Skip to content

Add a firewall with Zero Touch

You can deploy Sophos Firewall using Zero Touch configuration.

Zero Touch lets you specify all the firewall settings in a configuration file. You then send that file to another administrator (for example, in a branch office) who can use it to deploy the firewall without entering any more settings.

Zero Touch configuration is available for hardware firewalls. You'll manage these firewalls from Sophos Central.

What to do in Sophos Central

In Sophos Central, do as follows:

  1. Go to My Products > Firewall Management > Firewalls.
  2. Click Add Firewall and then click Add a new Firewall.
  3. Enter the serial number of your Sophos Firewall, and click Next.

    Claim firewall appears.

    Claim firewall window.

  4. Click Claim and Continue.

  5. Click Next.
  6. Accept the license agreement and click Continue.
  7. Select the name and time zone of the firewall and click Continue.
  8. Check the licensed features, opt into the customer experience improvement program if you want to, and click Continue.
  9. Configure your LAN settings.
  10. Click Edit Internet Connection to configure your WAN settings.
  11. Click Apply, then Continue.
  12. Select your Network protection settings, then click Continue.

    Network protection window.

  13. Check your Configuration summary, then click Finish.

  14. For the zero touch mode, select Administrator applies configuration from USB drive, then click Continue.

  15. Select Auto approve for Central management, then click Continue.
  16. Download the light-touch configuration file, then click Next.
  17. Copy the Zero Touch configuration file onto a USB stick.

What to do on Sophos Firewall

At the site where the firewall needs to be deployed, the local administrator must do as follows:

  1. Connect the firewall to the internet.

  2. Plug the USB stick into the firewall device and power it on.

    The firewall detects the Zero Touch configuration file and accepts the internet settings (if any).

Accept the firewall

In Sophos Central, do as follows:

  1. Go to My Products > Firewall Management > Firewalls.
  2. Search for your firewall's serial number.
  3. Click Accept services.

    Once you accept the firewall, the remaining settings are applied.

To access your firewall from Sophos Central, do as follows:

  1. Click on your firewall's name.
  2. On the firewall, go to Administration and scroll down to Default admin's password settings.
  3. Enter and confirm your password and click Apply, then click OK to confirm.

You can now add the firewall to a group and manage it through Sophos Central.

Note

If you don't set an admin password, administrators may have trouble accessing the firewall if it loses its internet connection or is disconnected from Sophos Central.