![](http://s3.manualzz.com/store/data/037174985_1-9de931bfc0a44b747703e5ce337eaac1-128x128.png)
Sophos XG Firewall Web Interface Reference and Admin Guide v16.5
Add to My manuals627 Pages
Sophos XG Firewall is a comprehensive network security solution that protects your network from threats, including malware, viruses, and intrusions. It is designed to be easy to use and manage, and offers a wide range of features to help you secure your network.
advertisement
![Sophos XG Firewall Web Interface Reference and Admin Guide v16.5 | Manualzz Sophos XG Firewall Web Interface Reference and Admin Guide v16.5 | Manualzz](http://s3.manualzz.com/store/data/037174985_1-9de931bfc0a44b747703e5ce337eaac1-360x466.png)
2. Enter the details.
Name
Displays the name of the Application Filter Category or Application.
Traffic Shaping Policy
Select a policy or click Create new to create a new traffic shaping policy for the application/ application category.
Traffic Shaping policy allocates and limits the bandwidth usage of the user, web category, application category.
3. Click Save.
Wireless
Wireless Protection allows you to configure the following:
•
: Create and manage Wireless Networks.
•
: Create and manage Mesh Networks.
•
: Provides an overview of the access points known to the device.
•
: Allows you to organize access points in groups.
•
: Add/remove Hotspots and apply filtering policies.
•
: Manage different voucher definitions for Hotspot access vouchers.
•
: Schedule scanning to discover authorized APs and rogue APs.
Wireless Client List
The Wireless Client List page displays a live snapshot of currently managed APs, broadcasted SSIDs (wireless networks), wireless clients connected through SSID to AP and mesh networks.
Show by SSID/Show by AP
The administrator can filter currently connected clients by Access Point or SSID
The following details is displayed each SSID/AP: name, IP address, MAC address, signal, last data transfer rate, connection time, frequency, vendor.
| Protect | 154
Figure 161: Wireless Client List
Wireless Networks
The Wireless Networks menu allows managing the wireless networks connected to the device.
Note: You can also view the wireless network status on the Protect > Wireless > Wireless Client List
The page provides a list of all configured wireless networks along with their name, SSID, status, client traffic mode, encryption mode used and frequency band.
Figure 162: Wireless Networks List
Add a New Wireless Network
This page describes how to add a new wireless network.
Newly created wireless networks can be used in definitions for access points and access point groups.
1. Go to Protect > Wireless > Wireless Networks and click the Add button.
2. Specify the General Settings settings.
Name
Specify a descriptive name for the network.
Description
Enter a description for the wireless network that helps you to identify it.
SSID
Enter the Service Set Identifier (SSID) for the network which will be seen by clients and allow them to identify the wireless network. The SSID may consist of 1-32
ASCII printable characters
.
Security Mode
Select a security mode from the drop-down list.
Default: WPA 2 Personal.
Note: We recommend to use WPA2. For security reasons, we recommend not to use
WEP unless there are clients using your wireless network that do not support one of the other methods.
When using an enterprise authentication method, you also need to configure a RADIUS server on the Configure > Authentication > Servers page. As NAS ID of the RADIUS server enter the wireless network name.
Note: Sophos XG Firewall supports the IEEE 802.11r standard in WPA2 (PSK/
Enterprise) networks to reduce roaming times. Clients also need to support the IEEE
802.11r standard.
Passphrase/PSK (available only if WPA Personal, WPA2Personal, or WPA2/WPA Personal
security mode is selected)
Specify the passphrase to protect the wireless network from unauthorized access and repeat it in the
Confirm Passphrase/PSK field. The passphrase may consist of 8-63 ASCII printable characters.
Key (available only if WEP Open security mode is selected)
Specify a WEP key that consists of exactly 26 hexadecimal characters.
Client Traffic
From the dropdown list select how the wireless network is to be integrated into your local network.
Available options:
• Separate Zone
• Bridge to AP LAN
• Bridge to VLAN
Default: Separate Zone.
Separate Zone
The wireless network is handled as a separate network, having an IP address range of its own. Using
this option, after adding the wireless network, proceed as described in the chapter
.
Note: When switching an existing Separate Zone network to Bridge to AP LAN or
Bridge to VLAN, a previously configured WLAN interface will be deleted.
Zone
From the dropdown list select a zone where the wireless network should be broadcast.
| Protect | 155
Default: WiFi.
IP Address
Assign an IP address to the wireless network.
Netmask
Select a subnet mask for the IP address.
Bridge to AP LAN
You can bridge a wireless network into the network of an access point, which means that wireless clients share the same IP address range. Using this option, after adding the wireless network, proceed as described in the chapter
Next Steps for Bridge to AP LAN Networks
Bridge to VLAN (not available for local WiFi devices)
You can decide to have this wireless network's traffic bridged to a VLAN of your choice. This is useful when you want access points to be in a common network separate from the wireless clients.
Bridge to VLAN ID
Specify the VLAN ID of the network that the wireless clients should be part of.
Client VLAN ID (only available with an enterprise security mode)
Select how the VLAN ID is defined.
• Static: Uses the VLAN ID defined in the Bridge to VLAN ID field.
• RADIUS & Static: Uses the VLAN ID delivered by your RADIUS server: When a user connects to one of your wireless networks and authenticates at your RADIUS server, the
RADIUS server tells the access point what VLAN ID to use for that user. Thus, when using multiple wireless networks, you can define per user who has access to which internal networks.
If a user does not have a VLAN ID attribute assigned, the VLAN ID defined in the Bridge to
VLAN ID is used.
| Protect | 156
Figure 163: Add Wireless Network
3. Specify the Advanced Settings.
Encryption (available only if the WPA, WPA2, or WPA2/WPA encryption mode is selected)
Select an encryption algorithm, which can be AES, TKIP or TKIP&AES.
Note: For security reasons and better performance, we recommend you to use AES.
Frequency Band
Access points assigned to this wireless network will transmit on the selected frequency band(s).
The 5 GHz band generally has a higher performance, lower latency, and is typically less disturbed.
Hence it should be preferred for e.g. VoIP communication.
Time-based Access
Select this checkbox to enable the wireless network access according to a time schedule.
Select Active Time (available only if Time-based Access is selected)
Select a schedule definition which determines when the wireless network is enabled. You can add a new schedule definition by clicking Add New Item .
Client Isolation
Clients within a network usually can communicate with one another. If you want to prevent this, for example in a guest network, select Enabled from the drop-down list.
Hide SSID
If you want to hide the wireless network's SSID, select the Enable checkbox. Please note that this is not a security feature.
Fast Transition (available only if WPA2 Personal/Enterprise security mode is selected)
Wireless networks with WPA2 security use the IEEE 802.11r standard. If you want to prevent this, select Disabled from the drop-down list.
MAC Filtering
To restrict the MAC addresses allowed to connect to this wireless network, select Blacklist or
Whitelist. With Blacklist, all MAC addresses are allowed except those listed on the MAC List.
With Whitelist, all MAC addresses are prohibited except those listed on the MAC List.
MAC hosts added under System > Hosts and Services > MAC Host will be displayed in the MAC
List.
| Protect | 157
Figure 164: Wireless Network Advanced Settings
4. Click Save.
Next Steps for Separate Zone Networks
This page describes how to configure a seperate zone network.
advertisement
Key Features
- Firewall rules
- Web filtering
- Intrusion prevention
- VPN
- Wireless management
- Email security
- Advanced threat protection
Related manuals
Frequently Answers and Questions
What is the purpose of Sophos XG Firewall?
What are the key features of Sophos XG Firewall?
How do I access the Sophos XG Firewall web interface?
How do I configure basic firewall rules?
How do I enable web filtering?
What is the difference between a user rule and a network rule?
How do I create a VPN tunnel?
advertisement
Table of contents
- 7 What's New in this Release
- 9 Introduction
- 9 Flavors
- 9 Administrative Interfaces
- 10 Administrative Access
- 10 Using Admin Console
- 12 Supported Browsers
- 12 Menus
- 13 Pages
- 14 List Navigation Controls
- 14 Monitor and Analyze
- 14 Control Center
- 21 Current Activities
- 21 Live Users
- 22 Live Connections
- 24 Live Connections IPv
- 26 View Live Connection Details
- 30 IPsec Connections
- 30 Remote Users
- 30 Diagnostics
- 31 Tools
- 34 System Graphs
- 39 URL Category Lookup
- 40 Packet Capture
- 45 Connection List
- 49 Support Access
- 50 Protect
- 50 Firewall
- 52 User / Network Rule
- 64 Business Application Rule
- 119 Intrusion Prevention
- 119 DoS Attacks
- 120 IPS Policies
- 125 Custom IPS Signatures
- 126 DoS & Spoof Prevention
- 136 Policies
- 139 User Activities
- 140 Categories
- 142 URL Groups
- 142 Exceptions
- 143 Protection
- 145 Advanced
- 146 File Types
- 146 Surfing Quotas
- 149 User Notifications
- 149 Applications
- 149 Application List
- 150 Application Filter
- 153 Traffic Shaping Default
- 154 Wireless
- 154 Wireless Client List
- 154 Wireless Networks
- 158 Access Point Overview
- 164 Access Point Groups
- 165 Mesh Networks
- 168 Hotspots
- 177 Hotspot Voucher Definition
- 178 Rogue AP Scan
- 180 Wireless Settings
- 181 Hotspot Settings
- 182 Email
- 183 MTA Mode
- 209 Legacy Mode
- 236 Web Server
- 236 Web Servers
- 238 Protection Policies
- 242 Authentication Policies
- 244 Authentication Templates
- 245 SlowHTTP Protection
- 246 Advanced Threat
- 246 Advanced Threat Protection
- 247 Security Heartbeat
- 249 Sandstorm Activity
- 250 Sandstorm Settings
- 250 Configure
- 251 IPsec Connections
- 273 SSL VPN (Remote Access)
- 275 SSL VPN (Site to Site)
- 278 VPN Client
- 281 L2TP (Remote Access)
- 285 Clientless Access
- 285 Bookmarks
- 287 Bookmark Groups
- 287 PPTP (Remote Access)
- 289 IPsec Profiles
- 295 SSL VPN
- 299 Network
- 299 Interfaces
- 328 Zones
- 331 WAN Link Manager
- 348 IPv6 Router Advertisement
- 351 Cellular WAN
- 353 IP Tunnels
- 355 Neighbors (ARP-NDP)
- 358 Dynamic DNS
- 360 Routing
- 361 Static Routing
- 364 Policy Routing
- 366 Gateways
- 374 Information
- 387 Upstream Proxy
- 389 Multicast (PIM-SIM)
- 394 Authentication
- 395 Servers
- 404 Services
- 412 Groups
- 416 Users
- 423 One-Time Password
- 426 Captive Portal
- 429 Guest Users
- 435 Clientless Users
- 438 Guest User Settings
- 443 Client Downloads
- 445 System Services
- 446 High Availability
- 453 Traffic Shaping Settings
- 456 Log Settings
- 462 Data Anonymization
- 465 Traffic Shaping
- 469 Services
- 470 System
- 470 Profiles
- 471 Schedule
- 473 Access Time
- 475 Surfing Quotas
- 478 Network Traffic Quota
- 482 Network Address Translation
- 482 Device Access
- 484 Hosts and Services
- 485 IP Host
- 486 IP Host Group
- 487 MAC Host
- 488 FQDN Host
- 489 FQDN Host Group
- 489 Country Group
- 490 Services
- 491 Service Group
- 492 Administration
- 493 Licensing
- 494 Device Access
- 497 Admin Settings
- 500 Central Management
- 501 Notification Settings
- 503 Netflow
- 503 Messages
- 506 Backup & Firmware
- 509 Import Export
- 510 Firmware
- 512 Pattern Updates
- 514 Certificates
- 516 Certificate Authorities
- 517 Certificate Revocation Lists
- 518 Appendix A - Logs
- 518 Log Viewer
- 519 View List of System Events
- 520 View List of Web Filter Events
- 521 View List of Application Filter Events
- 522 View List of Malware Events
- 523 View List of Email Events
- 524 View List of Firewall Events
- 525 View List of IPS Events
- 526 View List of Authentication Events
- 527 View List of Admin Events
- 527 View List of Web Server Protection (WAF) Events
- 528 View List of Advanced Threat Protection Events
- 529 View List of Security Heartbeat Events
- 530 Log ID Structure
- 530 Log Type
- 531 Log Component
- 533 Log Subtype
- 534 Priority
- 534 Common Fields for all Logs
- 535 System Logs
- 544 Web Filter Logs
- 545 Module-specific Fields
- 545 Application Filter Logs
- 546 Module-specific Fields
- 547 Malware Logs
- 547 Module-specific Fields
- 549 Email Logs
- 550 Module-specific Fields
- 551 Firewall Rule Logs
- 552 Module-specific Fields
- 554 IPS Logs
- 555 Module-specific Fields
- 557 Authentication Logs
- 558 Module-specific Fields
- 558 Admin Logs
- 559 Module-specific Fields
- 559 Sandbox Report Logs
- 560 Web Application Firewall (WAF) Logs
- 561 Advanced Threat Protection (ATP) Logs
- 561 Heartbeat Logs
- 562 System Health Logs
- 562 Appendix B - IPS - Custom Pattern Syntax
- 569 Appendix C - Default File Type Categories
- 573 Appendix D - Supported Micro-Apps
- 576 Appendix E - USB Compatibility List
- 626 Appendix F - Compatibility with SFMOS
- 627 Appendix G - Additional Documents
- 627 Copyright Notice