Sophos Xg Virtualbox

Posted on  by admin

The widespread nature and severity of coronavirus (COVID-19) continues to raise challenges on a variety of fronts. For many organizations, one of those is the need to enable employees to work from home until it’s safe to return to the office.

The Sophos XG is a next-generation firewall packed with enterprise-grade features. The team at Sophos have been kind enough to offer a FREE software version of this firewall for home users, which. There are eight alternatives to Sophos XG Firewall for a variety of platforms, including Linux, Windows, the Web, BSD and VirtualBox. The best alternative is pfSense, which is both free and Open Source. Other great apps like Sophos XG Firewall are ClearOS (Free, Open Source), Sophos UTM (Paid), Endian Firewall Community (Paid, Open Source).


Sophos Xg Firewall Home Edition Virtualbox

Solutions for remote working exist, but they can be costly and complex to implement. And, they may not offer the level of security you need.

If you’re looking for a solution that solves each of these issues, Sophos can help. You can take advantage of our free 90-day XG Virtual Firewall Free Trial to get your employees securely connected from home.

XG Virtual Firewall is available on your favorite virtual platforms including VMware, Hyper-V, Citrix XenApp, and KVM. It provides a bevy of connectivity and security features and it’s easy to set up. Simply visit the free trial page, fill out the form, and you’re off.

Secure connectivity for remote workers

A nice aspect of the virtual free trial is its multi-platform support. You can also select the hardware you want to install it on, which makes the process more convenient.

XG Virtual Firewall includes a base license that offers remote connectivity options for users, including both IPsec through Sophos Connect client, and SSL VPN. Both provide secure methods for connecting from home back to the corporate office and accessing resources such as email, applications, and documents.

Your free trial also includes a FullGuard security bundle that protects your firewall and connected devices from threats such as ransomware, breaches, phishing emails, and more.

You can even add additional services such as Sophos Intercept X to take advantage of our Synchronized Security feature, which shares telemetry data on the health status of each connected device in addition to isolating any endpoint that does become infected so the infection can’t spread laterally to other hosts.

Setting up your XG Virtual Firewall free trial

Keeping your organization running smoothly can be challenging during the best of times. As we switch to a “work from home” model until it’s safe to return to the office, having a solution that meets your remote connectivity and security needs can help make things easier. And, it doesn’t need to be difficult to get up and running quickly.

We’re here to make your XG Virtual Firewall Free Trial simple to deploy and configure so your remote employees can get connected and stay productive. Here are some resources to help you get started.

If you have questions at any point during your free trial please visit our knowledgebase, review our how-to videos, documentation, or contact us.

Sophos Xg Virtualbox Windows 10

After 90 days

Sophos Xg Home Virtualbox

Should you wish to continue using XG Firewall once the free 90-day trial ends, we can help you transition to a hardware, virtual or cloud instance of XG Firewall. Speak to your Sophos representative to discuss your requirements.

This article describes the steps to configure SSL VPN remote access.

The following sections are covered:

  • Configuring Sophos Firewall
  • Configuring SSL VPN client
Sophos Xg Virtualbox

Applies to the following Sophos products and versions
Sophos Firewall

Defining SSL VPN group and users

Go to Authentication > Groups and create a group for remote SSL VPN users.

Go to Authentication > Users and create remote SSL VPN users.

Defining local subnet and remote SSL VPN range

Go to Hosts and Services > IP Host and define the local subnet behind Sophos Firewall.

Go to Hosts and Services > IP Host and define the remote SSL VPN range.

Note: Please make sure that the LAN and VPN assigned networks are not the same.

Defining remote SSL VPN policy

Go to VPN > SSL VPN (Remote Access) and select Add to create an SSL VPN policy.

Verifying the authentication services for SSL VPN

Go to Authentication > Services andmake sure that Local authentication server is selected under SSL VPN Authentication Methods section.

Note: Also make sure that Local authentication server is selected under Firewall Authentication Methods section. This is needed for remote users to logon to the portal to download the SSL VPN client software later in this article.

Verifying the allowed zones for SSL VPN

Go to Administration > Device Access and allow SSL VPN and User Portal for WAN and LAN zones under Local Service ACL section. Add other zones as required.

Configuring advanced SSL VPN settings

Go to VPN and select Show VPN Settings.

Under SSL VPN tab, verify the IPv4 Lease Range configured earlier and set the rest of options as required.

Note: If the XG Firewall do not have a public IP assigned on the WAN interface but behind a NAT device, set the public IP in the Override Hostname field. This sets the SSL VPN client configuration file to use this public IP when establishing the connection. The NAT device has to be configured to forward the SSL VPN connection to the XG Firewall.

Creating a firewall rule

Go to Firewall,click + Add Firewall Rule and select User/Network Rule.


  • If there is multiple firewall rules from VPN to LAN zones, then put the above firewall rule at the top of the list as described in Sophos XG Firewall: How to change firewall rule order.
  • It is possible for the remote host to access the internet via the XG Firewall. To do this, create a firewall rule with VPN as the source zone and WAN as the destination zone.

Downloading the SSL VPN client software

Sophos Xg Virtualbox Free

From a browser, logon to the user portal using the Sophos Firewall’s public IP address and the user portal https port. In this example, user portal is accessible at

Note: You can find the user portal https port configured in Sophos Firewall by going to Administration > Admin Settings under Port Settings for Admin Console section.

Once logged into the portal, download the SSL VPN client for the required endpoint accordingly. In this article, we will download and install the client and configuration for Windows 10.

Sophos Xg Virtualbox

Installing the SSL VPN client software on Windows

Run the downloaded SSL VPN client.

Note: If you have an application control software, make sure to unblock OpenVPN and SSL VPN Client for Windows in order for the installation to be successful.

Sophos Xg Virtualbox Download

Click Next and follow the wizard.
Accept the license agreement.
Choose the folder location and click Install.
Monitor the installation process.
Click Finish to complete the installation.
Once installed, start the VPN authentication by clicking on the traffic light symbol in the task bar.
Log in using the same credentials for the user portal.
The traffic light will change from red (disconnected) to red and amber (negotiating/connecting). As soon as the traffic light changes to green, a pop up message appers confirming the SSL VPN connection is established.

From your Windows machine, verify that you have been assigned an IP address from the SSL VPN range configured earlier in Sophos Firewall.

Note: You can also verify the route injected by the SSL VPN client by running route print command.

Sophos Xg Virtualbox Extension

From Sophos Firewall, go to Firewall and verify that rmote SSL VPN access rule allows ingress and egress traffic.

Go to Current Activities > Live users to verify SSL VPN users.

Go to Report > VPN to verify remote SSL VPN users list.