Sophos Firewall zero-touch deployment

Credit to Author: Chris McCormack| Date: Mon, 14 Oct 2024 11:00:12 +0000

The new XGS Series desktop appliances launched last week are ideal for distributed locations, such as retail franchises and branch offices. Often, those remote locations have no IT staff on-site, and the resources required for a firewall installation are not always readily available.

While Sophos Firewall introduced true zero-touch deployment in v20 MR1, the new 2nd Gen XGS Series desktop appliances are the first Sophos Firewall products to ship with this capability out of the box, enabling them to be easily deployed with zero touch.

While some vendors will charge an add-on fee or require the purchase of professional services for this functionality, Sophos zero-touch deployment comes at no extra cost.

With this new zero-touch solution, a USB device is no longer required, making zero-touch deployments a lot simpler. The firewall will now automatically connect to Sophos Central to download configuration information.

Zero Touch how to

For scenarios where you prefer to use a USB device, it is still possible.

How it works

  1. Add the new firewall in Sophos Central
  2. Drop-ship the device to the desired location and have someone on-site connect it to the Internet
  3. The firewall will auto-connect to Sophos Central
  4. Finish the configuration in Sophos Central

Watch this demo video for an overview of how it works:ZT video

Consult the online documentation for more details.

Easy upgrades from XG to XGS

AssistantIf you’re upgrading an XG Series to the latest XGS Series appliances, you can not only take advantage of zero-touch deployment, but also the new any-to-any backup/restore assistant with port mapping to make the upgrade easy:

  • Simply take a configuration backup of your XG Series device before you deploy your new XGS Series
  • Once the new XGS Series device is online, it will automatically upgrade the firmware to the latest release to get the benefits of the new backup/restore assistant
  • Restore the backup of your XG Series device to your new firewall utilizing the port-mapping assistant
  • Since Sophos Central credentials are not included in the restore process to a different device, re-register the firewall with Sophos Central

To learn more about the new 2nd Generation XGS Series desktops firewalls, check out the launch announcement and video.

http://feeds.feedburner.com/sophos/dgdY