{"id":161517,"date":"2024-09-06T14:35:08","date_gmt":"2024-09-06T13:35:08","guid":{"rendered":"https:\/\/www.avanet.com\/?post_type=kb&#038;p=161517"},"modified":"2024-09-06T14:42:09","modified_gmt":"2024-09-06T13:42:09","slug":"sophos-firewall-first-steps-and-setup","status":"publish","type":"kb","link":"https:\/\/www.avanet.com\/en\/kb\/sophos-firewall-first-steps-and-setup\/","title":{"rendered":"Sophos Firewall &#8211; Getting started and setup"},"content":{"rendered":"\n<p>Sophos Firewall is at the heart of one of the world&#8217;s best network security platforms.\nThis article describes the steps to get a new Sophos Firewall up and running and correctly configured.\nIt covers the requirements for setting up, registering the firewall, integrating with Sophos Central and activating licenses.  <\/p>\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Topics<\/h2><nav><ul><li class=\"\"><a href=\"#d\">Requirements for the installation<\/a><\/li><li class=\"\"><a href=\"#anschlusse-und-netzwerkkonfiguration\">Connections and network configuration<\/a><\/li><li class=\"\"><a href=\"#zugriff-auf-das-web-interface\">Access to the web interface<\/a><\/li><li class=\"\"><a href=\"#ersteinrichtung-mit-dem-einrichtungsassistenten\">Initial setup with the setup wizard<\/a><\/li><li class=\"\"><a href=\"#internetverbindung-und-dns-uberprufung\">Internet connection and DNS check<\/a><\/li><li class=\"\"><a href=\"#registrierung-der-sophos-firewall\">Registering your Sophos Firewall<\/a><ul><li class=\"\"><a href=\"#schritte-zur-registrierung\">Steps to registration:<\/a><\/li><\/ul><\/li><li class=\"\"><a href=\"#aktivierung-von-lizenzen\">Activation of licenses<\/a><\/li><li class=\"\"><a href=\"#verbindung-zur-sophos-central-plattform\">Connection to the Sophos Central platform<\/a><ul><li class=\"\"><a href=\"#schritte-zur-verbindung-mit-sophos-central\"><a href=\"#schritte-zur-verbindung-mit-sophos-central\">Steps to connect to Sophos Central<\/a><\/a><\/li><\/ul><\/li><li class=\"\"><a href=\"#abschluss-der-einrichtung\">Completion of the installation<\/a><\/li><li class=\"\"><a href=\"#fazit\">Support<\/a><\/li><\/ul><\/nav><\/div>\n\n<p>Of course, it&#8217;s easier with a video and Sophos has already created a pretty good one.<\/p>\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\"> \n<iframe loading=\"lazy\" title=\"Sophos Firewall: Basic Setup &amp; Registration\" width=\"1290\" height=\"726\" src=\"https:\/\/www.youtube.com\/embed\/CfPPsqolTRA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n <\/div><\/figure>\n\n<h2 class=\"wp-block-heading\" id=\"d\">Requirements for the installation<\/h2>\n\n<p>Before you start setting up the Sophos Firewall, a few prerequisites must be met:<\/p>\n\n<ol class=\"wp-block-list\">\n<li><strong>Active Internet connection<\/strong>: The firewall requires a working Internet connection for registration and license retrieval.<\/li>\n\n\n\n<li><strong>DNS configuration<\/strong>: A public DNS server, such as 8.8.8.8 (Google DNS), should be configured.<\/li>\n\n\n\n<li><strong>Enabled port 443<\/strong>: Outgoing traffic via port 443 must be permitted on all upstream devices.<\/li>\n<\/ol>\n\n<p>It is optional to create a Sophos Central account in advance.\nHowever, this article also shows how to perform this step during setup. <\/p>\n\n<h2 class=\"wp-block-heading\" id=\"anschlusse-und-netzwerkkonfiguration\">Connections and network configuration<\/h2>\n\n<p>After unpacking the Sophos Firewall, e.g. model XGS116, note the following:<\/p>\n\n<ol class=\"wp-block-list\">\n<li><strong>WAN connection<\/strong>: Connect the WAN interface to port 2 to establish the Internet connection.<\/li>\n\n\n\n<li><strong>LAN connection<\/strong>: Connect the LAN interface on port 1 to a local device.\nThe device automatically receives an IP address in the 172.16.16.x subnet. <\/li>\n\n\n\n<li><strong>Management interface (if available)<\/strong>: On higher-end models, there is often a dedicated management port (MGMT) with the default IP 10.0.1.1.\nIt is recommended to use this port for the basic setup. <\/li>\n<\/ol>\n\n<h2 class=\"wp-block-heading\" id=\"zugriff-auf-das-web-interface\">Access to the web interface<\/h2>\n\n<p>To configure the Sophos Firewall, access the web UI via a web browser.\nDepending on the interface used, one of the following URLs is used: <\/p>\n\n<ul class=\"wp-block-list\">\n<li><strong>LAN port<\/strong>:  <code>https:\/\/172.16.16.16:4444<\/code><\/li>\n\n\n\n<li><strong>Management port<\/strong>:  <code>https:\/\/10.0.1.1:4444<\/code><\/li>\n<\/ul>\n\n<p>When accessing for the first time, a warning is displayed about the self-signed certificate, which must be accepted.\nYou will then be taken to the welcome page. <\/p>\n\n<h2 class=\"wp-block-heading\" id=\"ersteinrichtung-mit-dem-einrichtungsassistenten\">Initial setup with the setup wizard<\/h2>\n\n<ol class=\"wp-block-list\">\n<li><strong>Set admin password<\/strong>: A new password must be assigned and confirmed for the admin user.<\/li>\n\n\n\n<li><strong>Firmware update<\/strong>: If required, the latest firmware is automatically installed during setup.<\/li>\n\n\n\n<li><strong>Secure storage key<\/strong>: A master key is created for the secure storage that is used to encrypt sensitive data.\nThis key should be stored securely as it cannot be recovered. <\/li>\n<\/ol>\n\n<h2 class=\"wp-block-heading\" id=\"internetverbindung-und-dns-uberprufung\">Internet connection and DNS check<\/h2>\n\n<p>The next step is to check whether the firewall has a functioning internet connection.\nIf problems occur, the settings can be adjusted manually.\nIt is recommended to use a public DNS server such as 8.8.8.8.  <\/p>\n\n<h2 class=\"wp-block-heading\" id=\"registrierung-der-sophos-firewall\">Registering your Sophos Firewall<\/h2>\n\n<p>The Sophos Firewall can be registered either immediately or at a later date.\nWithout registration, the firewall can be used for up to 30 days.\nRegistration takes place via the Sophos Central platform.  <\/p>\n\n<h3 class=\"wp-block-heading\" id=\"schritte-zur-registrierung\">Steps to registration:<\/h3>\n\n<ol class=\"wp-block-list\">\n<li><strong>Claim the firewall in Sophos Central<\/strong>: After registering the firewall, it is claimed in Sophos Central.\nIf you do not yet have a Sophos Central account, you can create one directly during setup. <\/li>\n\n\n\n<li><strong>OTP registration<\/strong>: A One-Time Password (OTP) provided by Sophos Central is used for registration.<\/li>\n<\/ol>\n\n<h2 class=\"wp-block-heading\" id=\"aktivierung-von-lizenzen\">Activation of licenses<\/h2>\n\n<p>After registration, licenses for the firewall can be activated.\nThis can be done either via the web admin interface of the firewall or directly in Sophos Central. <\/p>\n\n<ol class=\"wp-block-list\">\n<li><strong>Enter the license key<\/strong>: The license key is entered and verified in the licensing tab of the firewall.\nWe normally register the firewall for you if you have opted for the subscription model, so you don&#8217;t have to worry about the license. <\/li>\n\n\n\n<li><strong>Manage licenses in Sophos Central<\/strong>: Active licenses can be viewed and new licenses can be added or transferred via the Sophos Central platform.<\/li>\n<\/ol>\n\n<h2 class=\"wp-block-heading\" id=\"verbindung-zur-sophos-central-plattform\">Connection to the Sophos Central platform<\/h2>\n\n<p>After the firewall has been successfully set up, it is recommended to connect the firewall to Sophos Central.\nThis allows the firewall to be managed and monitored centrally. <\/p>\n\n<h3 class=\"wp-block-heading\" id=\"schritte-zur-verbindung-mit-sophos-central\">Steps to connect to Sophos Central<\/h3>\n\n<ol class=\"wp-block-list\">\n<li><strong>Firewall management in Sophos Central<\/strong>: In the Sophos Central Dashboard under &#8220;Firewall Management&#8221;, the firewall can be added by entering the serial number.<\/li>\n\n\n\n<li><strong>OTP authentication<\/strong>: An OTP code is used to complete the registration.<\/li>\n\n\n\n<li><strong>Activate services<\/strong>: Finally, the Sophos Central services are activated on the firewall.<\/li>\n<\/ol>\n\n<h2 class=\"wp-block-heading\" id=\"abschluss-der-einrichtung\">Completion of the installation<\/h2>\n\n<p>After completing the setup, the firewall restarts.\nAfter the restart, the licenses can be checked and activated again.\nAutomatic backups of the configuration are also set up and sent by email on a weekly basis.  <\/p>\n\n<h2 class=\"wp-block-heading\" id=\"fazit\"><strong>Support<\/strong><\/h2>\n\n<p>After the basic setup, the Sophos Firewall is now functional and ready for use.\nHowever, it should be noted that the firewall is anything but secure in this state.\nThe real work begins now: The configuration of interfaces, zones, firewall rules, intrusion prevention systems (IPS), as well as the creation of policies and more, are essential to ensure a secure and robust network security solution.  <\/p>\n\n<p>Our long-term plan is to create detailed videos for each of these steps to make configuration easier and guarantee the best possible security.\nIn the meantime, our support team is available to help you set up, optimize or migrate your Sophos Firewall. <\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"template":"","format":"standard","kb_kategorie":[382],"class_list":["post-161517","kb","type-kb","status-publish","format-standard","hentry","kb_kategorie-sophos-firewall"],"blocksy_meta":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb\/161517","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media?parent=161517"}],"wp:term":[{"taxonomy":"kb_kategorie","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/kb_kategorie?post=161517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}