As an IT professional who values robust IT security both at work and at home, it’s great to see Sophos providing powerful solutions like the XG Firewall at no cost for home use.
In addition to this, you can also explore Sophos Home, a free antivirus solution that allows centralized management of up to three computers via a convenient management console.
Moreover, Sophos has long supported home users by offering its firewall solutions for free, including the Sophos UTM and Sophos XG Firewall. These tools provide enterprise-grade security features tailored for home environments, making them an excellent choice for tech-savvy individuals focused on securing their networks.
Here, we start First,
- Click on the boot Button for the boot menu and select USB to install the Firewall on the PC
Note: In my previous article, you will see how to download and make a bootable USB for the Sophos XG firewall.
- Before installing the firewall beware that the installation will completely erase the disk in the machine.
- After starting the installer, you get one warning that the disk will be erased and the opportunity to stop the installation.
- Press ‘y’ to continue. The installation will start and after a short wait, it will tell you that the installation has finished. Remove the installer disk and press ‘y’ again to reboot the machine. After restarting the system greets you with a password prompt.
- Enter the default password: admin and press enter; next the End User License Agreement will show.
- If you agree with the EULA, then press A, and the main menu will show:
- In the main menu, press 1 for Network Configuration > 1 for Interface Configuration. The default LAN IP is 172.16.16.16/255.255.255.0
- After showing both interfaces the system asks if you want to set the IPv4 Address. Choose ‘y’ and Enter to do so and fill in the correct values for your network:
- After entering the correct values for use in your own network it will show the configuration is Done. The WAN port cannot be set from here at this time. After confirming the system will ask if you want to also set the IPv6 Address. If necessary then do so, otherwise just hit Enter for no.
The Network configuration menu will show again. Press 0 to exit to the main menu and 0 again to exit from the menu and log out.
- After setting up and preparing the IP address of the firewall it’s time to start a browser on your management computer and browse to: https://:4444 where of course is the IP address you have given the firewall’s LAN port.
You will see a certificate warning when you open the page. This is because of a self-signed certificate on the firewall.
- It is safe to skip this specific warning, so by clicking on Advanced, you can continue loading the website (different web browsers may show the warning somewhat differently).
- After clicking on ‘Click to begin’ you first need to change the default admin password. Also if the WAN port is already connected correctly (DHCP-address from modem or router) then you can leave the checkbox to install the latest firmware automatically during setup enabled. Also, you need to once more accept the EULA and acknowledge Sophos’ Privacy Policy to continue.
- After continuing, you’ll need to set up the firewall’s name and time zone.
- The next step is to register the firewall (you can skip this step for the first thirty days, but after this time you must register to keep the firewall up and running. You will have received the serial number by email after step 1 of this instruction.
- After entering the serial number your firewall should be registered. For this, you need to create a Sophos ID or log in to it if you already have one. From your Sophos ID, you will always have access to your serial number and downloads at a later time.
- After registering the license can immediately be synchronized with your firewall
- After continuing the next step is to configure the LAN settings. Your IP address is most likely already configured correctly, but you can also enable a DHCP server on the LAN if you need it or just disable it if you don’t.
Then the setup will ask you if and which network protection features you would like to need.
- The first three options are valid for Home Use, the last one about Sandstorm will not work for the Home Use version.
The explanation under each of the features should be enough explanation.
The next step is to configure whether or not you would like to receive weekly backups by email automatically.
- If you do want to receive the weekly backups, you also need to enter a password that is used to protect the configuration backup files. Do not lose this password, otherwise, you will not be able to restore the backup at a later moment.
Next, the system will show you a summary of all the selected options during the installation, and after clicking on Finish the system will apply all the settings and restart automatically after it finishes.
- You can now just wait, the page will refresh once the firewall has restarted and it will show you the login screen.
- After logging in for the first time the system will ask you to create a secure storage master key. You can skip this step, but it will come back each time you log in, so it’s best to create one and make sure to save it somewhere secure. You will need this key once you need to restore a backup or when you need to import a configuration.
The system will prompt you to confirm that you have securely stored the key, ensuring it is accessible for potential recovery in the future, even if it’s years later.