sophos安装指南

Sophos Anti-Virus for vShield安装配置手册Sophos Anti-Virus vShield安装配置手册文档修订记录修改记录批准记录Sophos Anti-Virus for vShield安装配置手册目录1.关于Sophos Anti-Virus VMware vShield (3)1.1关于Sophos Anti-Virus VMware vShield (3)1.2支持的Guest VM平台 (3)1.3安装中的关键步骤 (4)1.4系统要求说明 (4)1.4.1VMware要求 (4)1.4.2vMotion (6)1.4.3Guest VM要求 (6)1.4.4检查防病毒产品不兼容 (6)1.4.5Sophos 软件要求及设置 (6)2.安装Sophos security VM (7)2.1环境说明 (8)2.2参数配置图文说明 (8)2.3下载并安装SSVM (10)2.4检查系统时间同步 (19)2.5检查是否安装成功 (20)2.6设置SEC管理SSVM (20)3.安装vShield Endpoint Thin Agent (22)3.1检查是否安装 (23)3.2准备安装 (23)3.3安装Agent (24)3.3.1手动安装 (24)3.3.2自动安装 (25)4.检查SSVM是否工作正常 (26)4.1检查SSVM是否工作正常 (26)4.1.1查看防护效果 (27)4.1.2停止、启用vShield Endpoint Agent (27)4.2查看Agent是否启用 (27)5.反安装SSVM (29)5.1删除SSVM主机 (29)6.参考引用与术语 (33)6.1参考引用 (33)6.2术语 (34)7.技术支持 (34)Sophos Anti-Virus for vShield安装配置手册1.关于Sophos Anti-Virus VMware vShield1.1关于Sophos Anti-Virus VMware vShieldSophos Anti-Virus VMware vShield是一台安全虚拟机（SSVM），您可以设置如下：注意：Sophos security VM，安全虚拟机，以下简称为SSVM。

Sophos Firewall 强大的防护和性能Sophos Firewall 强大的防护和性能Sophos Firewall Xstream 架构设计提供极佳的可见性、防护和性能，帮助解决当前网络管理员面临的最大挑战。

TLS 1.3 检查现在约 99% 的 Web 流量加密，对大多数防火墙不可见。

许多组织发现，保护自己的网络防范越来越多的利用这一盲点的勒索软件、威胁和潜在有害应用程序时无能为力。

Sophos Firewall 能够实现高效且有效的 TLS 检查，不牺牲性能。

我们集成 Xstream Flow Processor 的 XGS 系列设备将 TLS 流量放在 FastPath 上以加速检查。

我们的高性能 TLS 检查引擎支持 TLS 1.3 而不降级，最新加密套件实现最大兼容性，同时增强了从仪表板检视加密流量的可见性。

深度数据包检查我们相信您再也不必在安全与性能之间取舍了。

Sophos Firewall 采用高速深度数据包检查 (DPI) 引擎扫描流量中的威胁，不使用减慢处理速度的代理。

防火墙堆栈可以将处理工作有效转移至 DPS 引擎，显著降低延迟，提高整体效率。

Sophos Firewall 通过高性能流传输 DPI 阻止最新勒索软件和外泄，包括下一代 IPS、Web 防护和应用程序控制，以及 SophosLabs Intelix 支持的深度学习和沙箱。

应用程序加速网络流量的很大一部分是受信任的业务应用程序流量，目的地是分支办事处、远程用户或云应用服务器。

因此，无需对威胁或恶意软件进行额外安全扫描，可以智能引导至 FastPath，减少延迟，优化整体性能，释放性能用于需要深度数据包检查的流量。

Sophos Firewall 自动或通过您自己政策加速您的 SaaS、SD-WAN 和云流量，如 VoIP、视频和其他受信任应用程序 – 放在 FastPath 上通过 Xstream Flow Processor。

ContentsAbout this guide (1)Sizing considerations (2)Architecture examples (6)Ports and protocols (16)EAS proxy usage scenarios (20)EAS proxy architecture examples (21)Technical support (27)Legal notices (28)Sophos Mobile1 About this guideThis guide contains deployment considerations for a Sophos Mobile system.It provides guidance on the proper dimensioning of a Sophos Mobile server installation in terms of hardware (for example CPU and memory) and software (for example database and virtualization) requirements, and it explains, on the basis of schematic diagrams, different usage scenarios for the integration of Sophos Mobile and the standalone EAS proxy into your organization's infrastructure.Sophos Mobile2 Sizing considerationsImportantThis section provides guidance on how to size the Sophos Mobile server based on some keycriteria. The recommendations are based on default settings of the relevant configurationparameters and on a reasonable distribution of device types, tenants (customers) andadministrators. If the setup for a customer differs significantly, the suggested values must to bemodified.Activities that generate loadThe following activities generate load on the Sophos Mobile server:•Administrator interaction: Any administrator interactively working in a customer account generates load. The load depends on the amount of interactive actions and the number of devices for that customer.•Self Service Portal interaction: Any user interactively working on the Self Service Portal generates load. The number of concurrent sessions is relevant for the sizing of a server.•Device Sync: The devices synchronize with the server in predefined intervals. Each sync operation generates load. The number of devices and the interval are relevant for the sizing of a server.•Policy/app distribution: Any device interaction, like lock or wipe, policy updates or app distribution generates server load. The server is able to distribute the load over time (batching), but the servermust be sized to handle that additional load.•Email traffic: The EAS proxy acts as a gateway for email communication. The server load depends on the number of devices syncing email and the sync period. If the EAS proxy is installed on a different server, this load can be neglected. More than one active EAS proxy can add to theserver load, as the device status must be fetched regularly. Please note that, because all emailtraffic passes the EAS proxy, sufficient network bandwidth is required.System componentsA Sophos Mobile system can be divided into 3 main components:•Sophos Mobile server: The server manages all administrator and user interactions, the device sync and the policy and app distribution.•Database server: The database server (DB server) handles all read and write activities and queries. Most of the SMC server activities result in a DB server action. The DB server can beinstalled either on the same or different hardware server as the Sophos Mobile server.•EAS proxy: All email traffic passes the EAS proxy. It is installed either as a component of the Sophos Mobile server (internal EAS proxy) or as a separate component on one or more externalservers (standalone EAS proxy).Sophos Mobile server sizingDefinitions:• 1 CPU equals to an Intel XEON core with 2.5 GHz.Sophos MobileSophos MobileSophos Mobile •On each malware scan, 256 bytes per app are used for online look-ups against the latest threat data in the SophosLabs database.•For downloading data updates for the antivirus engine, 10-20 KB per day are used on average.Sophos Mobile3 Architecture examplesLearn how to integrate Sophos Mobile server into your organization’s infrastructure.Communication overviewSophos Mobile Sophos Mobile in demilitarized zone (DMZ)Sophos MobileSophos Mobile in DMZ with incoming and outgoing traffic protectionSophos Mobile in backend with incoming and outgoing traffic protectionSophos Mobile as a Service communication overviewSophos Mobile cluster with Sophos UTM Web Application FirewallSophos Mobile cluster with Amazon Web Services CloudSophos Secure Email push notificationsSophos Mobile and Sophos SafeGuard Enterprise keyring synchronizationSophos Mobile and Microsoft Azure for Intune app protection and federated authentication4 Ports and protocols1If not available, Sophos Mobile has no information about iOS and macOS updates. For example, compliance rules regarding mandatory updates have no effect.2Required to use Exchange Web Services (EWS) notifications. See Sophos knowledge base article 127137.5 EAS proxy usage scenariosYou use IBM Notes Traveler (formerly IBM Lotus Notes Traveler) for non-iOS devicesThe internal EAS proxy is not suitable for this scenario because it only supports the ActiveSync protocol, which is used by Microsoft Exchange and by IBM Notes Traveler for iOS devices. IBMNotes Traveler for non-iOS devices (for example, Android) uses a different protocol that is supported by the standalone EAS proxy.For non-iOS devices, dedicated Traveler client software is required. This software is available through <traveler-server>/servlet/traveler or the Traveler file system. The Install Appand Uninstall App features of Sophos Mobile can be used to install and uninstall the Traveler client software. Configuration has to be performed manually.You want to support multiple backend serversWith the standalone EAS proxy you can set up multiple instances of backend email systems. Each instance needs an incoming TCP port. Each port can connect to a different backend. You need one URL per EAS proxy instance.You want to set up load balancing for EASYou can set up standalone EAS proxy instances on several computers and then use a load balancer to distribute the client requests among them.For this scenario an existing load balancer for HTTP is required.You want to use client certificate based authenticationFor this scenario an existing PKI is required and the public part of the CA certificate has to be set in the EAS proxy.You need to manage more than 500 devicesFor performance reasons, we recommend you use the standalone EAS proxy server instead of the internal version when email traffic for more than 500 client devices must be managed.6 EAS proxy architecture examplesLearn how to integrate the Sophos Mobile standalone EAS proxy into your organization’s infrastructure. The standalone EAS proxy is available for all installation types of the Sophos Mobile server:•Sophos Mobile on Premise•Sophos Mobile as a Service•Sophos Mobile in CentralEAS proxy with Sophos Mobile serverEAS proxy with Sophos Mobile in CentralClient certificate authorizationReverse proxySeveral proxy instances on different computersSeveral proxy instances on the same computerEAS proxy with IBM Traveler clientsEAS proxy behind a load balancerPowerShell modeYou can set up a PowerShell connection to an Exchange or an Office 365 server. This means that the EAS proxy service communicates with the email server through PowerShell to control the email access for your managed devices. Email traffic is routed directly from the devices to the email server. It is not routed through a proxy.PowerShell mode (Sophos Mobile in Central)7 Technical supportYou can find technical support for Sophos products in any of these ways:•Visit the Sophos Community at / and search for other users who are experiencing the same problem.•Visit the Sophos Support knowledge base at /en-us/support.aspx.•Download the product documentation at /en-us/support/documentation.aspx.•Open a ticket with our support team at https:///support/contact-support/ support-query.aspx.8 Legal noticesCopyright © 2019 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.。

sophos防火墙操作手册一、介绍Sophos防火墙是一种网络安全设备，用于保护企业内部网络免受恶意攻击和未经授权的访问。

本操作手册将指导用户熟悉Sophos防火墙的基本功能和操作方法，以便能够有效地配置和管理防火墙，确保网络的安全性和稳定性。

二、安装与设置1. 安装Sophos防火墙- 确保设备符合系统要求，并从官方网站下载最新的Sophos防火墙软件。

- 按照安装向导的指示，将软件安装到防火墙设备上。

2. 连接与初始化- 将Sophos防火墙与企业内部网络连接，并确保连接稳定。

- 首次启动Sophos防火墙后，根据界面提示完成初始化设置。

三、功能配置1. 设置网络接口- 进入Sophos防火墙管理界面，在网络设置中配置外部和内部网络接口，分配各个接口的IP地址和子网掩码。

2. 创建防火墙规则- 在防火墙规则设置中，创建和管理规则以控制网络流量的访问权限。

- 根据企业需求，设置允许或拒绝不同协议、端口和IP地址的访问。

3. 配置虚拟专用网络(VPN)- 通过设置VPN，实现远程办公和安全访问企业内部网络的需求。

- 配置VPN连接的加密方式、身份验证和访问权限。

4. 建立安全区域- Sophos防火墙支持创建安全区域，用于将不同部门、服务或区域划分为独立的网络区域。

- 在安全区域设置中，配置不同区域之间的访问规则，确保网络的安全和数据的隔离。

四、日志与监控1. 查看安全日志- 在安全日志界面，可以查看Sophos防火墙所记录的安全事件和操作日志。

- 根据需要，设置日志记录级别和存储周期，以及发送警报的方式。

2. 进行流量分析- 使用Sophos防火墙提供的流量分析工具，监控网络流量的状态和趋势。

- 通过流量分析，可以及时发现异常情况和潜在的安全威胁。

五、固件升级与维护1. 升级Sophos防火墙固件- 定期检查Sophos官方网站，获取最新的防火墙固件版本。

- 在固件升级界面，下载并安装最新的固件，以获得更好的性能和安全性。

ContentsIntroduction (1)Installation procedure (2)Configuring XG Firewall (4)Activation and Registration (4)Basic Configuration (4)Legal notices (8)Sophos XG Firewall Software Appliance1 IntroductionWelcome to the Getting Started Guide for Sophos Firewall Software Appliance (referred to in this document as “Sophos Firewall”). This guide describes how to download, deploy, and run Sophos Firewall as a software appliance on custom hardware.Minimum hardware requirementsThe device will go into fail-safe mode if the minimum requirements are not met.• 2 Network interface cards• 1 GB RAM•10 GB HDD/SSD sizeRecommended hardware requirements• 2 GB RAM•64 GB HDD/SSD sizeNoteSFOS 17 supports hard drives with a maximum of 512 GB.Sophos XG Firewall Software Appliance2 Installation procedure1.Download Software Image (ISO)a)Download the software image (ISO) from https:///en-us/products/next-gen-firewall/free-trial.aspx.b)You can install the downloaded ISO file on custom hardware, using an Installer.c)To create the Installer, see Creating an Installer.2.To install the software, you need to write the ISO to a standard USB thumb drive. On Windows:a)Download the Win32 Disk Imager utility from /projects/win32diskimager/.b)Run the utility, and browse the downloaded ISO file. The application will look for .IMG files.Change the file filter to (*.*), then locate and select the Sophos Firewall ISO file.c)Select the USB thumb drive on which you wish to install the ISO. The thumb drive should haveat least 1GB space. Writing the ISO to it will erase its current data.d)Once the process is complete, your thumb drive is ready to use.3.To install the software, you need to write the ISO to a standard USB thumb drive. On OS X:a)Open the Disk Utility included on OS X.b)Locate the thumb drive in the list of disks.c)On the partitions tab, change the volume scheme to “1 partition”, and the format to “FreeSpace”, then click apply.d)You need to convert the downloaded ISO file into a new format. Open a terminal window, andgo to the path where the ISO is stored.e)Run the command: hdiutil convert -format UDRW -o sf.img.dmg SW-SFOS_15.01.0-376.isof)The converted ISO will be renamed “sf.img.dmg”.g)Run the diskutil list and locate the path of the USB device.h)Write the converted ISO to your thumb drive, using the following command for reference: ddif=./sf.img.dmg of=/dev/rdisk9 bs=1mIn this command, the USB thumb drive’s path is /dev/disk9. Make sure that you use theactual path.Note:•The = path adds an “r” before the device path name. This is deliberate, and enables RAW disk access. You may leave the ‘r’ out, but the process will take place much more slowly.•You may need to run “sudo dd <rest of command>” for the imaging to work on your system.The process will take a few minutes to complete. When you are returned to the commandprompt, the thumb drive is ready, and can be ejected.If you face a problem, see http://borgstrom.ca/2010/10/14/os-x-bootable-usb.html for detailedinstructions.4.Installing Sophos Firewall.For the thumb drive to boot, you may need to change the BIOS settings since this is a SoftwareAppliance. You will also need to connect a monitor, keyboard, and a serial cable to the system tocomplete the installation. You will be prompted twice to start the installation.Sophos XG Firewall Software Appliance5.Booting: When the prompt appears, type y <enter> to start the installation procedure.The installation progress will be shown on the screen.6.When the installation is complete, remove the thumb drive, and reboot the device. The device willtake a few minutes to boot the first time.The system is now running Sophos Firewall Software Appliance.Sophos XG Firewall Software Appliance3 Configuring XG Firewall1.Browse to "https://172.16.16.16" from the management computer.2.Click Start to begin the wizard and follow the on-screen instructions.NoteThe wizard will not start if you have changed the default administrator password from theconsole.3.1 Activation and Registration1.Review and accept the License Agreement. You must accept the Sophos End User LicenseAgreement (EULA) to proceed further.2.Register Your Firewall. Enter the serial number, if you have it. You can also use your UTM 9license if you are migrating.Otherwise, you can skip registration for 30 days or start a free trial.a)You will be redirected to the MySophos portal website. If you already have a MySophosaccount, specify your sign-in credentials under “Login”. If you are a new user, sign up for aMySophos account by filling in the details under “Create Sophos ID”.b)Complete the registration process.Post successful registration of the device, the license is synchronized and the basic setup is done.3.Finish the basic setup. Click Continue and complete the configurations through the wizard. Whenyou finish the process, the Network Security Control Center appears.You can now use the navigation pane to the left to navigate and configure further settings.3.2 Basic ConfigurationYou can:1.Set up Interfaces2.Create Zones3.Create Firewall Rules4.Set up a Wireless Network1.To set up interfaces:a)You can add network interfaces and RED connections in the Configure > Network >Interfaces menu.b)You can add wireless networks in the Protect > Wireless > Wireless Networks menu.SSIDs will also be shown in the interfaces menu once created.c)You can add access points in Protect > Wireless > Access Points.Sophos XG Firewall Software ApplianceSophos XG Firewall Software ApplianceYou can see both these wireless networks in Protect > Network > Wireless Networks.e)Go to Protect > Wireless > Access Point Groups.f)Click Add to add a new access point group.g)Add both the wireless networks, and the new access point.If new APs have been installed, you can view these in Control Center.h)Click the pending APs to accept the new access points.i)Configure the settings of the new APs as shown in the image.Sophos XG Firewall Software Appliancej)Click Save.Sophos XG Firewall Software Appliance4 Legal noticesCopyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group.All other product and company names mentioned are trademarks or registered trademarks of their respective owners.。

Sophos Endpoint Security and Control 獨立電腦安裝指南Sophos Endpoint Security and Control 9.5Mac OS X 系統的 Sophos Anti-Virus 7：文件日期：2010 年 6 月目錄1 操作前準備事項 (3)2 防護Windows 電腦 (4)3 防護 Mac OS X 電腦 (9)4 技術支援 (11)5 法律聲明 (12)2獨立電腦安裝指南1操作前準備事項1.1系統需求如欲瞭解系統需求的相關資訊，請參閱 Sophos 網站的系統需求頁面(http://ww /products/all-sysreqs.html)。

另外，您必須連結至網際網路，才能透過 Sophos 網站下載防護軟體。

1.2您需要的資訊您將需要以下資訊，以便進行安裝與配置：■所需的Sophos Endpoint Security and Control獨立電腦安裝程式與/或Sophos Anti-Virus Mac OS X 獨立電腦安裝程式的網址與下載憑證。

■更新來源的位址 (除非您要直接透過 Sophos 網站下載)■需要用來存取更新來源的憑證■您可能用於存取更新來源的 proxy 伺服器資訊 (位址與埠號，使用者憑證)。

3Sophos Endpoint Security and Control2防護 Windows 電腦2.1安裝Sophos Endpoint Security and Control您必須以系統管理員身分登入，才能安裝Sophos Endpoint Security and Control.如果您已經安裝其他廠牌的安全防護軟體：■確保該廠牌的使用者介面已經關閉。

■請確保其他廠牌的防火牆與 HIPS 已經關閉，或者已經配置為許可 Sophos 安裝程式執行。

1.使用 Sophos 或您系統管理員所提供的網頁位址與下載憑證，並前往 Sophos網站，為您使用的Windows 系統版本下載獨立電腦安裝程式至您的電腦上。

TABLE OF CONTENTS INTRODUCTION (2)INSTALLATION (3)Setup (3)Enclosure Assembly for Stand Alone Final Filters (6)Door Installation (6)Enclosure Anchoring (7)Ducting a Stand Alone Final Filter (7)Filter Cartridge Installation (8)Cartridge Support Installation (9)Compressed Air Supply (10)Electrical Connections (10)The Wiring Process (10)Choosing the Correct Wiring Procedure (11)Wiring from the Timer Board to the Solenoid (11)Photohelic Connections (11)Initial Checks (12)OPERATION (13)Electrical Settings (13)Solenoid Sequence Setup (13)Selector and Push Button Switch Operation (13)Startup (13)MAINTENANCE (15)Periodic Maintenance Schedule (15)Filter Cartridge Replacement (15)SPARE PARTS LISTING (17)INTRODUCTIONThe Osprey Final Filter is designed to enhance the filtering capacity of the Osprey Drum Filter or Phoenix TM Filter System. The purpose is to filter fine particulate material from an air stream. The filter cartridges remove 99.95% of particulate matter down to 1 micron. Clean air can be exhausted into manufacturing plant, atmosphere, or temperature control system.The Final Filter uses a long lasting, fiber resistant cartridge design. This allows easy installation, low maintenance, and automatic pulsejet cleaning.This manual was written for the Osprey Final Filter and is applicable to all sizes of the Osprey Final Filter. Drawings in this manual apply to the base model unless otherwise noted.This manual is divided into five sections:1) Introduction2) Installation and Start-up3) Operation4) Maintenance5) Spare Parts ListingSafety information and information of special note are included throughout the manual. Four different types of notes are used in this manual and appear as shown.is used to prevent personnel injury.-WARNING-is used to prevent personnel injury.is used to prevent machine damage.-CAUTION-is used to prevent machine damage.is used to show information that is necessary to insure proper installationmation that is necessary to insure proper installation -IMPORTANT-is used to show inforand operation.and operation.is used to provide information of special interest.-NOTE-is used to provide information of special interest.INSTALLATIONSetupFirst, check the crates shipped against the shipping list to identify missing or damaged parts. Follow the instructions in the bulletin titled “What to do if your shipment is damaged, lost, or stolen!” located in the Osprey job manual shipped with the equipment, if applicable. If all is well, uncrate the Final Filter and gather the parts near, but not on, the planned erection site. Before beginning installation, go over the assembly drawings (included in the Osprey job manual shipped with the equipment) to become familiar with the components that will require assembly. Also, read the Drum Filter (or Phoenix TM Filter) Installation and Operation Manual completely. Install the drum filter and begin installation of the enclosure before installing the Final Filter. Assembly of the Final Filter section is best done while installing the drum filter enclosure. Use Figure 1 and the assembly drawings specific to your equipment (included in the Osprey job manual) as a guide throughout this installation. If you have purchased a stand alone Final Filter, assemble the filter enclosure following the section labeled “Enclosure Assembly for Stand Alone Final Filters”.Assemble the drum enclosure except for the roof and front wall where the main system fan isFigure 1 Osprey Final Filter overall layout.Assemble the tubesheet panels intheir proper placein the samemanner as theenclosure wallpanels wereinstalled. Also,install the tubesheet-flashingpanel at this time.Be sure to placesilicone (includedin shipment)between allmating panelflanges.See Figures 2 and3 for examples.Figure 2 Assembled tube sheet panels and tube sheet flashing, as viewed through the drum plenum wall.Figure 3 Assembled tube sheet panels and tube sheet flashing from a stand alone Final Filter.Figure 4 Manifolds installed on manifold mounts.Bolt on the enclosure roof panels at this time. This will steady the tube sheet panels for the rest of the installation.Bolt the manifold mounts into their proper position, aligning the holes on its flange with the row of holes down the center of the tube sheet panels. Use 3/8"-16 wiz bolts and nuts to bolt it.Locate the manifold mount braces and bolt them to the tube sheet panels and to the manifold mounts using 3/8"-16 wiz bolts and nuts.Now, find the air manifolds. The air manifolds come preassembled with the diaphragm valves, solenoid valves, and air hoses. Secure them to the manifold mount braces installed earlier using 3/8"-16 x 1 1/4" bolts, 3/8" washers and lock washers, and 3/8"-16 nuts.When the manifolds are installed, install the manifold stiffeners. These keep movement and vibration of the manifolds to a minimum when the diaphragm valves are activated and the filter cartridges are pulse cleaned.-NOTE- Hardware may differ for someassemblies. Check the assemblydrawings shipped with theequipment for proper mountinghardware.hardware.-WARNING-Do not damage Do not damagethe air hoses the air hoseswhen installing when installingthe manifolds the manifoldsand manifold and manifoldstiffeners.stiffeners.Figure 4 shows an installation of the tubesheet panels, manifold mounts and brackets,the manifolds, and the manifold stiffeners.-NOTE-Act Actual assemblies may ual assemblies may ual assemblies maydiffer from figures differ from figuresused in this manual. used in this manual.Consult the assembly Consult the assemblydrawings shipped with drawings shipped withthe equipment for the equipment for details.details.Figure 5 Stand Alone Final Filter Enclosure (partiallyassembled).Enclosure Assembly for Stand Alone Final FiltersDetermine component/equipment arrangement and establish critical locations for major items and mark on floor in appropriate manner (chalk line). Consult customer and/or Osprey drawings for details (Footprint drawings are available from Osprey).-IMPORTANT- Some panels are not interchangeable. Compare the tags located on the top ofeach panel with the enclosure assembly drawing(s) included in the blue jobmanual shipped with the equipment.Assemble the front wall by first laying two panels on the ground and putting a bead of silicone (supplied by Osprey) on the end flanges of the two mating wall panels to ensure an airtight seal. Bolt the two flanges together using 3/8"-16 wiz nut and bolts supplied with the equipment. When the wall is assembled, raise it into place keeping it aligned with the mark that was make on the floor earlier. Anchor the wall to the foundation by drilling through every other hole in the bottom flanges of each panel and securing with an appropriate fastener (not supplied by Osprey). Figures 2 and 5 show a stand-alone Final Filter being assembled.together. In addition, the enclosure panels must level and plumb to insure proper fit, so shim necessary.-NOTE- Do not anchor these panels to foundation at this time. assembly is complete.wall panels are installed to ease installation.Door InstallationSilicone ends of wall panels making up door opening.Place preassembled door and frame in the panel openingand secure in place. Match drill all four corners of doorand frame assembly with the enclosure panel flanges andbolt in place utilizing the standard hardware kit.Figure 6 Door installation.Figure 7 Ducting to an Osprey Stand Alone Final Filter.Enclosure AnchoringWhen all the enclosure panels and doors are in place, tighten all screws holding enclosure panels together. Install any bolts not present in wall panels and roof panels. Check enclosure to make sure it is level and square. Shim where necessary by using wood or metal shims of appropriate thickness. Anchor enclosure to floor by drilling through holes in bottom flange of wall panels. Typical anchors used are 3/8" x 3" bolts or studs for concrete floors, 3/8" x 3" lag bolts for wooden floors or 3/8" hex bolts with nuts for steel plate or drilled and tapped holes. These items are not furnished by Osprey. These fasteners must be furnished by others or by Osprey at additional expense with prior notification of mounting surface specifications.Ducting a Stand Alone Final FilterStand Alone Final Filters may come with flanges or attachment points for ducting specified by the customer. If this is the case, attaching ducts to the Final Filter enclosure is as simple as aligning the duct flange with the corresponding flange on the enclosure then bolt the two together.If no attachment points are present, holes may be cut in the enclosure wall panels and roof panels to bolt ducting to the filter. Avoid directing airflow directly into a filter cartridge as this may reduce the life of the cartridge. Place ducting so air flow is parallel with the direction of the filter cartridges.All ducts must be properly supported by means other than the bolts holding them to the Final Filter enclosure (Figure 7). Please read the “Design Standards for Ducting Osprey Equipment” paper located in the Osprey job manual. This paper gives guidelines for material and size of ducts in relation to air flow volume and velocity.Filter Cartridge InstallationThe number of filter cartridges included with each Osprey Final Filter is determined by the volume of air passing through the filter and the speed of the airflow. There may be just a single cartridge for each opening in the tube sheet panels, or two cartridges may be installed end to end to provide desirable air flow characteristics.In each case, install the cartridges starting at the top of the tube sheet panel. Work across and then down to provide best access.Figure 8 illustrates the installation of a single cartridge. The parts needed for this are:1. Filter cartridge2. Single length crank3. Metal backed rubber washer4. Filter cartridge end cap5. ½ "-13 square nut6. ½ "-13 jam nutFirst, place the end cap on the end of the filter cartridge (not the end with the rubber seal). Slide the rubber washer on the crank, metal side first. This will ensure an airtight seal between the washer and the cartridge end cap.Put the straight end of the crank through the hole in the cartridge end cap, through the cartridge, then into the hole located in the tube sheet panel. Put the jam nut and square on the end of the crank handle. Turn the crank handle to secure the filter cartridges to the tube sheet panel.-IMPORTANT-Do not over tighten the crank handles, as it may cause damage to the seal.Figure 8 Single filter cartridge installation.Double cartridge installation is similar to the single cartridge installation. The only differences are that there are two cartridges on a longer crank, with a spider in between the cartridges for support. Figure 9 illustrates this.Figure 9 Double filter cartridge installation.Cartridge Support InstallationSome Osprey Final Filters come with a support structure for the filter cartridges. Installation of this support assembly is straightforward. Bolt the cross arms to the vertical support, and place this behind the filter cartridges so that the cranks holding the cartridges in place rest in the slots in the cross arm. When in place, drill holes through the bottom feet of the vertical supports into the foundation. Anchor into place with fasteners suitable for the foundation material. Drill holes through the top feet into the roof panels and bolt in place. Figure 10 below shows a double cartridge final filter with a cartridge support assembly.Figure 10 Double cartridges with cartridge support assembly.C ompressed Air Supply-CAUTION-Purge air lines to remove debris before connecting to air manifold. Purge air lines to remove debris before connecting to air manifold.Remove the plastic pipe cap from the end of the air manifold and connect the air supply line. Osprey recommends an air supply pressure between 80psi and 100psi, with 90psi the optimum pressure. 2.1scfm is required for systems with ¾” [20mm] diaphragm valves and 3.4scfm is required for systems with 1” [25mm] diaphragm valves. 1" NPT connections for air supply lines are located at each end of the air manifold(s). Use Teflon tape on all threaded air connections.Osprey recommends additionalcomponents installed on the compressedair supply to the final filter manifolds.These components are not supplied byOsprey as part of the base model.A lock out shut-off air valve (bleedtype), bleed type regulator and gauge,filter, and automatic condensate valveshould be installed to the air supply line.These components should preferably be located in the building for convenientservice and startup/shutdown of the unit. Figure 11 illustrates an example arrangementof these components.-NOTE- It is important It is important that the air supply be oil and moisture free. Contamination in the that the air supply be oil and moisture free. Contamination in theair used to clean filter elements will result in poor cleaning and loss inperformance.performance.Electrical Connections-NOTE- All electrical work must be done by All electrical work must be done by a qualified electrician and according to local a qualified electrician and according to localcodes.codes.Electrical control panels are built by Osprey at world voltages. All electrical schematics and panel layouts are enclosed in the panel at time of shipping. Another copy is included in the Osprey Job Manual sent with the equipment.Determine the power requirements of the Final Filter.The Wiring ProcessFor Final Filters, the wiring process begins with the Control Panel. The Control Panel should be situated as close as possible to the filters in order for controls and wiring to be highly accessible.Figure 11 Compressed air supply components.Choosing the Correct Wiring ProcedureThe wiring procedure between the Control Panel and the Final Filter manifolds may be accomplished in various ways. Osprey suggests a single EMT or Sealtight from the Control Panel to each manifold bank. This depends on the size of the Final Filter and implies that anywhere from two (2) to seven (7) runs between the Final Filter and the Control Panel would be needed.A second suggestion would be to run a sufficiently larger EMT from the Control Panel to a junction box located within the Final Filter. (From the junction box, single runs of Sealtight can be wired to each Solenoid junction box as needed.)Wiring from the Timer Board to the SolenoidNotice as the wiring from the solenoids to the timer boards is being done, that there will be occasions where two (2) solenoids are wired on one (1) output terminal, which is located on the timer boards. This doubling up of solenoids on the timer board outputs may be randomly wired through the terminals. Doubling up is executed to guarantee that each solenoid is wired back to the timer boards. When wiring two solenoids from one output terminal on the timer boards, observe that the solenoids are located on different manifolds. This is to insure proper function of the air valve and air pressure. The cleaning process entails sequential operation of each individual manifold firing independently. When initial wiring takes place, consider the order of the cleaning procedure: The system begins at the top of the manifold, travels across, and downward to the next manifold. The beginning of the following cleaning series originates at the first manifold once again. This method always progresses from top to bottom, repeatedly. Photohelic ConnectionsInstall the pressure taps for the pressure gauge(s) by drilling holes in the proper location in the filter enclosure. These locations will depend on which pressure or differential pressure is being measured. Place the threaded end of thebarb fitting through the hole from theoutside of the filter enclosure.Tighten a nut on the fitting from inside theenclosure. Attach one end of tubing to thebarb fitting and the other end to theappropriate pressure gage connection.Make sure that the tubing is fitted tightlyon the barb fitting to prevent unexpectedslipping. Double check the tubingconnection to make sure each tube connects to the filter enclosure in the proper location. Figure 12Installing taps for pressure gauges.Initial Checks7. Check all fasteners to that they are properly tightened.8. Check all electrical connections.9. Check compressed air supply connections.10. Check filter cartridges, making sure they are properly sealed against tube sheet panels.11. Check all access doors, hatches, etc., to make sure that they are closed and properly secured.OPERATIONElectrical SettingsSolenoid Sequence SetupThe timing setup between the firing of each solenoid, or pair of solenoids, should be set at ten (10) seconds for the off time. The on time setting is 0.1 second. This allows the manifold to recharge with air for the next solenoid firing.Selector and Push Button Switch OperationThe Off-ON switch when turned to the on position will allow the final filter to start operating; this is indicated by the amper Filter On light.The Photo-Timer selector switch is used as follows.PHOTO When the switch is on Photo, the final filter is controlled by the Photohelic Gauge that is monitoring the final filter pressure, when the pressure exceeds the Photohelic preset high pressure. The Final Filter will go thru a cleaning cycle until the pressure drops below the preset low pressure setting on the photohelic and then will stop.Continuous Cycle Timer In the Timer position the continuous cycle timer controls the duration that the Final Filter is cycling On and OFF, example: 5 minutes on and 15 minutes off. When the cleaning process is in the off time and if the preset high pressure is reached the cleaning process will begin and the photohelic gauge will override the timer OFF sequence. The cleaning process will continue until the low pressure preset is reached and then turn off.CYCLE Pressing the cycle push-button allows the Final Filter to cycle thru one complete cycle and turn off. Cycle time should be set to the length of time it takes to complete one cleaning cycle.StartupFirst, turn on the air supply to the air manifold and adjust the pressure from 80 psig to 100 psig. Experience indicates 90 psig to be the typical setting for satisfactory cleaning performance.Now, turn the switch on the electrical panel to ON .Compressed air is specified at a pressure of 90 psig. The control timer is factory set to clean a segment of elements every 10 seconds. The control timer is factory set for a pulse width of 1/10 sec. These are the recommended operating specifications.Adjustments other than these specified may result in poor cleaning performance or degradation of the cartridge filter. Additional cleaning energy may be obtained by adjusting the pressure to a maximum of 100 psig.DO NOT increase air pressure beyond 100 psig or damage to the filter -WARNING-aircartridges may result.cartridges may result.The filter cleaning proceeds horizontally by rows and from left to right when facing the filter clean air discharge.MAINTENANCEPeriodic Maintenance ScheduleThe following is a recommended maintenance cycle for the Final Filter.Time Period ActionsEvery month Check for cartridge damage and air leaks. Replace as necessary.Check air supply line for leaks and correct pressure.Every 3 months Run a full cartridge purge cycle (described below).Remove dust buildup on filter floor.Every year Tighten all fasteners as needed.Turn Final Filter off and lock out electrical power, along with stopping airtopping air -WARNING-Turn Final Filter off and lock out electrical power, along with sflow, before entering Final Filter.flow, before entering Final Filter.-WARNING-Always wear dust mask over mouth and nose along with eye protectionwhen entering the Final Filter cartridge chamber.when entering the Final Filter cartridge chamber.Dust will build up on the floor of the filter cartridge section. This will need to be removed periodically. The time period between cleaning will differ from process to process and will depend on the type and amount of material being handled. Osprey recommends that the material be gently swept or vacuumed from the floor. This is to prevent inhalation of airborne particles.A door is located on the side of the filter enclosure for easy access.-WARNING-Do NOT use compressed air to blow out the accumulated material on theFinal Filter floor.Final Filter floor.Every 3 months, a full cartridge purge cycle is recommended. Begin by stopping all airflow through the filter. When airflow ceases, turn the selector switch on the control panel to CYCLE or by pushing the CYCLE push-button. This allows the Final Filter to cycle thru one (or more) complete cleaning cycle(s) and let the material fall to the floor. Let the material settle to the floor before starting air flowing through the filter. For convenience, these full cartridge purge cycles should be scheduled just before the dust buildup on the floor is cleaned.Filter Cartridge ReplacementWhen a filter cartridge is damaged or too worn to continue in service, it needs to be replaced.15 -WARNING-Turn Final Filter off and lock out electrical power, along with stopping air flow, before entering Final Filter. flow, before entering Final Filter.-WARNING-Always wear dust mask over mouth and nose along with eye protection when e when entering the Final Filter cartridge chamber.ntering the Final Filter cartridge chamber.ntering the Final Filter cartridge chamber.Enter the Final Filter through the door on the enclosure. Locate the filter cartridge to be replaced. Remove the cartridge by turning the crank handle counter-clockwise and pulling the crank handle from the end of the cartridge. Place a new filter cartridge in place, insert the crank handle and rubber washer, and then tighten. See Figures 8 and 9, and the section titled Filter Cartridge Installation for more information.-IMPORTANT- Do not over tighten the crank handles, as it may cause damage to the seal.Do not over tighten the crank handles, as it may cause damage to the seal.SPARE PARTS LISTINGWhen ordering parts for your Final Filter. ALL of the following information must be included. If you are ordering by phone, be sure to have this information available when you place the call.1.) Part number2.) COMPLETE description of the part3.) Product model number - this is ESSENTIAL4.) Product serial number5.) Quantity needed6.) Length, size, color - where applicable7.) Voltage, RPM, cycle (hertz), ratios, shaft size, etc.8.) Shipping address and method9.) Customer order numberConsult the spare parts quote that shipped with the Final Filter for specific information on various parts. Contact Osprey Parts Department to place orders.。

Operating Instructions XG 86(w) Rev. 1ForewordWe are pleased to welcome you as a new customer of our Sophos XG appliances.To install and configure the hardware appliance you can use the following documents:ÌHardware Quick Start Guide: Connection to thesystem peripherals in a few stepsÌOperating Instructions: Notes on the security andcommissioning of the hardware applianceÌAdministration Guide: Installing and configuring the software applianceThe Hardware Quick Start Guide and the Safety Instructions are also deliveredin printed form together with the hardware appliance. The instructions must be read carefully prior to using the hardware and should be kept in a safe place.You may download all user manuals and additional documentation from the support webpage at: /supportSecurity SymbolsThe following symbol and its meaning appears in the Hardware Quick Start Guide, Safety Instructions and in these Operating Instructions.Caution and Important Note. If these notes are not correctly observed:ÌThis is dangerous to life and the environmentÌThe appliance may be damagedÌThe functions of the appliance will be no longer guaranteedÌSophos shall not be liable for damages arising from afailure to comply with the Safety InstructionsDesigned UseThe hardware appliances are developed for use in networks. The XG 86(w) models may be operated as a standalone appliance. The hardware appliance can be used in commercial, industrial and residential environments.The XG 86(w) models belongs to the appliance group B.The hardware appliance must be installed pursuant to the current installation notes. Otherwise failure-free and safe operation cannot be guaranteed. The EU declaration of conformity is available at the following address:Sophos Technology GmbHAmalienbadstr. 41/Bau 5276227 KarlsruheGermanyCE Labeling, FCC and ApprovalsThe XG 86(w) appliance comply with CB, CE, FCC Class B, ISED, VCCI, RCM, UL, CCC, and BIS.Important Note: For computer systems to remain CE and FCC compliant, only CE and FCC compliant parts may be used. Maintaining CE and FCC compliance also requires proper cable and cabling techniques.Operating Elements and Connections XG 86(w)*(Rev. 1)Status LEDs (w-model has additional Wi-Fi LED)XG 86(w)* (Rev.1) 4 x GbE copper port 1 x Micro USB 2 x USB 2.0 2 x external antenna (XG 86w only)1 x COM (RJ45)Power SupplyLED StatusSpeed (Right LED)Amber On The Ethernet port is operating at 1,000 Mbps.Green On The Ethernet port is operating at 100 Mbps.Off The Ethernet port is operating at 10 Mbps.* The displayed front image is of the XG 86 device. The displayed back image is of the XG 86w device. Devices may vary slightly.Putting into OperationCaution: Risk of explosion if battery is replaced by an incorrect type. Dispose of used batteries according to the instructions.Scope of SupplyThe supplied parts are indicated in the Hardware Quick Start Guide.Mounting InstructionsThe XG 86 appliance can be placed on a stable horizontal surface or can be mounted to a rack or you can hang it on the wall by using the optionally available rackmount kit.Warnings and PrecautionsThe appliance can be operated safely if you observe the following notes and the notes on the appliance itself.Rack PrecautionsÌEnsure that the leveling jacks on the bottom of the rack are fullyextended to the floor with the full weight of the rack resting on them.ÌIn single rack installation, stabilizers should be attached to the rack.ÌIn multiple rack installations, the racks should be coupled together.ÌAlways make sure the rack is stable beforeextending a component from the rack.ÌYou should extend only one component at a time—extending two ormore simultaneously may cause the rack to become unstable.General Server PrecautionsÌReview the electrical and general safety precautions that camewith the components you are adding to your appliance.ÌDetermine the placement of each component inthe rack before you install the rails.ÌInstall the heaviest server components on thebottom of the rack first, and then work up.ÌAllow the hot plug hard drives and power supplymodules to cool before touching them.ÌAlways keep the rack‘s front door, all panels and server componentsclosed when not servicing to maintain proper cooling.Rack Mounting ConsiderationsÌAmbient operating temperature: If installed in a closed or multiunit rackassembly, the ambient operating temperature of the rack environmentmay be greater than the ambient temperature of the room. Therefore,you should install the equipment in an environment compatiblewith the manufacturer’s maximum rated ambient temperature.ÌReduced airflow: Equipment should be mounted intoa rack with sufficient airflow to allow cooling.ÌMechanical loading: Equipment should be mounted into a rack so that ahazardous condition does not arise due to uneven mechanical loading.ÌCircuit overloading: Consideration should be given to the connectionof the equipment to the power supply circuitry and the effect that anypossible overloading of circuits might have on overcurrent protectionand power supply wiring. Appropriate consideration of equipmentnameplate ratings should be used when addressing this concern.ÌReliable ground: Reliable grounding must be maintained at all times.To ensure this, the rack itself should be grounded. Particular attentionshould be given to power supply connections other than the directconnections to the branch circuit (i.e., the use of power strips, etc.). Connection and ConfigurationHow to connect the appliance is described in the Hardware Quick Start Guide. For configuration you can follow the initial setup wizard described in the Web Admin Quick Start Guide or cancel it and perform a manual setup (see the Sophos XG Firewall Administrator Guide).Serial ConsoleYou can connect a serial console to either of the COM ports of the Sophos XG Firewall hardware appliances. You can use, for instance, the Hyperterminal terminal program which is included with most versions of Microsoft Windowsto log on to the appliance console. Use an RJ45 to DB9 adapter cable or the provided USB cable to connect the console to your hardware appliance.The required connection settings are:ÌBits per second: 38,400ÌData bits: 8ÌParity: N (none)ÌStop bits: 1Access via the serial console is activated by default on ttyS1. The connections of the appliances and the respective functionality are listed in chapter “Operating Elements and Connections.”United Kingdom and Worldwide Sales Tel: +44 (0)8447 671131Email:****************North American SalesToll Free: 1-866-866-2802Email:******************Australia and New Zealand SalesTel: +61 2 9409 9100Email:****************.auAsia SalesTel: +65 62244168Email:********************© Copyright 2018. Sophos Ltd. All rights reserved.Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.。

ContentsIntroduction (1)Installation procedure (2)Configuring XG Firewall (4)Activation and Registration (4)Basic Configuration (4)Legal notices (8)Sophos XG Firewall Virtual Appliance1 IntroductionWelcome to the Getting Started guide for Sophos XG Firewall Virtual Appliance (referred to in this document as “XG Firewall”) for VMware ESX/ESXi platform. This guide describes how you can download, deploy and run XG Firewall as a virtual machine on VMware ESX/ESXi.Minimum hardware requirement1.One vCPU2.2GB vRAM3. 2 vNIC4.Primary Disk with a minimum of 4 GB space5.Report Disk with a minimum of 80 GB spaceNoteSFOS 17 supports hard drives with a maximum of 512 GB.XG Firewall will go into fail-safe mode if the minimum requirements are not met.NoteTo optimize the performance of your XG Firewall, configure vCPU and vRAM according to the license you have purchased. When configuring a number of vCPUs, make sure that you do not exceed the maximum number specified in your license.Sophos XG Firewall Virtual Appliance2 Installation procedureMake sure that VMware ESX/ESXi version 5.0 or later is installed in your network. For VMware ESX/ ESXi installation instructions, refer to the VMware documentation /support/ pubs/vsphere-esxi-vcenter-server-pubs.html.You need to:1.Download and extract the OVF image2.Access the ESX/ESXi Host via vSphere Client3.Deploy the OVF Template4.Power on1.Download the .zip file containing the OVF image from https://secure/en-us/products/next-gen-firewall/free-trial.aspx and save it.2.Log in to the ESX/ESXi host server on which you want to deploy the OVF template throughVMware vSphere Client.NoteIn this guide, we are using VMware vSphere client to connect to the ESX/ESXi host server onwhich the OVF template is to be deployed.a)Go to File > Deploy OVF Template to open the downloaded .ovf file in the vSphere Client.b)Select the sf_virtual file and click Open.3.To deploy the OVF template:a)Select the location of the .ovf file for XG Firewall and click Next to continue.Sophos XG Firewall Virtual Applianceb)Verify the OVF template details and click Next to continue.c)Specify a name and location for the OVF template to be deployed and click Next to continue.d)Select the host/cluster within which you want to deploy the OVF template and click Next tocontinue.NoteHere, we are deploying the OVF template on a single/standalone server. The configurationmay be different in a cluster environment.e)Select the format in which you want to store the virtual disks from the available options:Thin Provision: It uses the minimum required space for the OVF template, saving the restfor other use.Thick Provision: It uses the entire allotted virtual disk for OVF template installation, wipingout additional data on the disk.In case of VMware ESXi 5.0 or later, three storage options are available: Thin Provision,Thick Provision Lazy Zeroed and Thick Provision Eager Zeroed. For more information,refer to /.f)Click Next to continue.g)Select the networks to be used by the OVF template and click Next to continue.h)Verify the deployment settings for the OVF Template and click Finish to initiate the deploymentprocess of XG Firewall.This installs XG Firewall on your machine.4.Right-click the deployed XG Firewall and go to Power > Power On.a)Enter the administrator password: ‘admin’ to continue to the Main Menu.Sophos XG Firewall Virtual Appliance3 Configuring XG Firewall1.Browse to "https://172.16.16.16" from the management computer.2.Click Start to begin the wizard and follow the on-screen instructions.NoteThe wizard will not start if you have changed the default administrator password from theconsole.3.1 Activation and Registration1.Review and accept the License Agreement. You must accept the Sophos End User LicenseAgreement (EULA) to proceed further.2.Register Your Firewall. Enter the serial number, if you have it. You can also use your UTM 9license if you are migrating.Otherwise, you can skip registration for 30 days or start a free trial.a)You will be redirected to the MySophos portal website. If you already have a MySophosaccount, specify your sign-in credentials under “Login”. If you are a new user, sign up for aMySophos account by filling in the details under “Create Sophos ID”.b)Complete the registration process.Post successful registration of the device, the license is synchronized and the basic setup is done.3.Finish the basic setup. Click Continue and complete the configurations through the wizard. Whenyou finish the process, the Network Security Control Center appears.You can now use the navigation pane to the left to navigate and configure further settings.3.2 Basic ConfigurationYou can:1.Set up Interfaces2.Create Zones3.Create Firewall Rules4.Set up a Wireless Network1.To set up interfaces:a)You can add network interfaces and RED connections in the Configure > Network >Interfaces menu.b)You can add wireless networks in the Protect > Wireless > Wireless Networks menu.SSIDs will also be shown in the interfaces menu once created.c)You can add access points in Protect > Wireless > Access Points.Sophos XG Firewall Virtual ApplianceSophos XG Firewall Virtual ApplianceYou can see both these wireless networks in Protect > Network > Wireless Networks.e)Go to Protect > Wireless > Access Point Groups.f)Click Add to add a new access point group.g)Add both the wireless networks, and the new access point.If new APs have been installed, you can view these in Control Center.h)Click the pending APs to accept the new access points.i)Configure the settings of the new APs as shown in the image.Sophos XG Firewall Virtual Appliancej)Click Save.Sophos XG Firewall Virtual Appliance4 Legal noticesCopyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.Sophos, Sophos Anti-Virus and SafeGuard are registered trademarks of Sophos Limited, Sophos Group and Utimaco Safeware AG, as applicable. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.Copyright © 2020 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group.All other product and company names mentioned are trademarks or registered trademarks of their respective owners.。

Quick Start Guide SG 105/115/125/1351. PreparationCongratulations on your purchase of the Sophos SG appliance to protect your data networks and computers. This Quick Start Guide describes in short steps how to assemble the appliance and explains how to open the web-based WebAdmin configuration tool on the security system from your administration client PC. WebAdmin allows you to configure every aspect of the security system.Scope of SupplyLicenseThe security appliances are delivered with a 30-day trial version. During or after thetrial period, you can activate the full license you purchased from your Sophos partner by creating an account at https://, activating the provided activation and upgrade keys, and uploading the created license file into your appliance.Support & DocumentationFor more information and technical support please visit /en-us/support or contact your local reseller.Before you begin pleaseconfirm that you have a workingInternet connection and makesure you have the accountinformation available that wasprovided by your ISP.SG 105/115/125/135RJ45 to DB9 adapter cable RJ45 Ethernet cable, 1 power cable SG 105/115/125/135Power Supply2. Mount and connect the device Connect the ports to the internal and external networks.1) C onnect the eth0/LAN port via a hub or switch to the internal network. For this purpose, please use the RJ45 Ethernet cable of the scope of supply. Note that your administration client PC must also be connected to this network.2) C onnect the eth1/WAN to the external network. The connection to the WAN depends on the type of Internet access. The UTM appliances are shipped with the following default settings:Internal network card (eth0)IP address: 192.168.0.1Network mask: 255.255.255.0Default gateway: None DNS proxy: Enabled Firewall: Block all DHCP service: Disabled Mount the appliance to a rack If you want to mount the appliance within a rack please use the optionally available rackmount kit for this device* Available via WebAdmin >> Support >> Manual 3. Power it onConnect the appliance to the power socket and turn it on Connect the appliance to the power supply using the power cable from the scope of supply. Turn the appliance on. The power switch is on the back side of the housing next to the power supply plug. Once the security system has booted completely, you’ll hear an acoustic signal: five beeps in a row.4. Configure the device Use your browser to make the initial connection to the WebAdmin GUI You will need to configure a workstation with the necessary LAN properties to access WebAdmin. You can change these settings later to match your existing network. The location of the menu for these settings depends on the operating system of your client. Example: With Windows 7, the menu can be found under Start >> Control Panel >> Network and Sharing Center Start the browser and enter the management IP address of the appliance: https://192.168.0.1:4444 Accept the security notice by clicking OK (Mozilla Firefox) or Yes (MS Internet Explorer). For configuration you can follow the initial setup wizard described in the WebAdmin Quick Start Guide** or cancel it and perform a manual setup (see the UTM Administration Guide*).Workstation connection properties:IP address: Any address in the range192.168.0.2 through 192.168.0.254Netmask: Enter 255.255.255.0Standard gateway: Enter the IP address ofthe appliance’s internal network card(eth0/LAN): 192.168.0.1DNS server: Enable this option and enterthe IP address of the internal network card(eth0/LAN): 192.168.0.1Power switch1. VorbereitungWir beglückwünschen Sie zum Kauf einer SG Appliance zum Schutz Ihres Netzwerkes und Ihrer Computer. Dieser Quick Start Guide beschreibt in kurzen Schritten den Aufbau der Appliance sowie den Zugang zum web-basierten Konfigurationstool WebAdmin von ihrem Administrations-PC.LieferumfangLizenzDie Sicherheits-Appliances werden mit einer 30 Tage gültigen Testversion ausgeliefert. Während oder nach der Probezeit können Sie die Lizenz, die Sie von Ihrem SophosPartner erworben haben, aktivieren. Legen Sie hierzu unter https:// ein Benutzerkonto an, erzeugen Sie mit dem erhaltenen Aktivierungs-Schlüssel Ihre Lizenzdatei und laden Sie diese in die Appliance hoch.Support & DocumentationWeitere Information und technischen Support finden Sie unter /de-de/support oder kontaktieren Sie Ihren lokalen Sophos Partner.Bevor Sie beginnen, stellen Sie bittesicher, dass Sie eine funktions-bereite Internetverbindung sowiedie Zugangsinformationen Ihres ISPzur Verfügung haben.SG 105/115/125/135RJ45 zu DB9 Adapterkabel RJ45 Ethernetkabel,1 StromkabelSG 105/115/125/135Netzteil2. Montieren und Verbindung herstellen Verbinden Sie die Ports zum internen und externen Netzwerk.1) V erbinden Sie den eth0/LAN-Anschluss einen Hub oder Switch mit dem internen Netzwerk. Verwenden Sie hier hierfür das mitgelieferte RJ45-Ethernetkabel. Beachten Sie, dass Ihr Administrations-PC ebenfalls an diesem Netzwerk angeschlossen sein muss.2) V erbinden Sie eth1/WAN-Anschluss mit dem externen Netzwerk. Die Art der Verbindung hängt von Ihrem Internetanschluss ab.UTM Appliances werden mit folgenden Standardeinstellungen ausgeliefert: Internal network card (eth0/LAN) IP address: 192.168.0.1 Network mask: 255.255.255.0 Default gateway: None DNS proxy: Enabled Firewall: Block all DHCP service: Disabled Montieren der Appliance in einem Rack.Falls Sie die Appliance in einem Rack montieren möchten verwenden Sie bitte das hierfür optional erhältliche Rackmount Kit.3. Gerät anschalten Verbinden Sie die Appliance mit der Netzsteckdose und schalten Sie sie ein Benutzen Sie für den Netzanschluss die mitgelieferten Netzteil.Schalten Sie die Appliance ein. Die Netzschalter befinden sich auf der Rückseite neben dem Netzanschluss. Sobald das System komplett gebootet hat, hören Sie fünf Pieptöne nacheinander.4. Konfiguration Starten Sie Ihren Browser für den Zugriff auf die WebAdmin-Oberfläche Sie müssen die LAN-Einstellungen Ihres PCs evtl. temporär ändern, um auf den WebAdmin zugreifen zu können. Diese können später wieder geändert werden. Die Einstellungen variieren je nach Betriebssystem.Beispiel: Mit Windows 7 finden Sie das Menü unter Start > Systemsteuerung > Netzwerk und Freigabecenter Starten Sie danach den Browser und geben Sie die IP Adresse der Appliance ein: https://192.168.0.1:4444Akzeptieren Sie die Sicherheitswarnung durch Klicken auf OK (Mozilla Firefox) oder JA (MS Internet Explorer).Die initiale Konfiguration können Sie per Setup Wizard (beschrieben im WebAdmin Quick Start Guide**) oder manuell durchführen (siehe UTM Administration Guide*).Workstation LAN-EigenschaftenIP Adresse: Beliebige Adresse zwischen192.168.0.2 und 192.168.0.254Netzmaske: 255.255.255.0Standard Gateway: IP Adresse derAppliance internal network card (eth0/LAN):192.168.0.1DNS Server: Aktivieren Sie diese Optionund geben Sie die IP Adresse der internalnetwork card (eth0/LAN) ein: 192.168.0.1Netzschalter1.准备工作恭喜您购买 Sophos SG 设备来保护您的数据网络和计算机。

5.22015 3目录1 关于本指南 (4)2 安装什么 (4)3 哪些是主要步骤 (5)4 下载 Enterprise Console 安装程序 (6)5 检查系统要求 (6)5.1 硬件和操作系统 (6)5.2 Microsoft 系统软件 (7)5.3 端口要求 (7)6 您需要的帐户 (8)6.1 数据库帐户 (8)6.2 更新管理器帐户 (8)7 做好安装准备 (9)8 安装 Enterprise Console (9)9 加强数据安全 (10)10 下载保护和加密软件 (11)11 创建计算机组 (12)12 设置安全策略 (12)12.1 设置防火墙策略 (12)13 查找计算机 (13)14 保护计算机的准备 (13)14.1 删除第三方软件的准备 (14)14.2 检查您是否有可用于安装软件的帐户 (14)14.3 准备安装防病毒软件 (14)15 保护计算机 (15)15.1 自动保护Windows 计算机 (15)15.2 手动保护Windows 或 Mac 计算机 (16)15.3 保护 Linux 计算机 (17)216 在计算机上安装加密软件 (17)16.1 预订加密软件 (17)16.2 准备安装加密软件 (18)16.3 自动安装加密软件 (19)16.4 手动安装加密软件 (20)16.5 安装后首次登录 (20)17 检查网络的健康状况 (21)18 故障排除 (22)19 就通常的任务获得帮助 (22)20 技术支持 (23)21 法律声明 (23)3Sophos Enterprise Console1关于本指南本指南将告诉您怎样使用 Sophos 安全软件保护您的网络。

本指南可供您使用 如果■您是首次安装这些软件。

■您将安装保护和加密功能 加密功能是选项 。

如果您要进行升级 请参见Sophos Enterprise Console 升级指南。

您可能需要的其它文件如果您具有非常大的网络 您可能会考虑Sophos Enterprise Console 高级安装指南中说明的各种安装选项。

ContentsChange Log (3)Preface (4)Base Configuration (4)Pre-requisite (4)Installation Procedure (4)Step 1: Download and Extract QCOW2 Disks (4)Step 2: Add QEMU/KVM connection (5)Step 3: Start KVM and create new virtual machine (5)Step 4: Browse to locate the primary disk (5)Step 5: Import the primary disk (6)Step 6: Choose virtual memory and CPU for the appliance (6)Step 7: Choose the Advanced options for more settings (7)Step 8: Configure advanced settings for primary disk (7)Step 9: Add auxiliary disk (8)Step 10: Configure network settings for the appliance (8)Step 11: Configure network interface card (9)Step 12: Start the installation (10)Step 13: Accept EULA (10)Configuring XG Firewall (11)Activation and Registration (11)Step 1: License Agreement (11)Step 2: Register Your Firewall (11)Step 3: Complete basic setup (12)Basic Configuration (13)a. Setting up Interfaces (13)b. Creating Zones (14)c. Creating Firewall Rules (14)d. Setting up a Wireless Network (14)Copyright Notice (19)Change LogPrefaceThe Getting Started Guide describes how to download and deploy Sophos XG Firewall Virtual Appliance on KVM.Base ConfigurationIf the following minimum server requirements are not met, XG Firewall will go into failsafe mode:1.One vCPU2.2GB vRAM3.2 vNIC4.Primary Disk: Minimum 4GB5.Auxiliary Disk: Minimum 80GBNote: For optimal XG Firewall performance, configure vCPU and vRAM according to the license you have purchased. Do not exceed the maximum number of vCPUs specified in the license.Pre-requisite1.Make sure you have an x86 machine running a recent Linux kernel on an Intel processor with VT (virtualization technology) extensions, or an AMD processor with SVM extensions (also called AMDV).e commands given below to check if your CPU supports Intel VT or AMD-V:3.For Intel VT: grep --color vmx /proc/cpuinfo4.For AMD-V: grep --color svm /proc/cpuinfo5.Install Virtual Machine Manager (virt-manager), a desktop Graphical User Interface (GUI) application for managing Kernel Based Virtual Machines.6.For more information, refer to the FAQ section on KVM website:/page/FAQInstallation ProcedureStep 1: Download and Extract QCOW2 DisksDownload the .zip file containing the QCOW2 disk fromhttps:///en-us/products/next-gen-firewall/free-trial.aspx and save in your machine.Step 2: Add QEMU/KVM connectionOpen Virt-manager. Go to File -> Add Connection.Step 3: Start KVM and create new virtual machineIt opens New Virtual Machine Wizard.Step 4: Browse to locate the primary diskSelect location of the .qcow2 file for XG Firewall. Click Open.Step 5: Import the primary diskBrowse to the location of Primary disk. Click Forward.Step 6: Choose virtual memory and CPU for the applianceSelect vRAM as 2048 MB (recommended) or higher and CPU as 1. Click Forward.Step 7: Choose the Advanced options for more settingsSelect the options as shown in the image below. Select Customize configuration before install and click Finish. You will be redirected to the Customization configuration screen as shown in the step 8 below.Step 8: Configure advanced settings for primary diskIn Disk 1, click Advanced options and set the following:∙Disk bus: Virtio∙Storage format: qcow2Step 9: Add auxiliary diskGo to Add Hardware -> Storage.Click Select managed or other existing storage and browse to add the auxiliary disk. Click Finish.You will be redirected to the Customize configuration screen.Step 10: Configure network settings for the applianceGo to Add Hardware -> Network and configure as shown in the image below. Click Finish.You will be redirected to the Customize configuration screen.Step 11: Configure network interface cardIn Customize configuration screen, set the following for Virtual Network Interface (NIC 1):∙Device model: Hypervisor defaultIn Customize configuration screen, set the following for Virtual Network Interface (NIC 2):∙Device model: VirtioStep 12: Start the installationAfter configuring all options, click Begin Installation to start the installation.Sophos XG Firewall has been installed on your virtual machine.To continue to the Main MenuStep 13: Accept EULAConfiguring XG FirewallBrowse to https://172.16.16.16:4444 from the management computer. Click Start to begin the wizard and follow the on-screen instructions.Note: The wizard will not start if you have changed the default administrator password from the console.Activation and RegistrationStep 1: License AgreementTo proceed, you must accept the Sophos End User License Agreement (EULA).Step 2: Register Your FirewallEnter the serial number, if you have it. You can also use your UTM 9 license if you are migrating. Otherwise, you can skip registration for 30 days or start a free trial.You will be redirected to the MySophos portal website. If you already have a MySophosComplete the registration process.Step 3: Complete basic setupAfter you register the device, the license is synchronized and basic setup is complete.Click Continue and complete the configurations through the wizard. When you finish the process, the Network Security Control Center appears.You can now use the navigation pane to the left to navigate and configure further settings.Basic Configurationa.Setting up Interfaces1.Add network interfaces and RED connections: Configure > Network > Interfaces.2.Add wireless networks: Protect > Wireless > Wireless Networks. The SSIDs that you create will appear on the interfaces menu.3.Add access points: Protect > Wireless > Access Points.b.Creating ZonesZones are essential to creating firewall rules. The device provides default zones. To create custom zones, go to Configure > Network > Zones.c.Creating Firewall RulesYou can create the following types of firewall rules in Protect > Firewall > Add Firewall Rule:1.Business Application Rule: To secure a server or service, and control access to it.er/Network Rule: To control user access to web and application content, or to control traffic by source, service, destination, zone, and user.d.Setting up a Wireless NetworkTo create wireless networks from the XG Firewall Wizard, refer to theinstructions below:1.Go to Protect > Wireless > Wireless Networks.2.Click Add to add a new wireless network.3.Configure the wireless network as shown in the image.The wireless network will be added.1. Similarly, add another wireless network for guest access.You can see both wireless networks on Protect > Network > Wireless Networks .2. Go to Protect > Wireless > Access Point Groups .3. Click Add to add a new access point group.4. Add both the wireless networks, and the new access point.You can view newly-installed APs on the Control Center.5.Click the pending APs to accept the new access points.6.To configure the settings of new APs, refer to the image.7.Click Save.Copyright NoticeCopyright 2015-2017 Sophos Limited. All rights reserved.Sophos is registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.。

Sophos Endpoint Security and Control 9進階安裝指南文件日期：2009 年 12 月目錄1 關於本指南 (3)2 規劃安裝 (4)3 系統需求 (8)4 決定在何處安裝管理工具 (9)5 使用資料庫在不同的伺服器上安裝管理工具 (13)6 使用額外的更新管理員在另外的伺服器上安裝管理工具 (25)7 在網路伺服器上發佈安全防護軟體 (41)8 建立電腦群組 (42)9 設定安全策略 (43)10 尋找電腦 (46)11 防護Windows 與 Mac 電腦 (47)12 防護 Linux 電腦 (52)13 防護 NetWare 伺服器 (54)14 決定如何防護 UNIX 電腦 (56)15 使用 Sophos Anti-Virus 4 防護 UNIX 電腦 (57)16 使用 Sophos Anti-Virus 7 防護 UNIX 電腦 (59)17 檢查您網路的安全狀態 (63)18 防護獨立電腦 (64)19 技術支援 (65)20 著作權聲明 (66)2進階安裝指南1關於本指南本指南描述在複雜網路或具有超過 1000 台工作站的網路上，安裝SophosEndpoint Security and Control軟體的進階程序。

本指南涵蓋在Windows、Mac OS X、Linux、NetWare 以及 UNIX 電腦上進行進階安裝的內容。

如欲在少於 1000 台Windows 與 Mac 工作站上的簡易網路上進行安裝，請參閱Sophos Endpoint Security and Control快速安裝指南，而非參閱本指南。

如欲進行升級，請參閱Sophos Endpoint Security and Control快速升級指南或Sophos Endpoint Security and Control進階升級指南，而非參閱本指南。

Sophos 發佈於/support/docs/與 Sophos 光碟。

Sophos Endpoint Security and Control 9.5快速安装指南文档日期：2010 年 6 月目录1 关于本指南 (3)2 安装什么？ (3)3 哪些主要步骤？ (3)4 检查系统要求 (4)5 做好安装准备 (5)6 下载安装程序 (6)7 安装 Enterprise Console (6)8 下载安全软件 (7)9 安装 NAC Manager (7)10 创建计算机组 (8)11 设置安全策略 (8)12 查找计算机 (9)13 保护计算机 (9)14 检查网络的健康状况 (11)15 排疑解难 (12)16 就通常的任务获得帮助 (12)17 技术支持 (13)18 法律声明 (13)2快速安装指南1关于本指南本指南将告诉您怎样使用 Sophos 安全软件保护您的网络。

如果您是首次安装 Sophos 软件，请阅读本指南。

如果您在进行升级，请转到/support/upgrades/中的Endpoint Security and Control 9.5 Upgrade Center。

注:如果您具有大型的网络，您可能会考虑Sophos Endpoint Security and Control 高级安装指南中说明的各种安装选项。

2安装什么？您将安装两个管理工具：■Sophos Enterprise Console。

它使您能够在计算机上安装和管理安全软件。

■Sophos NAC Manager。

它使您能够使用“网络访问控制”，防止未经授权的计算机，或者，没有遵照您的安全标准的计算机，访问您的网络。

安装NAC Manager是选项。

注:您将使用不同的安装程序，分别安装这两种工具。

注:您可以在同一台服务器上同时安装这两种工具。

不过，如果您拥有超过1,000 的计算机，那么，您应该将这两种工具安装到不同的服务器上。

安装的过程是相同的。

3哪些主要步骤？您要进行这些主要步骤：■检查系统要求。

Sophos Enterprise Console 說明產品版本:5.2文件日期:2013 年 1 月目錄1 關於 Enterprise Console (3)2 Enterprise Console 介面指南 (4)3 開始操作 Sophos Enterprise Console (13)4 設定 Enterprise Console (16)5 防護電腦 (46)6 更新電腦 (60)7 配置策略 (82)8 設定警示與訊息 (185)9 檢視事件 (195)10 製作報告 (205)11 Auditing (216)12 恢復存取加密電腦 (218)13 複製或列印來自 Enterprise Console 的資料 (220)14 排疑解難 (222)15 術語彙編 (229)16 技術支援 (235)17 法律聲明 (236)2說明1關於Enterprise ConsoleSophos Enterprise Console 5.2 係一項單一、自動化的主控台，能管理、更新執行Windows、Mac OS X、Linux 與 UNIX 作業系統的電腦。

Enterprise Console使您能夠進行以下操作：■防護您的網路免於病毒、特洛伊木馬、蠕蟲、間諜程式、惡意網站、未知安全威脅，以及廣告程式或其他可能不需要應用程式的侵襲。

■可控管使用者可瀏覽的網站、進一步防護網路免於惡意程式的侵襲，並防止使用者瀏覽不當的網站。

■控管能在網路上運行的應用程式。

■在端點電腦上管理個人防火牆。

■在電腦受到許可登入網路之前，使用您先前設定的條件評估電腦的策略遵循狀況，並強制執行策略遵循狀態。

■評估電腦遺漏安裝的修補程式。

■減少意外資料遺失，例如從端點電腦意外傳輸敏感機密資料的風險。

■防止使用者在端點電腦上使用未經許可的外部儲存裝置與無線通訊技術。

■防止使用者重新配置、停用或解除安裝 Sophos 防護軟體。

■使用完整磁碟加密功能，防護端點電腦上的資料免遭未經許可的使用者存取。

Sophos ES1100Email ApplianceSetup Guide1. Preparation2. Rack Installation3. Appliance Rail Attachment4. Cabling the Appliance5. Software/Network SetupCopyright 2000-2019 Sophos Limited. All rights reserved.Sophos is a registered trademark of Sophos Limited and Sophos Group. All other product andcompany names mentioned are trademarks or registered trademarks of their respective owners.0BEnsure that the ship kit includes two power cords, the correct number ofscrews and cage nuts (pictured below), and the 19-inch and telco-style rackrail assemblies (described below).Rack screws and cage nuts (19-inch and telco-style)Both the 19-inch and telco-style rack assemblies consist of:The telco-style rack assembly consists of:19-inch and telco-style rack assemblies both include:brackets have threaded holes for securing the appliance in the rack (asshown in step 2b).Unpacking the Appliance Setup locationfloor loading capacity for the current installation and for future growth.inches) in the back of the rack to provide access to appliance componentsand allow for sufficient airflow.1. Preparationtype of installation or use is not supported.proper airflow, keep the front and back sides of the appliance clear ofappliance. Wear a wrist strap with an appropriate ground connection.safely shut down its software and the fans will stop. Remove the power cordbefore servicing the unit.protection from electrical shock. Use only mats that have been specificallydesigned as electrical insulators.grounding-type plug or by using a power outlet that is improperly grounded,can create a potentially hazardous electrical situation. Please read before proceedingappliances in a rack, make sure the overall loading for each branch circuitimproved weight distribution and easier access to appliance components.appliances closed when not servicing to maintain proper cooling.Rack and Appliance precautions2. Rack Installation1p e t SFCC Notice: This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may n ot cause harmful interference, and (2) this device must accept any interference received, including interference thatmay cause undesired operation. No Telecommunications Network Voltage (TNV)-connected PCBs shall be installed. This class A digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe A est conforme à la norme NMB-003 duCanada. CE Mark Warning: This is a Class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures. VCCI Warning: This is a product of VCCI Class A Compliance.This Sophos Appliance uses specific ports for internal and external connections. Configure your network to allow access on the ports listed below.Some ports are required only for specific situations, such as when you enable directory services, or when the appliance is part of a cluster.Step 2 - Configure the Sophos ApplianceEnvironmental WarningPerchlorate Material - special handling may apply. See /hazardouswaste/perchlorateThis notice is required by California Code of Regulations, Title 22, Division 4.5, Chapter 33: Best Management Practices forPerchlorate Materials. This product/part includes a battery that contains Perchlorate material.RatingsV: 100 - 240 VAC (auto-range)Hz: 50/60 A: 4 MaxYou can view the online documentation at /docs/seaTo launch the Sophos Appliance configuration wizard:255.255.255.0 and the IP address to 172.24.24.1https://172.24.24.172. You may need to add this address to yourbrowser's Trusted Sites. When prompted, accept the certificate.Note: On the Network Interface page of the Configuration Wizard, the Speed option is set to Auto bydefault. If selecting another setting from the drop-down list, it must match the speed of your managedswitch for the appliance to operate correctly.Note: After setup is complete, administer your appliance via a web browser athttps://<Appliance-Hostname-or-IP>:18080Activation code from SophosDefault gateway IP addressDNS servers IP addressHostnames and DNS types for internal mail delivery serversMail accepting domainsIP addresses or hostnames of mail relays allowed to relayoutbound mail through the appliance(server, port, etc)To configure the Appliance you will need the following:External connectionse s o p r u P.n n o Ce c i v r e Sn o i t c n u Ft r o PPCTHSSe c n a t s i s s ae t ome R22PCTP TMSr e f s n a r t l i aM52PCTP T THs d a o l n w o de r a w tf o S08PCTSP T THn o i t a r t s i g e R344mo c.s o h p o sd n ae c n a i l p p an e e w t e BPCTP T THk c a b d e e F44410443/443 SPX secure web portal HTTPS TCP Between appliance to internet (configurable)Internal connectionsr e v r e sP T Fd n ae c n a i l p p an e e w t e BPCTP T Fp u k c a bP T F12,02Between clustered appliancess e c n a i l p p ad e r e t s u l cn e e w t e BPCTP TMSr e f s n a r t l i aM52Between appliance and DNS serverSNMP monitoring server(s) to applianceAppliance to SNMP monitoring server(s) 389, 3268, (636, 3269) Directory services synchronization LDAP(S) TCP Between appliance and directory server443/10443 (redirect from 80) End user web quarantine HTTPS TCP Between appliance and intranet (configurable)5432Between clustered appliances18080Step 1 - Configure port accessRear connections5. Software/Network SetupPower SocketPower Supply Fan Network (1)Config (2)1. Connect power cord to the AC inlets.your LAN.3. Temporarily connect theusing either an ethernet cable or a crossovernetwork cable.4. Press the powerbutton to theright of theLEDs on thefront of the unit.ResetButtonPowerButtonPowerIndicatorHDDStatusConfigurationNetworkTemperature4. Cabling the Appliance。