Sophos XG v17 Configuration and Rules

Now that we have the software installed and the initial configuration is complete, it is time to configure our firewall to handle traffic as well as filter threats. In addition, we will want lock things down and prohibit the use of unwanted applications types such as P2P. I created this video to help you configure Sophos XG v17 for the first time and to help get you started creating your first rule. Remember like any other firewall, there will be a learning curve at first and it may seem a bit overwhelming. But if you stick with it you will find that once you grasp the concept, it is fairly straightforward and is extremely powerful in protecting your home or small business network.

Typical outline

Configure your Interface cards
If using more than two NIC cards, configure the network range of the other cards
If using more than two NIC cards, configure DHCP for the additional networks
Set your static IP addresses for each network
Name any devices that you will want to control separately
Create your Web Filters
Create your Application filters
Make your first rule. At a minimum, you need a default rule that is applied to the entire network, then you can build from there

Traffic Rule

For reference, I have added the pictures below to use a reference when creating your first rules.

Top Section

Lower Section

Port Forwarding

Top Section

Lower Section

About the Author: pcdoc

I am an enthusiast with more than 25 years of experience and a passion for computer technology. For the past 10 years, I have been drawn to home theater, home storage solutions, security, and netoworking. I strive to stay current in these technologies and I am constantly experimenting with different products to achieve the best results. I spend most of my free time trying, testing, and experimenting with various hardware and software products and endeavor to pass on whatever I learn to others.

2 Comments

miles267 12/31/2017 at 6:37 PM

Hi Mike, thank you very much for the guides. I’ve since moved from Sophos UTM 9 to XG and have found it quite tedious though I really want to stick with it for future updates.

If you wouldn’t mind, could you please also do video overviews of:

1.) LDAP setup – am using WSE12R2 and simply can’t get it to work no matter what I try. It was so much simpler in UTM. Am able to get Active Directory authentication to work, but that’s not what I want.

2.) Source NAT (SNAT) – I have multiple static IPs from my ISP. Have successfully created aliases for each (ISP Static 1, ISP Static 2, etc). However I cannot figure out how to get, for example, any traffic leaving my WSE12R2 box on my LAN to reflect the WAN IP of ISP Static 1 as I could with UTM. All whatismyip.org traffic reflects the IP of the Firewall itself.

Happy new year!
pcdoc 01/07/2018 at 11:15 PM

Thanks for your comment. I will try and review these items but as I do not use AD at home, I will have to do it on our next work install so I can’t say exactly when that will be.

Comments are closed.