Sophos XG Firewall Virtual Appliance - KVM

Document Date: January 2018

Version: 05012018AHM Page 1 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Contents
Change Log.................................................................................................................................................................3
Preface ........................................................................................................................................................................4
Base Configuration ...................................................................................................................................................4
Pre-requisite ..............................................................................................................................................................4
Installation Procedure ..............................................................................................................................................4
Step 1: Download and Extract QCOW2 Disks .......................................................................................................4
Step 2: Add QEMU/KVM connection ......................................................................................................................5
Step 3: Start KVM and create new virtual machine .............................................................................................5
Step 4: Browse to locate the primary disk ............................................................................................................5
Step 5: Import the primary disk ..............................................................................................................................6
Step 6: Choose virtual memory and CPU for the appliance ...............................................................................6
Step 7: Choose the Advanced options for more settings ...................................................................................7
Step 8: Configure advanced settings for primary disk .......................................................................................7
Step 9: Add auxiliary disk .........................................................................................................................................8
Step 10: Configure network settings for the appliance......................................................................................8
Step 11: Configure network interface card ...........................................................................................................9
Step 12: Start the installation .............................................................................................................................. 10
Step 13: Accept EULA ............................................................................................................................................ 10
Configuring XG Firewall ......................................................................................................................................... 11
Activation and Registration .................................................................................................................................. 11
Step 1: License Agreement .................................................................................................................................. 11
Step 2: Register Your Firewall .............................................................................................................................. 11
Step 3: Complete basic setup .............................................................................................................................. 12
Basic Configuration ............................................................................................................................................... 13
a. Setting up Interfaces ......................................................................................................................................... 13
b. Creating Zones ................................................................................................................................................... 14
c. Creating Firewall Rules...................................................................................................................................... 14
d. Setting up a Wireless Network ........................................................................................................................ 14
Copyright Notice ..................................................................................................................................................... 19

Version: 05012018AHM Page 2 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Change Log
Date Change Description

January 05, 2018 First draft.

Version: 05012018AHM Page 3 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Preface
The Getting Started Guide describes how to download and deploy Sophos XG
Firewall Virtual Appliance on KVM.

Base Configuration
If the following minimum server requirements are not met, XG Firewall will go into
failsafe mode:
1. One vCPU
2. 2GB vRAM
3. 2 vNIC
4. Primary Disk: Minimum 4GB
5. Auxiliary Disk: Minimum 80GB
Note: For optimal XG Firewall performance, configure vCPU and vRAM according to
the license you have purchased. Do not exceed the maximum number of vCPUs
specified in the license.

Pre-requisite
1. Make sure you have an x86 machine running a recent Linux kernel on an Intel
processor with VT (virtualization technology) extensions, or an AMD processor
with SVM extensions (also called AMDV).
2. Use commands given below to check if your CPU supports Intel VT or AMD-V:
3. For Intel VT: grep --color vmx /proc/cpuinfo
4. For AMD-V: grep --color svm /proc/cpuinfo
5. Install Virtual Machine Manager (virt-manager), a desktop Graphical User
Interface (GUI) application for managing Kernel Based Virtual Machines.
6. For more information, refer to the FAQ section on KVM website:
http://www.linux-kvm.org/page/FAQ

Installation Procedure
Step 1: Download and Extract QCOW2 Disks
Download the .zip file containing the QCOW2 disk from
https://secure2.sophos.com/en-us/products/next-gen-firewall/free-trial.aspx
and save in your machine.

Version: 05012018AHM Page 4 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Step 2: Add QEMU/KVM connection

Open Virt-manager. Go to File -> Add Connection.

Step 3: Start KVM and create new virtual machine

It opens New Virtual Machine Wizard.

Step 4: Browse to locate the primary disk

Select location of the .qcow2 file for XG Firewall. Click Open.

Version: 05012018AHM Page 5 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Step 5: Import the primary disk

Browse to the location of Primary disk. Click Forward.

Step 6: Choose virtual memory and CPU for the appliance

Select vRAM as 2048 MB (recommended) or higher and CPU as 1. Click Forward.

Version: 05012018AHM Page 6 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Step 7: Choose the Advanced options for more settings

Select the options as shown in the image below. Select Customize configuration
before install and click Finish. You will be redirected to the Customization
configuration screen as shown in the step 8 below.

Step 8: Configure advanced settings for primary disk

In Disk 1, click Advanced options and set the following:
 Disk bus: Virtio
 Storage format: qcow2

Version: 05012018AHM Page 7 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Step 9: Add auxiliary disk

Go to Add Hardware -> Storage.
Click Select managed or other existing storage and browse to add the auxiliary
disk. Click Finish.

You will be redirected to the Customize configuration screen.

Step 10: Configure network settings for the appliance

Go to Add Hardware -> Network and configure as shown in the image below. Click
Finish.

You will be redirected to the Customize configuration screen.

Version: 05012018AHM Page 8 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Step 11: Configure network interface card

In Customize configuration screen, set the following for Virtual Network Interface
(NIC 1):
 Device model: Hypervisor default

In Customize configuration screen, set the following for Virtual Network Interface
(NIC 2):
 Device model: Virtio

Version: 05012018AHM Page 9 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Step 12: Start the installation

After configuring all options, click Begin Installation to start the installation.

Sophos XG Firewall has been installed on your virtual machine.

To continue to the Main Menu

Step 13: Accept EULA

Version: 05012018AHM Page 10 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Configuring XG Firewall
Browse to https://172.16.16.16:4444 from the management computer. Click
Start to begin the wizard and follow the on-screen instructions.
Note: The wizard will not start if you have changed the default administrator
password from the console.

Activation and Registration

Step 1: License Agreement

To proceed, you must accept the Sophos End User License Agreement (EULA).

Step 2: Register Your Firewall

Enter the serial number, if you have it. You can also use your UTM 9 license if you
are migrating. Otherwise, you can skip registration for 30 days or start a free trial.

Version: 05012018AHM Page 11 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

You will be redirected to the MySophos portal website. If you already have a
MySophos

Complete the registration process.

Step 3: Complete basic setup

After you register the device, the license is synchronized and basic setup is
complete.

Version: 05012018AHM Page 12 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Click Continue and complete the configurations through the wizard. When you
finish the process, the Network Security Control Center appears.

You can now use the navigation pane to the left to navigate and configure further
settings.

Basic Configuration
a. Setting up Interfaces
1. Add network interfaces and RED connections: Configure > Network >
Interfaces.

Version: 05012018AHM Page 13 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

2. Add wireless networks: Protect > Wireless > Wireless Networks. The SSIDs
that you create will appear on the interfaces menu.
3. Add access points: Protect > Wireless > Access Points.

b. Creating Zones
Zones are essential to creating firewall rules. The device provides default zones. To
create custom zones, go to Configure > Network > Zones.

c. Creating Firewall Rules

You can create the following types of firewall rules in Protect > Firewall > Add
Firewall Rule:

1. Business Application Rule: To secure a server or service, and control access to

it.
2. User/Network Rule: To control user access to web and application content, or
to control traffic by source, service, destination, zone, and user.

d. Setting up a Wireless Network

To create wireless networks from the XG Firewall Wizard, refer to the
instructions below:

1. Go to Protect > Wireless > Wireless Networks.

2. Click Add to add a new wireless network.
3. Configure the wireless network as shown in the image.

Version: 05012018AHM Page 14 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

The wireless network will be added.

1. Similarly, add another wireless network for guest access.

Version: 05012018AHM Page 15 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

You can see both wireless networks on Protect > Network > Wireless Networks.

2. Go to Protect > Wireless > Access Point Groups.

3. Click Add to add a new access point group.
4. Add both the wireless networks, and the new access point.

Version: 05012018AHM Page 16 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

You can view newly-installed APs on the Control Center.

5. Click the pending APs to accept the new access points.

Version: 05012018AHM Page 17 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

6. To configure the settings of new APs, refer to the image.

7. Click Save.

Version: 05012018AHM Page 18 of 19

Getting Started Guide: Sophos XG Firewall Virtual Appliance

Copyright Notice
Copyright 2015-2017 Sophos Limited. All rights reserved.

Sophos is registered trademarks of Sophos Limited and Sophos Group. All other
product and company names mentioned are trademarks or registered trademarks
of their respective owners.

No part of this publication may be reproduced, stored in a retrieval system, or

transmitted, in any form or by any means, electronic, mechanical, photocopying,
recording or otherwise unless you are either a valid licensee where the
documentation can be reproduced in accordance with the license terms or you
otherwise have the prior permission in writing of the copyright owner.

Version: 05012018AHM Page 19 of 19