by

Sophos Xg Vmware



Sophos XG, UTM, Virtual Environments, Email and Web Appliance: VMware VMotion is not supported KB-000038146 09 30, 2019 0 people found this article helpful. Overview VMware VMotion enables the live migration of running virtual machines from one physical server to another transparently with zero downtime. This article explains the complications. Hello friends welcome to my channel!!! In this tutorial I'll show you How to install and Configure Sophos XG Firewall in Vmware Workstation and Basic Setup.

  1. Sophos XG Firewall: Supported virtualization platforms KB-000038091 Feb 11, 2020 3 people found this article helpful. VMware: ESXi 6.5.0: Hyper-V: Windows Server.
  2. Sophos XG, UTM, Virtual Environments, Email and Web Appliance: VMware VMotion is not supported KB-000038146 09 30, 2019 0 people found this article helpful.

The Sophos XG is a next-generation firewall packed with enterprise-grade features. The team at Sophos have been kind enough to offer a FREE software version of this firewall for home users, which I have managed to install using VMware ESXi.

Having the ability to install the firewall onto an ESXi server meant I could provision multiple VM's on one machine and on the same network. Before setting the Sophos XG firewall up, I searched online to find guides on how to do this and to my surprise, I didn't find much, hence the reason for this post.

If your struggling to configure ESXi to work with the firewall or you just want some guidance then follow these steps to get your Sophos XG firewall up and running.

Example topology: The topology below is that of a small example network which will be referred to throughout this guide to help you set your firewall up.

Let me just explain this topology a little further....

  • ISP router is at the edge of the network and is in modem only mode. You can keep it in routing mode but you may suffer from dropped connections, it is also suggested that you have WiFi off as you don't want your internal hosts bypassing the firewall.
  • ESXi server will have x2 physical interfaces, one acting as the WAN interface and the other the LAN interface. The topology shows two virtual machines on the ESXi server, one being the XG and the other Server 2012 (optional). The red dotted line is referring to the interface on the XG that will connect to the ISP router whereas the green dotted line refers to the internal interface connecting to the access point. The vSwitches and NICs are explained in more detail later.
  • The device named 'AP' is the internal router. This will be put into access point mode only and set with a static IP address and default gateway which will point to the internal interface of the Sophos XG.

Before we begin, let's make sure we have the right hardware and software.

Requirements:

  • ISP Router
  • Server with at least 500gb to 1TB storage and x2 NICs
  • VMware ESXi software (Installed on your server)
  • VMware vSphere software (Used to access ESXi and the VM's within)
  • Additional router (This is used to connect your LAN clients)

Optional:

  • VMware Workstation software (This is a paid software and is similar to vSphere however it does offer additional features)
  • Server Operating System such as Server 2012 (Can be used to add devices to a domain and as a DHCP server)

Step 1: Installing and Configuring ESXi

Sophos Xg Vmware Free

  • Install VMware ESXi onto your server. When the install has finished, you should be presented with a screen like the one below. Before we go any further, it is important that you have your server connected via ethernet to the same network as your LAN.

We will now configure ESXi with an IP address so that we can access it via vSphere/Workstation.

  • Press F2 and you will and enter 'password' as the password and now that we have access we can change this by clicking on 'configure password'.
  • When you have configured your password, click on 'configure management network'.
  • Now click on 'Network Adapters' and make a note of the NIC that is being used for your LAN.
  • Now click on 'IP Configuration' and assign your management interface IP address. It is recommended that you select the 'static' IP address option and assign an IP address that is not currently being used on your network.
Sophos Xg Vmware

You should now be able to access your ESXi server using vSphere, Workstation or both.

Step 2: Access ESXi via vSphere

  • Open vSphere and connect to the ESXi server by inputting the IP address you have just assigned to the management interface in step 1 along with 'root' as the username and the password you previously set in step 1.
  • Once you have successfully logged in, navigate to the tab 'Configuration' and select 'Networking' on the left-hand side. You should see that a 'vmnic' is already active for the management network, this will be used for the internal network i.e your LAN.
  • Now create another vswitch and VMkernal for the external connection by clicking on 'Add Networking' in the top right-hand corner. First, we will select 'VMkernal' and select your second NIC. If you are unsure which one yours is then connect your ethernet cable from your second server port to the ISP router which should be in modem only mode. The interface should now be up.
  • Click next and unless you wish to create VLANs press next again and enter another network IP address before getting to the summary.
  • Now click on 'Add networking' again and this time select Virtual Machine and select the NIC you have just chosen in the last step. Follow the settings through and finish off, you should now have another vSwitch with a separate kernel and vmnic.

Step 3: Install Sophos XG

Sophos Xg Vmware

You can use vSphere for this, however, I would highly recommend using Workstation to do the following. (These instructions will now refer to VMware Workstation).

Sophos Xg Vmware Download

Sophos
  • Sign into your ESXi server just as you did on vSphere.
  • On VMware Workstation click 'file' - 'new virtual machine' and select the server IP address as the target.
  • Go through the settings you prefer in order to get to the summary section but do not finish.
  • Click on 'Customise Settings' and add x2 network adapters and uncheck 'connect on power on'. You will also need to add the Sophos XG image to the virtual hard drive. Once this is done, finalise the settings and start the machine.
  • Depending on the size of the drive you have provisioned, the install could take some time.
  • When the install has finished you will be asked to remove the installation disk and press 'y' to reboot. Instead of pressing 'y' to reboot, power off the machine and remove the image file from the virtual disk.
  • Power up the machine again and wait for it to load. Once loaded you should be presented with a screen similar to the one below once you have signed in. The default username and password is admin - admin.
  • Now press '1' for Network Configuration so that we can change the default internal IP address given.
  • Press '1' again for Interface Configuration and proceed to press enter twice to get to the configuration of the IPv4 Address. Note: Your WAN interface is set to DHCP automatically and should have an IP address assigned, if not reset your modem only ISP router and repeat the last step along with this one again so you can validate that you have an IP address assigned to the WAN interface.
  • When asked if you want to set the IPv4 address for Port 1 (LAN), select 'y' and assign an IP address you have not yet assigned.
  • You should now have access to the web-based GUI by typing into your browser: https://IP ADDRESS:4444
  • Once you have gained access you will need to confirm your license and this requires an internet connection which you should have through your external interface.

Step 4: Change your Internal Router into an AP

  • Before proceeding with the Sophos wizard you should be able to change your internal router into an AP. You will need to give your AP the default gateway of the Sophos internal facing interface. Other clients on your network may lose connection as DHCP isn't configured by default. This interface will be the new gateway for all internal clients.
  • Regain connection to the web browser GUI and continue with the Sophos XG wizard.

Step 5: Sophos XG Install Continued...

  • When the wizard has completed and applied all the configuration changes you will have to reload the GUI and regain access to the dashboard. The dashboard should look something like the one pictured below.
  • Once you have access we need to configure a DHCP server for LAN clients to connect.
  • Navigate to the 'System' tab (looks like a cog)
  • Click on 'Network' and then 'DHCP' as shown in the image below

Note: If you are using another device as a DHCP server you can also set-up DHCP Relay further down the same page.

  • Under the DHCP server section click on 'Add' where you will be taken to another page to enter your DHCP pool settings. Enter your settings accordingly but be mindful of any addresses already issued on your network.

Once these settings have been followed you should have full network connectivity again and your clients should be able to request a new DHCP address from the Firewall. All your internals hosts traffic will now pass through the Sophos XG firewall, giving you that extra layer of security. You can now go ahead and configure the firewall the way you want it.

I hope this has been helpful for you and I hope you have managed to get your firewall up and running. If you have any questions, I will do my best to answer them but otherwise please refer to the Sophos community.

Sophos Xg Vmware Install

You can also catch me on Twitter: @iwiizkiid

Website: www.synack.co.uk

VmwareVmware

The widespread nature and severity of coronavirus (COVID-19) continues to raise challenges on a variety of fronts. For many organizations, one of those is the need to enable employees to work from home until it’s safe to return to the office.

Solutions for remote working exist, but they can be costly and complex to implement. And, they may not offer the level of security you need.

If you’re looking for a solution that solves each of these issues, Sophos can help. You can take advantage of our free 90-day XG Virtual Firewall Free Trial to get your employees securely connected from home.

XG Virtual Firewall is available on your favorite virtual platforms including VMware, Hyper-V, Citrix XenApp, and KVM. It provides a bevy of connectivity and security features and it’s easy to set up. Simply visit the free trial page, fill out the form, and you’re off.

Secure connectivity for remote workers

A nice aspect of the virtual free trial is its multi-platform support. You can also select the hardware you want to install it on, which makes the process more convenient.

XG Virtual Firewall includes a base license that offers remote connectivity options for users, including both IPsec through Sophos Connect client, and SSL VPN. Both provide secure methods for connecting from home back to the corporate office and accessing resources such as email, applications, and documents.

Your free trial also includes a FullGuard security bundle that protects your firewall and connected devices from threats such as ransomware, breaches, phishing emails, and more.

Vmware

You can even add additional services such as Sophos Intercept X to take advantage of our Synchronized Security feature, which shares telemetry data on the health status of each connected device in addition to isolating any endpoint that does become infected so the infection can’t spread laterally to other hosts.

Setting up your XG Virtual Firewall free trial

Keeping your organization running smoothly can be challenging during the best of times. As we switch to a “work from home” model until it’s safe to return to the office, having a solution that meets your remote connectivity and security needs can help make things easier. And, it doesn’t need to be difficult to get up and running quickly.

We’re here to make your XG Virtual Firewall Free Trial simple to deploy and configure so your remote employees can get connected and stay productive. Here are some resources to help you get started.

If you have questions at any point during your free trial please visit our knowledgebase, review our how-to videos, documentation, or contact us.

After 90 days

Should you wish to continue using XG Firewall once the free 90-day trial ends, we can help you transition to a hardware, virtual or cloud instance of XG Firewall. Speak to your Sophos representative to discuss your requirements.