How do i set up XG Firewall Virtual Appliance IN VMware in a environment with an ASA Firewall

more details please?

ian

i plan to use XG Firewall Virtual Appliance  for VMware. i am currently using ASA firewall . how do i integrate Sophos and asa firewall in my environment 

Do you want to use the ASA as well as the XG? Next, is this a home or business installation?

Ian

YES

ITS A SMALL BUSINESS INSTALLATION

Hi Eddie,

you need to provide more information if you want assistance.

how many users, what features, what do you expect the XG to do? What role does and will the asa be performing?
ian

We have 35 users , i intend to create a web proxy. The  ASA i use it as my vpn and its the gateway for my router.

We have 35 users , i intend to create a web proxy. The  ASA i use it as my vpn and its the gateway for my router.

Hi,

you don't seem to have a clear understanding of your requirements. I suggest you contact a local reseller/partner for some technical guidance.

Ian

 I want to use sophos xg in my LAN in bridged mode as a web proxy server and for web filtering.My ASA will remain in gateway mode and its the one facing the internet.Basicaly what i want is to make sure everyone visiting the internet should pass through my sophos and basicaly make some few rules to ban,warn or stop users from accessing some sites.The problem is how to deploy it as a VM 

There are basically two ways,

1/. use the software iso

2/. use the predefined vm software which has the vm files as part of its installation.

I would still suggest you talk to a partner about licence cost against a hardware box and what features you will loose with the software version. The software version does not have fast path etc.

ian

I have installed it at host .38 but the problem my PCs can go to the internet if the proxy settings on the browser are turned off.I want the PCs not to be able to access the internet without passing through my proxy in .38.I need to know if its posssible with my network diagram and also how to do it with the VM in Esxi host in .38

Hi Eddie,

I would suggest you need to tighten your firewall rule,

1/. Tick use proxy box,

2/. only allow http and https in the services.

3/. tick scan http and decrypted https

4/. enable ips lan to wan.

5/. that will be your only allow rule.

6/. you will need to create some exceptions for some sites.

now, you can install the XG ca on all PCs, though not all sites are happy with decrypt.

ian

thanks let me try that