SOPHOS XGS 116w Firewall Security Appliance User Guide
- June 10, 2024
- SOPHOS
Table of Contents
SOPHOS XGS 116w Firewall Security Appliance User Guide
Before Deploying
Congratulations on the purchase of your Sophos XGS appliance. This Quick Start Guide describes in short steps how to connect your appliance and explains how to open the web-based Admin Console from your administration PC. The Admin Console allows you to configure every aspect of the appliance.
a) What is included in the box
Appliance images: front and back
Interfaces
LAN Ports| Type RJ45| Speed 10/100/1000 Mbps| Comment Port 8 on
XGS 116(w) can be used to power a connected device (e.g. access point, IP
camera, or IP Phone) via PoE with upto 30W (PoE 802.3at).
---|---|---|---
1–8
9–10(XGS 126(w)/136(w) only)| RJ45| 100/1000 Mbps|
11–12(XGS 126(w)/136(w) only)| RJ45| XGS 126(w):100/1000 Mbps| Both ports can
be used to power a connected device (e.g. access point, IP camera, or IP
Phone) via PoE with upto 30W (PoE 802.3at) each.
| | XGS 136(w): 100/1000/2500 Mbps|
F1| SFP| 1 Gbps| SFP transceivers are sold separately.
F2(XGS 126(w)/136(w) only)| SFP| 1 Gbps| SFP transceivers are sold separately.
Other Ports| Type Micro USB [front] RJ45 [back]| Comment You can
connect a serial console to the Micro USB or RJ45 COM port to access the CLI.
Only one port can be used at any time. If both ports are connected, then the
Micro USB port will take precedence.The required connection settings are: Bits
per second: 38,400 Data bits: 8 Parity: N (none) Stop bits: 1
---|---|---
COM
USB| USB 2.0 [Type A] [front]USB 3.0 (Type A) [back]| You can connect a USB
2.0 and/or 3.0 compatible device to these ports (e.g. USB thumb drive, UPS,
3G/4G dongles).
Reset| Button| Press and hold for >10 seconds to reset the unit to factory
default settings. All configuration, reports and patterns will be flushed.
Expansion Bay| Comment
---|---
Cellular Module| Can be used for Sophos XGS 3G/4G or 4G/5G Module, which is
optionally available from your Sophos partner.
WiFi Module| Can be used for Sophos XGS WiFi Module, which is optionally
available from your Sophos partner.
Mount and Connect the Appliance
Mount the antennas (for wireless models only)
Connect the provided antennas to the connectors on the back of your appliance
and align them in a vertical position.
Connect the ports to the internal and external networks
- Connect the port 1/LAN via a switch to the internal network. For this purpose, use the RJ45 Ethernet cable provided. Note that your Administration PC must also be connected to this network.
- Connect Port 2/WAN to the external network. The connection to the WAN depends on the type of Internet access.
XGS appliances are shipped with the following default settings:
| Ethernet Port | IP Address 172.16.16.16/255.255.255.0 | Zone LAN |
|---|
1/LAN
2/WAN| DHCP| WAN
Power Up the Appliance
Connect the power cable and turn on the appliance
Connect the appliance to the power supply using the power cable(s). Turn the
appliance on. The power switch is on the back of the appliance near the power
connection. During boot up the Status LED on the front will blink green. Once
the device has booted completely the Status LED will turn to solid green.
Connect Your Administration PC
Administration PC connection properties:
Use the settings below to configure your (PC/laptop) network interface:
- IP address: 172.16.16.2
- Netmask: Enter 255.255.255.0
- Default Gateway: Enter the IP address of the appliance’s internal network card (Portl/LAN): 172.16.16.16
- DNS Server: Enable this option and enter the IP address of the internal network card (Portl/LAN): 172.16.16.16
Connect your PC/laptop to Port 1/LAN of the appliance:
Start the browser and enter the IP address of the appliance’s LAN port that
your PC is connected to: https://172.16.16.16:41-1/41-1 Login with the default
details below: Username: admin Password: admin
Set Up the Appliance
a) Start network configuration
Select ‘Click to begin’ on the ‘Welcome’ screen to start your basic appliance
configuration. Change the interface IP addresses, default gateway, LAS
settings and date/time zone to match your local network settings.
b) Register the appliance
If you have not previously registered your appliance on MySophos, you will see
the registration screen “Register Your Firewall.” The appliance requires
Internet connectivity for it to be registered with MySophos. If you want to
register later, click the check box “I do not want to register now” and
proceed with section c). If you have a serial number provided on your License
Schedule please enter it into the first field and click “I have an existing
serial number,” otherwise click “I don’t have a serial number (Start a
Trial).” If you are upgrading from an existing UTM/SG appliance and want to
migrate your existing UTM license to your new firewall, click the respective
button on the screen and browse for your UTM license to upload it to your
firewall. After clicking ‘Continue’, you will be redirected to the MySophos
portal. If you already have a MySophos account, enter your login credentials
under ‘Log in to MySophos’. If you are a new user, sign up for a MySophos
account by entering the details under ‘Register for MySophos’. Click
‘Continue’ to complete the registration process. Please wait while the process
completes – it will take a few seconds. After successful registration, you
will see a screen with the message, ‘Your device is now registered’. Please
note that you should proceed with the next step, i.e. ‘Synchronize License’
only after the appliance is successfully registered.
c) Synchronize license
Click ‘Initiate License Synchronization’ to get the license information from Sophos onto the appliance. After synchronization, you will see a screen with the message, “Synchronization with server was successful.”
Connecting PoE Powered Devices
Ports 8 (on XGS 116(w) and 11/12 (on XGS 126(w)/136(w) are able to provide power over Ethernet (POE) to a connected PoE device which conforms to the standards 802.3af (max. 15.11W) or 802.3at (max. 30W). Each port can provide up to 30 watts max. Please note: If a high performance expansion module is used in a XGS 126(w) or XGS 136(w) module slot then the max. power of one PoE port will be limited to 15.11 watts. Please visit www.sophos.com/en- us/support or contact your local Sophos reseller for more information about high performance expansion modules.
Appliance LED codes
LEDs on each RJ45 Ethernet Connector
ACT/LNK(Left LED)| Green| Solid| 1. The Ethernet port has established link.2.
Good connection between the Ethernet port and hub.
Flashing| The adapter is sending or receiving network data.
Off| 1. The adapter and switch are not receiving power.2. No connection
between both ends of network.3. Network drivers have not been loaded or do
not function correctly.
Speed (Right LED)| Amber| On| If Ethernet port is operating at 1000 Mbps.
---|---|---|---
Green| On| If Ethernet port is operating at 100 Mbps.
Off| If Ethernet port is operating at 10 Mbps.
LEDs on each SFP Connector
ACT/LNK| Green| Solid| 1. The SFP connector is receiving power.2. Good
connection between the SFP port and hub.
Flashing| The adapter is sending or receiving network data.
Off| 1. The adapter and switch are not receiving power.2. No connection
between both ends of network.3. Network drivers have not been loaded or do
not function correctly.
LEDs (Front)
Storage| Blue| Flashing| SSD is being accessed.
Status| Green| Solid| Normal operation.
Flashing| Device is booting up or shutting down.
Red| Solid| SSD or boot failure.
Flashing| General error (please contact support).
WiFi| Green| On| WiFi is active.
Off| WiFi is inactive.
Power 1| Green| Solid| Power adapter 1 in normal operation.
Red| Solid| Power adapter 1 failed or disconnected.
Power 2| Green| Solid| Power adapter 2 in normal operation.
Red| Solid| Power adapter 2 failed or disconnected.
PoE LEDs (Front)
PoE1| Green| Solid| PoE1 providing power to connected device.
Blinking fast*| PoE1 has an internal hardware failure.
Blinking slowly*| PoE1 is denied power (e.g. connected device requesting
power above max. power capacity) or is detecting a fault on connected device.
Off| PoE1 not providing power to connected device.
PoE2| Green| Solid| PoE2 providing power to connected device.
Blinking fast| PoE2 has an internal hardware failure.
Blinking slowly**| PoE2 is denied power (e.g. connected device requesting
power above max. power capacity) or is detecting a fault on connected device.
Off| PoE2 not providing power to connected device.
Support and Documentation
For more information and technical support, please visit www.sophos.com/enus/support or contact your local Sophos reseller. Check our Getting Started resources to find out how you can get the most out of your purchase www.sophos.com/getstartedfirewall