Sophos Xg Aws

Posted on  by admin

XG Firewall is provided as a virtualized security appliance that runs on an Amazon EC2 instance and deploys inline into an Amazon Virtual Private Cloud (VPC) to scan traffic entering and leaving.

Sophos was graded a Visionary in the Gartner Magic Quadrant. Its XG Firewall provides next-generation firewall protection that’s relatively easy to set up and manage. It blocks unknown threats. Amazon Web Services is the leading public cloud platform and Sophos has long been a leader in protecting networks and infrastructure in AWS. The introduction of XG Firewall to AWS brings unmatched visibility, protection and response to Amazon hosted cloud and hybrid networks.

This information is provided as-is without any guarantees. If you require assistance with your specific AWS environment, contact Sophos Professional Services.

Sophos Xg Aws
  1. Go to the Sophos AWS Marketplace Product page and choose which listing you want to use.

    XG Firewall is available for standalone deployment using both the BYOL and PAYG licensing methods. Free trial options are available for both license types.

  2. To subscribe to the software terms, click Continue to Subscribe.
  3. Then click Continue to Configuration.
  4. Choose your configuration options. Under Fulfillment Option, select the CloudFormation Template.
  5. Select your AWS region.
  6. Click Launch, which will redirect you to the AWS CloudFormation console.
  7. On the Create stack page, click Next.

    A CloudFormation template is used to simplify the process of deploying XG Firewall into an AWS account. The AWS Marketplace listing page redirects to the AWS CloudFormation console and starts a stack creation in your region of choice, as shown below.

  8. On the Specify stack details page, enter a Stack name.

    If you want to use an existing Virtual Private Cloud (VPC), leave the default parameters. If you want to create a new VPC, accept or change the default parameters for AMI ID, EC2 Instance size, Public Subnet Availability Zone, and Network Prefix.

  9. Enter the required parameters such as the trusted network CIDR used to manage XG Firewall, select the pricing option you wish to use (BYOL or PAYG), and enter the SSH key used for shell access to XG Firewall.
  10. If deploying into an existing VPC, enter the VPC ID, an existing public subnet ID, an existing private subnet ID, and choose to have the template create a new Elastic IP (EIP) or utilize an existing available EIP.
  11. Once all information is entered, click Next to continue.
  12. Click Next and then click Create Stack.

    Stack creation normally takes from five to ten minutes. When stack creation is complete, the status changes to CREATE_COMPLETE, as shown below. The Outputs tab shows the EIP assigned to the XG Firewall. After stack creation, the EC2 instance may need additional time to complete startup before it's ready. You can see the status of the EC2 instance in the EC2 Console. You can see details about the EC2 instance, including its physical ID under the Resources tab.

  13. When the EC2 Instance is running, copy the assigned Public IP and use both https and the web admin port to begin initial configuration: https://PublicIPAddress:4444.

    By default, XG Firewall uses a locally-signed certificate so your browser will show a warning message. Once you go past the certificate warning, you see the Welcome to Sophos XG Firewall page.

  14. Click Click to begin at the bottom of the screen.

    You're then prompted to perform basic configuration.

  15. Set a password for the default admin account used to sign in to the XG Firewall.
  16. Configure a firewall name and choose the time zone.
  17. Register your XG Firewall by taking one of the following actions:
    • Enter an existing XG Firewall serial number.
    • Start a 30-day trial (which will automatically generate an XG Firewall serial number).
    • Migrate an existing UTM 9 license.

    If you start a trial, you're redirected to the Sophos XG licensing portal, where a new serial number is generated.

    1. When complete, click Confirm Registration and Evaluation license.
    2. Click Initiate License Synchronization.

      Once the basic setup is complete, the license details are shown.

  18. If you want to configure advanced settings, click Continue. For AWS deployments, you only need to click Skip to finish.

XG Firewall is now available in the AWS marketplace with two flexible licensing options:

  • Pay-as-you-go (PAYG) license – ideal for short-term use
  • Bring-your-own license (BYOL) – our conventional multi-year term licenses

Amazon Web Services is the leading public cloud platform and Sophos has long been a leader in protecting networks and infrastructure in AWS. The introduction of XG Firewall to AWS brings unmatched visibility, protection and response to Amazon hosted cloud and hybrid networks. AWS customers can now take full advantage of the many innovations XG Firewall has to offer like Synchronized Security with Intercept X for Server, the new Xstream Architecture with high-performance TLS 1.3 inspection, and the latest machine learning Threat Intelligence and sandboxing protection from Ransomware and other advanced threats.

Sophos xg aws ha

Crucially, it enables customers to manage a multi-cloud security strategy from a single cloud console in Sophos Central; including network security with XG Firewall; cloud workload protection with Intercept X for Server; and cloud security posture management with Cloud Optix.


XG Firewall brings full network security and control to AWS integrated into a single solution:

  • Xstream Deep Packet Inspection (DPI)
  • Intrusion Prevention System (IPS)
  • Web filtering, protection and application control
  • AV and AI machine-learning threat protection and sandboxing
  • TLS inspection with native support for TLS 1.3
  • A full-featured Web Application Firewall

In the coming months we will be extending XG Firewall’s integration into AWS with enhancements like auto-scaling, CloudFormation template support, CloudWatch integration and more.

Sophos Xg Aws Byol

Check out the full FAQ to learn more about XG Firewall on AWS

With XG Firewall now available in AWS as well as Microsoft’s Azure public cloud platform, XG Firewall further extends its industry-leading deployment options with support for any combination of cloud, virtual, software, or XG Series hardware appliances making it able to fit any customer network both now and in the future.

Learn More about XG Firewall protection for your cloud infrastructure.

Getting Started Resources:


Sophos Xg Aws Download

Note: The MSP Flex Price List has also been updated to include XG Firewall in AWS