Sophos Firewall Xg Iso Download
Posted : admin On 15.12.2020The product team is pleased to announce a major new update for XG Firewall v18 with several great new enhancements.
Security emphasis
Given how much working environments have changed this year, we have accelerated our product security investments, taking a more proactive approach. As a result, this new maintenance release for XG Firewall v18 includes several security and hardening enhancements to better protect your firewall and your data stored within, including SSMK (Secure Storage Master Key) for the encryption of your sensitive data.
Hello, I hope you are all doing great. Please where can i download an iso image for sophos XG vmware. Thanks in advance. Hi, I had hardware issues and now need to reinstall Sophos, my backups are on 17.5.0 but when i download the installer it seems to be 17.1.4 version.
There’s also a new CLI option to disable Captcha authentication that was previously introduced as a security hardening measure:
Remote access VPN
Working from home and makes remote access VPN a vital tool for all organizations these days, and there are important enhancements to remote access VPN in this release:
- Increased SSL VPN connection capacity across our entire firewall lineup. The capacity increase depends on your Firewall model: desktop models can expect a modest increase, while rack mount units will see a 3-6x improvement in SSL VPN connection capacity. Check the latest numbers for your XG Series model. Remember that Sophos XG Firewall is the only firewall that provides remote access VPN up to the capacity of your device – at no extra charge.
- Group support for our Sophos Connect VPN client, which now enables group imports from AD/LDAP/etc. for easy setup of group access policy.
Cloud (AWS/Nutanix) enhancements
Cloud and hybrid network infrastructure continues to grow in importance, and we’re also investing heavily in public cloud support:
- Support for newer AWS instances – C5/ M5 and T3 (#)
- Support for CloudFormation Templates, removing the need to run the installation wizard in some cases (#)
- Virtual WAN Zone support on custom gateways for post deployment single arm usage
- Single-arm deployments are now possible on AWS deployments thanks to an option to assign a zone to your custom gateway objects. This allows you to create access and security rules for traffic going into those zones.
- XG Firewall is now Nutanix AHV and Nutanix Flow Ready. XG Firewall has been validated to provide two modes of operation within Nutanix AHV infrastructure. Learn more.
- Also be sure to check out Sophos Cloud Optix to enhance your security and optimize costs for your cloud environments
Central management and reporting
We are seeing rapid adoption of Sophos Central management and reporting for XG Firewall thanks to rich features that make managing all your XG Firewalls easy. It’s important to note that legacy central management and reporting platforms including CFM/SFM and iView are coming to end of life soon.
Now is the time to move to Sophos Central for your central management and reporting needs, as it offers a modern, scalable, secure platform with a great feature set and an aggressive roadmap.
What’s new:
- XG Firewalls running in an HA configuration (either A-A or A-P) can now be fully managed within Firewall Group Management
- An Audit Trail feature is now available within the Task Queue
- Central Firewall Reporting has recently added the option to save, schedule, and export reports. Learn more.
Coming soon: Next month, a couple of other great enhancements are coming to Sophos Central, including group firewall management from the Partner Dashboard that greatly simplifies multi-customer firewall management, and cross-firewall reporting for better insights into activity across your entire multi-firewall protected network.
HA and other enhancements
XG Firewall v18 MR3 also addresses a number of reported issues with high-availability deployments, SD-RED devices support, and other areas. See the release notes for a full list of fixes.
Upgrade as soon as possible
While we always encourage you to keep your firewalls up to date with the latest firmware, over the next few months we are recommending you rapidly apply maintenance releases to ensure you have all the important security, performance, and feature enhancements applied as soon as possible.
Also ensure you have automatic pattern updates enabled so that you can be assured you have the latest protection updates.
XG Firewall v18 MR3 is an easy upgrade from XG Firewall v17 (MR6+), but be sure to check supported platforms.
How to get it
As usual, this firmware update is no charge for all licensed XG Firewall customers. The firmware will be rolled out automatically to all systems over the coming weeks, but you can access the firmware anytime to do a manual update through the Licensing Portal. You can refer to this article for more information.
Learning more about upgrading to XG Firewall v18
And if you still haven’t upgraded to v18, or are still exploring many of the new features, be sure to take advantage of all the resources available, including the recent “Making the Most of XG Firewall v18” article series that covers all the great new capabilities in XG Firewall v18:
Table of Contents
Introduction
This guide provides detailed step-by-step instructions to upload, provision, install and configure the new Sophos XG Firewall in a ProfitBricks virtual Data Center (VDC).
Prerequisites
Sign up with Sophos to buy and download the Sophos XG Firewall ISO or alternatively request a free trial here: https://secure2.sophos.com/en-us/products/next-gen-firewall/free-trial.aspx
This will provide you with
Sophos Xg Home Download
- An ISO image.
- A valid serial number.
Upload ISO image
- Use a FTP Client, such as FileZilla, to upload the Sophos XG ISO to your ProfitBricks account using your DCD login credentials.
- Upload the ISO into the 'iso-images' folder.
- Once the internal processing of the image is finished you will receive an email.
Create or use virtual data center
Login in to the DCD and create a new data center or select an existing one.
Reserve IP Addresses
Since the firewall is a permanent device in your network, it is recommended to use a fixed IP address.
Sophos Xg Firmware Download
- Open IP Manager from the top navigation bar.
- Click on Reserve IPs, provide a name and set Number of IPs to 1. Make sure the correct region of your data center is selected.
- Click the button Reserve IPs.
Create Jump Server Instance
Initial configuration of the Sophos XG needs to be done from a web page running on the XG. This web page is only accessible from the internal LAN interface of the XG and not from the public (internet) interface of the XG. In order to access the web page, a jump server, located in the same internal LAN as the XG, is therefore needed.
- In your VDC, use a Composite Instance to create a Windows 2012 server which will be used as a jump server.
- Use the default settings for the server configuration.
- Select the ProfitBricks image windows-2012-r2-server as boot volume.
- Increase storage size (Size in GB) to 15 in order to accommodate minimum requirement of Windows Server 2012 R2.
- Provide a Password for the administrator account.
- Attach the server to the Internet Access box.
Create Sophos XG Firewall Instance
- Create the Sophos XG server using a composite instance.
- Use the following settings for the server configuration (based on the recommended requirements by Sophos):
- Cores: 2
- RAM: 4
- HDD size: 64 GB
Do not select any boot image.
Select ISO Boot Device
Select the Sophos XG instance, go to the Inspector sidebar and select the Storage tab. Now click on Add CD-ROM.
In the Create New CD-ROM pop-up, click on No Image Selected, navigate to Own Images and select the previously uploaded Sophos XG ISO.
Leave Boot from Device unchecked
- Click on Create CD-ROM Drive
- When using the uploaded image for the first time, you will be asked to provide the operating system. Select Linux and confirm.
Configure Network
- Connect the first network interface (NIC 0) of the XG with the second NIC (NIC 1) of the jump server.
Connect the second network interface (NIC 1) of the XG with internet access. Note: The interfaces on the XG need to be created in this exact sequence otherwise the further configuration will not work. The network topology should look like pictured below.
Select the jump server and in the Inspector sidebar, select the Network tab, go to NIC 1 and set the Primary IP in this private LAN to 172.16.16.10
Now select the Sophos XG server and in the Inspector sidebar select the Network tab, got to NIC 0, disable the DHCP option and set the Primary IP in this private LAN to 172.16.16.16
- For the Primary IP of NIC 1 of the XG, select your previously reserved IP address.
Provisioning
Now provision all changes by clicking on the Provision button on the top of the designer or Provision xx changes in the Inspector sidebar. The background validation should contain no error or warnings. Click on Provision Now to finally provision all instances and their configurations.This process will take several minutes. The current status can be followed in the Inspector sidebar.
When all jobs have been provisioned a box will pop up letting you know provisioning has been completed successfully. Click the OK button.
Install Sophos XG Firewall
- In the ProfitBricks DCD, select the Sophos XG instance.
- In the Inspector sidebar, click the button Remote Console.
- A new browser window should open. Click inside the window and type y and press enter. (Notice: The installer is configured to use a US keyboard layout.)
The installer will now format the empty storage volume, create a new file system, and install all necessary files. A progress indicator allows you to monitor the progress.
- After all files have been installed, press y to reboot the firewall.
At this point, the system is running Sophos XG Firewall Software Appliance. After the first boot, the system will present details about the hardware configuration and prompt for a password. The default password is admin.
Accept the EULA by pressing a.
Per default, the Sophos XG assigns the IP address 172.16.16.16 to its first NIC. At this IP address the web based Admin Console is also accessible. In order to activate the firewall, an internet connection is required. Verify the network configuration before starting the actual web based configuration. Using the console, in the Main Menu select 1 for network configuration.
Select 1 for interface configuration.
Make sure that interface Port1 contains the IPv4 address 172.16.16.16. A gateway does not need to be configured. Press enter to continue.
Make sure that interface Port2 contains the reserved public IPv4 address assigned by the ProfitBricks DHCP server. This IP address should match the one displayed in DCD under the network setting of your Sophos instance. For external communication a gateway IP address must also be set. Again, this should be automatically assigned via the DHCP server.
If any of the IP addresses are not correct, press y on the following screen and enter the correct IP address.
Web-based Activation of Sophos XG
The web-based Admin Console of the Sophos XG is available at https://172.16.16.16:4444. Use the jump server to access this page.
Open a Remote Desktop Connection to the public IP address of the Windows jump server. You will find the public IP address in the NIC 0 Primary IP field in the Inspector sidebar after selecting the jump server in your VDC. Note: This IP address has been dynamically assigned and may change after a power off of the server.
Use your browser on the jump server, open https://172.16.16.16:4444 and log into the Admin Console using the default credentials username - admin and password - admin. You might need to wait a couple of minutes before the http server on the firewall is correctly loaded and the web page is accessible. The browser's certificate error can be safely ignored. (Note: It might be helpful to download Chrome on your Windows jump server or otherwise you need to lower all IE security settings to a minimum in order to properly use the Sophos Admin Console.)
When you now log in for the first time, you will need to activate your device. Enter a valid serial number you have received from Sophos. Then click on Activate Device.
Note: in some cases, the public IP address configured via DHCP is not persisted on the firewall. In this case, the activation will fail with the error message No internet connection. Check your internet connection as described in the product documentation. Go to Basic Setup, select Static as IP Assignment and provide the following information:
- IP address: enter the reserved public IP address you assigned to NIC 1 of your Sophos instance
- Subnet Mask: 255.255.255.0
- Default Gateway: can also be found in the NIC 1 setting in DCD but is always the .1 of the subnet of your device.
- DNS: 8.8.8.8 (public Google DNS)
and click on Save Changes.
- Now try to activate the device once more.
- After the successful activation, you will need to register your device. Click Register Device to initiate the registration process.
After clicking Register Device, you are redirected to the MySophos portal website. If you already have a MySophos account, click on Login. If you are a new user, sign up for a MySophos account after clicking on Create Sophos ID.
After successful login, click Continue on the next window.
After successful registration of the device, you need to synchronize license details with Sophos servers. Click Initiate License Synchronization to initiate the process.
If the license has been successfully synchronized, you will see the Welcome page. Start the Network Configuration Wizard by clicking on Click Here.
The wizards walks you through the steps to setup initial configuration of your Sophos XG Firewall so that you can begin creating your security policies.
Sophos Network Configuration Wizard
The Network Configuration Wizard will appear. Click Start to initialize the network configuration process.
On the next screen, select Gateway Mode as the mode of deployment and click the > button.
On the Port Configuration screen, configure the IP addresses of the interfaces. Usually, you will not need to change the settings. Click > when ready.
On the DNS Configuration screen, enter the IP address of your organization’s DNS servers or add IP address of public DNS servers. The example below uses Google’s DNS servers. Click > when ready.
On the Default Network Policy screen, select the desired Network Policy. You can leave this unconfigured for now. (Note: all configuration settings performed during the Network Configuration Wizard can also be changed afterwards.)
On the Mail Server Configuration screen, configure the following parameters:
- The email address that will receive system notifications.
- The mail server IP address and port number.
- The email address of the administrator who will send the notifications.
Click > when ready.
On the Date & Time Configuration screen, select the Time Zone according to your current location and enter the Date and Time accordingly. Preferably, select Automatically Synchronize with NTP Server and Use pre-defined NTP Server.Click > when ready.
The Configuration Overview screen will appear, displaying a summary of the Gateway Mode configuration. If you don’t want to send App & Thread data to Sophos, disable the option. Click Finish to complete the basic configuration.
/empire-earth-1-for-mac-free-download.html. Confirm the configuration by clicking on OK.
The reconfiguration will take a couple of minutes. Afterwards the wizard will finish and you will be redirected to the login page.
Your Sophos XG Firewall is now installed and preconfigured in Gateway Mode. For further configuration, please see the official Sophos XG Reference Guide.