Sophos Xg On Azure



Sophos xg setup guide

Nov 27, 2016 In the deployment templates on Azure I see a Sophos XG machine. Presumably I could configure that as my UTM to protect my resources on Azure. Can I connect my users and offices to my Azure virtual network via RED devices we already own, and currently use to connect remote users to the home office? Login to the XG Firewall web UI and navigate to Configure Authentication Servers Add and use the following settings we have from the Azure AD domain services. Import the groups from Azure AD as shown below. Select the server from the list of authenticated servers.

Azure

With the Sophos Firewall release 18.0.5 or also called v18 MR5, Sophos brings new features besides bug fixes.

IPsec performance improvements

Azure

With the MR3 release, SSL VPN performance was tweaked to suddenly allow more SSL VPN connections on the same hardware. With MR5, more IPsec connections are now also possible via the Sophos Connect client.

WAF and SSL VPN with Port 443

Sophos

The Web Application Firewall is one of the rather rarely used modules of the Sophos Firewall. The problem was often that applications were secured with port 443 (HTTPS). Unfortunately, this meant that it was no longer possible to use the same port for the SSL VPN. With MR5, the WAF and SSL VPN can now be used together on port 443.

Azure Active Directory

This new feature will also please some of our customers. Sophos Firewall can now be used with Azure Active Directory, without the expensive “Azure Active Directory Domain Services” from Microsoft. How this works is beautifully explained in the KB post from Sophos: Sophos XG Firewall: Integrate XG Firewall with Azure AD

Other new features

  • Sophos lists all other updates in the release article: Sophos v18 MR5
  • For the release notes, bugfixes, known issues, Sophos has now created a new, nice and clear web page: Sophos v18 MR5 Release Notes

Connect Sophos XG Firewall Data To Azure Sentinel | Microsoft ...

Businesses move to the Public Cloud for a variety of reasons, whether it’s flexibility, the ability to customize, or lower costs. That’s why Sophos XG Firewall has been available through the Microsoft Azure Marketplace for some time, offering pay-as-you-go (PAYG) and bring-your-own-license (BYOL) options, providing industry leading price-performance, and the ultimate in flexibility.

Best value in price-performance on Azure

Sophos Xg On Azure Cloud

Sophos

XG Firewall for PAYG delivers all features and functionality of XG Firewall on Azure (FullGuard License), including Network Protection, Web Protection, Email, and Web Server Protection modules ­– already installed and ready to go. And we’re pleased to announce we recently updated the template package for our Azure Marketplace offer of XG Firewall.

Sophos Xg Azure Mfa

New PAYG pricing and recommended VM performance tiers

You now have complete flexibility to select any virtual machine series* for your XG Firewall, allowing you to fine-tune your virtual machine selection and compute costs to meet your exact requirements. Plus, our recommended Fsv2-series has been chosen to provide the best value in price-performance in the Azure portfolio based on the Azure Compute Unit (ACU) per vCPU.

Recommended VM sizesPerformancePrice per hour**
Standard_F2s_v2Dev/Test (<50 users)$0.575
Standard_F4s_v2Small (50-200 users)$1.15
Standard_F8s_v2Medium (200-4000 users)$2.30
Standard_F16s_v2Large (400-1500 users)$4.60
Standard_F32s_v2Extra Large (1500 – 5000 users)$9.20
Standard_F64s_v2Enterprise (5000+ users)$18.40

*Virtual machine series exceptions A0, A1, B1 and B1ms
** Prices listed are in U.S. dollars. You can find pricing in your local currency by using the Azure Pricing Calculator

In the same update, your current PAYG pricing for new and existing XG Firewall Azure VMs may change dependent on the country where you purchase Azure services. From March 10, 2020 Sophos will use standardized currency exchange rates to localize your pricing based on the U.S. dollar pricing in the table above. This will not affect services currently payed for in US Dollars. Microsoft will notify you of any changes to pricing affecting your bill prior to the correction.

Now sell XG Firewall in more regions than ever

Providing our partners with greater flexibility will also extend to licensing in this update, with two major improvements to PAYG and BYOL options.

PAYG is now available in 12 additional regions:

  • Armenia
  • Belarus
  • Brazil
  • Croatia
  • Monaco
  • Russia
  • Saudi Arabia
  • Serbia
  • South Africa
  • South Korea
  • Turkey
  • United Arab Emirates

BYOL availability grows from 90, to all 141 Azure enabled countries – a huge expansion to help you become more competitive than ever selling Sophos XG Firewall on Azure. See all 51 new countries below:

  • Afghanistan
  • Albania
  • Andorra
  • Angola
  • Armenia
  • Azerbaijan
  • Bangladesh
  • Barbados
  • Belize
  • Bermuda
  • Bolivia
  • Bosnia and Herzegovina
  • Botswana
  • Brunei
  • Cabo Verde
  • Cameroon
  • Cayman Island
  • Côte d’Ivoire
  • Curaçao
  • Ethiopia
  • Faroe Islands
  • Fiji
  • Georgia
  • Honduras
  • Iraq
  • Jamaica
  • Kyrgyzstan
  • Lebanon
  • Libya
  • Macao SAR
  • Mauritius
  • Moldova
  • Mongolia
  • Namibia
  • Nepal
  • Nicaragua
  • Palestinian Authority
  • Rwanda
  • Saint Kitts and Nevis
  • Senegal
  • Tajikistan
  • Tanzania
  • Turkmenistan
  • Uganda
  • Uzbekistan
  • Vatican City
  • Vietnam
  • Virgin Islands of the United States
  • Yemen
  • Zambia
  • Zimbabwe

We hope this important update enables you to be more competitive as a Sophos Partner, and provide a service that meets the exact requirements of your customers’ who have already moved or are planning to move to Microsoft Azure.