Introduction
For more information about your appliance, visit www.sophos.com/get-started-firewall.
Before you begin, please confirm that you have a working Internet connection and the account information provided by your ISP.
1. Before Deploying
Congratulations on the purchase of your Sophos XGS appliance. This Quick Start Guide describes in short steps how to connect your appliance and explains how to open the web-based Admin Console from your administration PC. The Admin Console allows you to configure every aspect of the appliance.
a) What is included in the box
- Sophos XGS 116(w)/126(w)/136(w) appliance
- This Quick Start Guide and Safety Instructions
- 3 antennas (for XGS 126w/136w models; 2 antennas for XGS 116w model)
- Power Adapter
- Micro USB cable
- RJ45 Ethernet cable
- Power cable
b) Appliance Images: Front and Back
XGS 116(w)
Front View:
- 1 x USB 2.0 port
- 1 x COM Micro USB port
- Status LEDs (w-model includes an additional WiFi LED)
- 1 x COM (RJ45) port
- F1: 1 x SFP fiber port
- 1 x GbE copper port
- Optional module expansion bay
Back View:
- Power supply connectors
- 1 x USB 3.0 port
- 6 x GbE copper ports
- 1 x GbE PoE port
- Connector for optional 2nd redundant power supply
XGS 126(w)/136(w)
Front View:
- 1 x USB 2.0 port
- 1 x COM Micro USB port
- 3 x external antennas (for XGS 126w/136w models only)
- Status LEDs (w-model includes an additional WiFi LED)
- 1 x COM (RJ45) port
- F1-F2: 2 x SFP fiber ports
- Optional module expansion bay
Back View:
- Power supply connectors
- 1 x USB 3.0 port
- 10 x GbE copper ports
- 2 x 2.5 GbE PoE ports (on XGS 136(w))
- 2 x GbE PoE ports (on XGS 126(w))
- Connector for optional 2nd redundant power supply
Interfaces
LAN Ports
| Port(s) | Type | Speed | Comment |
|---|---|---|---|
| 1-8 | RJ45 | 10/100/1000 Mbps | Port 8 on XGS 116(w) can power a connected device (e.g., access point, IP camera, or IP Phone) via PoE with up to 30W (PoE 802.3at). |
| 9-10 (XGS 126(w)/136(w) only) | RJ45 | 100/1000 Mbps | Both ports can power a connected device (e.g., access point, IP camera, or IP Phone) via PoE with up to 30W (PoE 802.3at) each. |
| 11-12 (XGS 126(w)/136(w) only) | RJ45 | XGS 126(w): 100/1000 Mbps XGS 136(w): 100/1000/2500 Mbps | Both ports can power a connected device (e.g., access point, IP camera, or IP Phone) via PoE with up to 30W (PoE 802.3at) each. |
| F1 | SFP | 1 Gbps | SFP transceivers are sold separately. |
| F2 (XGS 126(w)/136(w) only) | SFP | 1 Gbps | SFP transceivers are sold separately. |
Other Ports
| Port | Type | Comment |
|---|---|---|
| COM | Micro USB [front] RJ45 [back] |
Connect a serial console to the Micro USB or RJ45 COM port to access the CLI. Only one port can be used at any time. If both ports are connected, the Micro USB port takes precedence. Required connection settings:
|
| USB | USB 2.0 [Type A] [front] USB 3.0 (Type A) [back] |
Connect a USB 2.0 and/or 3.0 compatible device (e.g., USB thumb drive, UPS, 3G/4G dongles). |
| Reset | Button | Press and hold for >10 seconds to reset the unit to factory default settings. All configuration, reports, and patterns will be flushed. |
Expansion Bay
| Module Type | Comment |
|---|---|
| Cellular Module | Can be used for Sophos XGS 3G/4G or 4G/5G Module (optionally available from your Sophos partner). |
| WiFi Module | Can be used for Sophos XGS WiFi Module (optionally available from your Sophos partner). |
2. Mount and Connect the Appliance
Mount the antennas (for wireless models only)
Connect the provided antennas to the connectors on the back of your appliance and align them in a vertical position.
Connect the ports to the internal and external networks
- Connect port 1/LAN via a switch to the internal network using the provided RJ45 Ethernet cable. Your Administration PC must also be connected to this network.
- Connect Port 2/WAN to the external network. The connection to the WAN depends on the type of Internet access.
Default Settings
XGS appliances are shipped with the following default settings:
| Ethernet Port | IP Address | Zone |
|---|---|---|
| 1/LAN | 172.16.16.16/255.255.255.0 | LAN |
| 2/WAN | DHCP | WAN |
| Admin Console Username | Admin Console Password | CLI Console Password |
|---|---|---|
| admin | admin | admin |
| Default Gateway | DNS | DHCP Service |
|---|---|---|
| DHCP | DHCP | Enabled |
Mount the appliance to the rack
If you want to mount the device within a rack, use the optionally available rackmount kit for this device.
3. Power Up the Appliance
Connect the power cable and turn on the appliance
Connect the appliance to the power supply using the power cable(s). Turn the appliance on using the power switch located on the back near the power connection. During boot up, the Status LED on the front will blink green. Once the device has booted completely, the Status LED will turn solid green.
4. Connect Your Administration PC
Administration PC connection properties
Use the following settings to configure your PC/laptop network interface:
- IP address: 172.16.16.2
- Netmask: 255.255.255.0
- Default Gateway: 172.16.16.16 (appliance's internal network card, Port1/LAN)
- DNS Server: 172.16.16.16 (appliance's internal network card, Port1/LAN)
Connect your PC/laptop to Port 1/LAN of the appliance
Start your browser and enter the IP address of the appliance's LAN port that your PC is connected to: https://172.16.16.16:4444
Login with the default details:
- Username: admin
- Password: admin
Network Diagram: A network diagram illustrates the connection: Internet connects to a DSL modem, which connects to the WAN port (Port 2) of the XGS Appliance. The LAN port (Port 1) of the XGS Appliance connects to a switch, which then connects to an internal network client PC.
5. Set Up the Appliance
a) Start network configuration
Select 'Click to begin' on the 'Welcome' screen to start your basic appliance configuration. Change the interface IP addresses, default gateway, DNS settings, and date/time zone to match your local network settings.
b) Register the appliance
If you have not previously registered your appliance on MySophos, you will see the registration screen "Register Your Firewall." The appliance requires Internet connectivity for registration with MySophos. If you wish to register later, check the box "I do not want to register now" and proceed with section c).
If you have a serial number from your License Schedule, enter it in the first field and click "I have an existing serial number." Otherwise, click "I don't have a serial number (Start a Trial)."
If you are upgrading from an existing UTM/SG appliance and want to migrate your UTM license to your new firewall, click the respective button and browse for your UTM license to upload it.
After clicking 'Continue', you will be redirected to the MySophos portal. Log in to your MySophos account or sign up if you are a new user.
Click 'Continue' to complete the registration process. This may take a few seconds. After successful registration, you will see the message, 'Your device is now registered'. Proceed to 'Synchronize License' only after successful registration.
c) Synchronize license
Click 'Initiate License Synchronization' to retrieve license information from Sophos onto the appliance. After synchronization, you will see the message, "Synchronization with server was successful."
6. Connecting PoE Powered Devices
Ports 8 (on XGS 116(w)) and 11/12 (on XGS 126(w)/136(w)) can provide power over Ethernet (PoE) to connected devices conforming to standards 802.3af (max. 15.4W) or 802.3at (max. 30W). Each port can provide up to 30 watts max.
Note: If a high-performance expansion module is used in an XGS 126(w) or XGS 136(w) module slot, the maximum power of one PoE port will be limited to 15.4 watts.
For more information about high-performance expansion modules, visit www.sophos.com/en-us/support or contact your local Sophos reseller.
7. Appliance LED Codes
LEDs on each RJ45 Ethernet Connector
| LED | Color | State | Description |
|---|---|---|---|
| ACT/LNK (Left LED) |
Green | Solid | 1. The Ethernet port has established link. 2. Good connection between the Ethernet port and hub. |
| Flashing | The adapter is sending or receiving network data. | ||
| Off | 1. The adapter and switch are not receiving power. 2. No connection between both ends of network. 3. Network drivers have not been loaded or do not function correctly. |
||
| Speed (Right LED) |
Amber | On | If Ethernet port is operating at 1000 Mbps. |
| Green | On | If Ethernet port is operating at 100 Mbps. | |
| Off | If Ethernet port is operating at 10 Mbps. |
LEDs on each SFP Connector
| LED | Color | State | Description |
|---|---|---|---|
| ACT/LNK | Green | Solid | 1. The SFP connector is receiving power. 2. Good connection between the SFP port and hub. |
| Flashing | The adapter is sending or receiving network data. | ||
| Off | 1. The adapter and switch are not receiving power. 2. No connection between both ends of network. 3. Network drivers have not been loaded or do not function correctly. |
LEDs (Front)
| LED | Color | State | Description |
|---|---|---|---|
| Storage | Blue | Flashing | SSD is being accessed. |
| Green | Solid | Normal operation. | |
| Flashing | Device is booting up or shutting down. | ||
| Red | Solid | SSD or boot failure. | |
| Flashing | General error (please contact support). | ||
| WiFi | Green | On | WiFi is active. |
| Off | WiFi is inactive. | ||
| Power 1 | Green | Solid | Power adapter 1 in normal operation. |
| Red | Solid | Power adapter 1 failed or disconnected. | |
| Power 2 | Green | Solid | Power adapter 2 in normal operation. |
| Red | Solid | Power adapter 2 failed or disconnected. |
PoE LEDs (Front)
| LED | Color | State | Description |
|---|---|---|---|
| PoE1 | Green | Solid | PoE1 providing power to connected device. |
| Blinking fast* | PoE1 has an internal hardware failure. | ||
| Blinking slowly** | PoE1 is denied power (e.g. connected device requesting power above max. power capacity) or is detecting a fault on connected device. | ||
| Off | PoE1 not providing power to connected device. | ||
| PoE2 | Green | Solid | PoE2 providing power to connected device. |
| Blinking fast* | PoE2 has an internal hardware failure. | ||
| Blinking slowly** | PoE2 is denied power (e.g. connected device requesting power above max. power capacity) or is detecting a fault on connected device. | ||
| Off | PoE2 not providing power to connected device. |
* The blinking behavior is an on/off cycle approx. once every 0.3 seconds.
** The blinking behavior is an on/off cycle approx. once every 2.5 seconds.
8. Support and Documentation
For more information and technical support, please visit www.sophos.com/en-us/support or contact your local Sophos reseller.
Check our Getting Started resources to find out how you can get the most out of your purchase: www.sophos.com/get-started-firewall
Contact Information
United Kingdom Sales
Tel.: +44 (0)8447 671131
Email: sales@sophos.com
North American Sales
Toll Free: 1-866-866-2802
Email: nasales@sophos.com
Japan Sales
Tel.: +81 3 3568 7550
Email: sales@sophos.co.jp
China Sales
Tel.: +86-10-6567 5820
Email: sales@sophos.co.jp
Sales DACH (Deutschland, Österreich, Schweiz)
Tel.: +49 (0) 611 585 8-0
Tel.: +49 (0) 721 255 16-0
E-Mail: sales@sophos.de
Shanghai Sales
Tel.: +86-21-32517160
Email: sales@sophos.co.jp
Australia and New Zealand Sales
Tel.: +61 2 9409 9100
Email: sales@sophos.com.au
