Professional Documents
Culture Documents
Sophos XG Firewall Virtual Appliance - Getting Started Guide - KVM
Sophos XG Firewall Virtual Appliance - Getting Started Guide - KVM
Contents
Change Log.................................................................................................................................................................3
Preface ........................................................................................................................................................................4
Base Configuration ...................................................................................................................................................4
Pre-requisite ..............................................................................................................................................................4
Installation Procedure ..............................................................................................................................................4
Step 1: Download and Extract QCOW2 Disks .......................................................................................................4
Step 2: Add QEMU/KVM connection ......................................................................................................................5
Step 3: Start KVM and create new virtual machine .............................................................................................5
Step 4: Browse to locate the primary disk ............................................................................................................5
Step 5: Import the primary disk ..............................................................................................................................6
Step 6: Choose virtual memory and CPU for the appliance ...............................................................................6
Step 7: Choose the Advanced options for more settings ...................................................................................7
Step 8: Configure advanced settings for primary disk .......................................................................................7
Step 9: Add auxiliary disk .........................................................................................................................................8
Step 10: Configure network settings for the appliance......................................................................................8
Step 11: Configure network interface card ...........................................................................................................9
Step 12: Start the installation .............................................................................................................................. 10
Step 13: Accept EULA ............................................................................................................................................ 10
Configuring XG Firewall ......................................................................................................................................... 11
Activation and Registration .................................................................................................................................. 11
Step 1: License Agreement .................................................................................................................................. 11
Step 2: Register Your Firewall .............................................................................................................................. 11
Step 3: Complete basic setup .............................................................................................................................. 12
Basic Configuration ............................................................................................................................................... 13
a. Setting up Interfaces ......................................................................................................................................... 13
b. Creating Zones ................................................................................................................................................... 14
c. Creating Firewall Rules...................................................................................................................................... 14
d. Setting up a Wireless Network ........................................................................................................................ 14
Copyright Notice ..................................................................................................................................................... 19
Change Log
Date Change Description
Preface
The Getting Started Guide describes how to download and deploy Sophos XG
Firewall Virtual Appliance on KVM.
Base Configuration
If the following minimum server requirements are not met, XG Firewall will go into
failsafe mode:
1. One vCPU
2. 2GB vRAM
3. 2 vNIC
4. Primary Disk: Minimum 4GB
5. Auxiliary Disk: Minimum 80GB
Note: For optimal XG Firewall performance, configure vCPU and vRAM according to
the license you have purchased. Do not exceed the maximum number of vCPUs
specified in the license.
Pre-requisite
1. Make sure you have an x86 machine running a recent Linux kernel on an Intel
processor with VT (virtualization technology) extensions, or an AMD processor
with SVM extensions (also called AMDV).
2. Use commands given below to check if your CPU supports Intel VT or AMD-V:
3. For Intel VT: grep --color vmx /proc/cpuinfo
4. For AMD-V: grep --color svm /proc/cpuinfo
5. Install Virtual Machine Manager (virt-manager), a desktop Graphical User
Interface (GUI) application for managing Kernel Based Virtual Machines.
6. For more information, refer to the FAQ section on KVM website:
http://www.linux-kvm.org/page/FAQ
Installation Procedure
Step 1: Download and Extract QCOW2 Disks
Download the .zip file containing the QCOW2 disk from
https://secure2.sophos.com/en-us/products/next-gen-firewall/free-trial.aspx
and save in your machine.
In Customize configuration screen, set the following for Virtual Network Interface
(NIC 2):
Device model: Virtio
Configuring XG Firewall
Browse to https://172.16.16.16:4444 from the management computer. Click
Start to begin the wizard and follow the on-screen instructions.
Note: The wizard will not start if you have changed the default administrator
password from the console.
You will be redirected to the MySophos portal website. If you already have a
MySophos
Click Continue and complete the configurations through the wizard. When you
finish the process, the Network Security Control Center appears.
You can now use the navigation pane to the left to navigate and configure further
settings.
Basic Configuration
a. Setting up Interfaces
1. Add network interfaces and RED connections: Configure > Network >
Interfaces.
2. Add wireless networks: Protect > Wireless > Wireless Networks. The SSIDs
that you create will appear on the interfaces menu.
3. Add access points: Protect > Wireless > Access Points.
b. Creating Zones
Zones are essential to creating firewall rules. The device provides default zones. To
create custom zones, go to Configure > Network > Zones.
You can see both wireless networks on Protect > Network > Wireless Networks.
7. Click Save.
Copyright Notice
Copyright 2015-2017 Sophos Limited. All rights reserved.
Sophos is registered trademarks of Sophos Limited and Sophos Group. All other
product and company names mentioned are trademarks or registered trademarks
of their respective owners.