and click Create.

    The deployment process takes a few minutes to complete.

  9. When the deployment is complete, click Go to resource group to see the resources deployed in your account.

    VM deployment complete.

Access and configure the firewall

To access the firewall, do as follows:

  1. Sign in to Microsoft Azure portal.
  2. Go to Virtual machines. You can also search for it.

    Microsoft Azure Virtual machines service.

  3. Click the firewall you want to access.

  4. Under DNS name, hover over the URL and click the Copy to clipboard icon Copy to clipboard..
  5. On a web browser, access the firewall's web admin console using the following syntax:

    Syntax

    https://<DNS name>:4444

    Example

    https://sfostest1.southeastasia.cloudapp.azure.com:4444

  6. Sign in to the firewall using the username admin and the password you entered when you created the firewall.

  7. Under Sophos End User Terms of Use, click I accept.
  8. Go to Set up your Sophos Firewall and claim it in Sophos Central and follow the instructions from step 6 onwards.

    When you're redirected to the firewall, click Continue to see the firewall's Control center.

    Sophos Firewall basic setup complete.

Microsoft Azure resources