How to Connect Your Sophos XG Firewall to Our Central Management (SFM)

Quick Reference

  1. Domain:
  2. Use settings from photo below.


Applicable Version: 15.01.0 onwards 

Feature Description

Sophos Firewall Devices can be monitored and managed with the help of Sophos Firewall Manager (SFM). SFM aids in Configuration Updates as well as Signature Updates for any added Sophos Firewall Devices.

The SFM administrator can either manually add Sophos Firewall Devices or add them through the Wizard.


Integrate a Sophos Firewall Device with SFM.

The configuration is divided into the following two sections:

  1. Sophos Firewall Configuration
  2. Sophos Firewall Manager Configuration 

Sophos Firewall Configuration

You must be logged in to the Web Admin Console as an administrator with Read-Write permissions for the relevant feature(s).

Go to System > Administration > Central Management, click Enable Central Management and enter the parameters in the table below.




Central Management Details

Enable Central Management


Click to enable central management.

IP Address/Domain

Enter the IP Address/Domain for Central Management.

Device Management


Central management must be enabled to implement Device Management by SFM.

Click to enable Device Management.

Communication Details

Heartbeat Protocol


Select Heartbeat Protocol from the available options.

Available Options:

  • Syslog


Selected Heartbeat Protocol specifies how the information will be provided to Central Management.

Heartbeat Port


Enter the Heartbeat Port if HTTPS is selected as the Heartbeat protocol.

Central Management receives heartbeat information through the specified port.

The default Heartbeat Ports are:

·Syslog – 6514

·HTTP – 443

Configuration Synchronization

Synchronization Mode

Device will fetch configuration changes from Central Management

Select the method to be used for sending configuration updates:

Available Options:

  • Central Management will push configuration changes to the Device: Select this option if the device is directly connected to the Internet. In this case, the Central Management continues to pass updates to the device when any configurations are updated.
  • Device will fetch configuration changes from Central Management: Select this option if the device is behind a NAT device. In this case, the device continues to ask for configuration updates from the Central Management.



Enter the port which will receive the configuration updates.

The default Ports are:

  • Syslog: 6514
  •  HTTP: 443

Content Distribution


Click to enable Content Distribution.

Content Distribution Port


Enter the port for Central Management when Central Management is configured as an Update Server for the device.

The device receives the signature updates on the selected port.

Default Port: 80


The port number must be the same as it was configured in Central Management, and the option “Any Device that has this Central Console configured as an Update Server” has to be enabled in the Central Management.


Click Apply to enable Sophos Firewall management through SFM.


Sophos Firewall Manager Configuration

You must be logged in to the Web Admin Console as an administrator with Read-Write permission for the relevant feature(s).

Sophos Firewall Devices can be added to SFM using either of the following methods:

  1. Manual
  2. Wizard
Manual Addition of Sophos Firewall Devices

Go to System Management > Device Settings > Managed Devices > Devices and click Add.

Upon clicking Add, the Add Device Screen will appear. Enter the details of the Sophos Firewall device to be added, as shown in the table below.




Device Name

Sophos Firewall

Enter the Sophos Firewall device name.

Serial Number


Displays the Sophos Firewall serial number.


Displays the IP address of Sophos Firewall device.

Admin Username


Enter the administrator username.

Password and Confirm Password

Sophos Firewall

Enter the password for the administrator user and confirm it.



Select the configuration template to apply to the Sophos Firewall device.


All Users

Select which users can access and manage the device based on their profile privileges.


Click Test Connection to verify the connection between SFM and Sophos Firewall. If the connection is successful, a notification of success will appear. If it is unsuccessful, an error message is displayed.

Click Save to complete.

Add Sophos Firewall Device through the Wizard
  • Click    in the upper right corner of the Dashboard to see the list of all discovered Sophos Firewall Devices.


·         Click  next to the Sophos Firewall Device to run the Wizard for adding devices.

Alternatively, go to System Management > Device Settings > Managed Devices > Devices and click Wizard to run the Wizard for adding devices.



The Wizard takes you step-by-step through the process of adding devices and configuring certain core features of device management, like firmware backup & restore and template configuration.

Step 1: Device

Enter the Sophos Firewall's Device Information, as shown below.

Click Next to continue.


Step 2: Communication

Select the Communication mode for device synchronization. Select Users or Groups from the list.


Click Next to continue.



Step 3: Firmware

Enter the firmware upgrade options for the Sophos Firewall Device. The Device will be upgraded after it is added to SFM.


Click Next to continue.



Step 4: Backup

Configure the Backup and Restore options. You can restore any existing configuration backup to the Sophos Firewall Device to be added.


Click Next to continue.



Step 5: Template

You can apply any preconfigured template to the Sophos Firewall Device. Check Yes and select the Template from the list, as shown below.

Click Next to complete.


A summary is displayed at the end of the wizard which shows the configuration details of the Sophos Firewall Device.

Click Finish to complete the wizard. 


If you want to change the configuration, click Back to return to the previous sections.


Document Version: 1.0 – 30 October, 2015


Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk