Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 3 answers
  • Subscribers 27 subscribers
  • Views 6544 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall 1st time

Regina Ann Reyes

Hi Good Day! 

 

We are planning to get a firewall and sophos agree to have a trial of the firewall. we have now XG Firewall and I want to try to deploy it on our network. we are currently using juniper firewall. we are also using static ip address (172.17.9.0 and so on). any advice? thanks!



This thread was automatically locked due to age.
  • 0

    Hi Regina,

    You can test XG in 2 ways:

    Bridge mode where the XG is installed as a bridge between your juniper and the switch;

    Routing mode in parallel with juniper where only a test network is connected and filtered.

    Before try it and make sure to understand how to implement nat, firewall rules and how to check logs. Use Sophos documentation Available on Sophos website.

    Thanks

  • 0 in reply to lferrara

    hi! thank you for your response.

     

    which of the two option is easier? sorry, quite new in implementing firewall in network.

  • 0 in reply to Regina Ann Reyes

    Hi Regina,

    While Br0 (bridge) mode will be simple to configure. The XG will be filtering everything in L2 mode based on your corporate policies you will configure.

    If you are going to configure in br0 mode then please use below command :

    console> set advanced-firewall midstream-connection-pickup on

    After few mins do not forget to switch that off.

    However, my recommendation would be configure the XG device, with all the existing policies of Juniper, in NAT mode (Gateway Mode). Once done replace Juniper on weekends or whenever you see limited impact with downtime. 

    Pre-sales team will help you with configuration or help you with various articles. 

    HTH,

    Ravi

  • 0 in reply to Regina Ann Reyes

    Regina Ann Reyes said:

    hi! thank you for your response.

     

    which of the two option is easier? sorry, quite new in implementing firewall in network.

     

    If you are quite new on Firewall, do not use even bridge mode, without testing XG on another network. First understand how to move on XG UI and command line and as I suggested, test inside a small test environment where if something goes wrong, you do not interrupt services.

    Using the bridge mode is easier but test it before you move XG box to production!

    Thanks

  • 0

    Hi Regina,

    I believe you are trying the new appliance and want a POC before the purchase.

    Please contact our Pre-Sales team they would help you in the deployment and configuration. This will be an online session with the Sophos sales partner and our engineers online for active deployment.

    Thanks