Sophos XG

This document provides the steps required to configure the Sophos XG Inspector.

👍

Quick Details

Recommended Agent: Self-Managed
Supported Agents: Self-Managed
Is Auto-Discovered By: N/A
Can Auto-Discover: N/A
Parent/Child Type Inspector: No
Inspection via: API
Data Summary: Here

Overview

See it in Action

❗️

Password Requirements

Due to an issue with some Sophos XG firmware versions, the Sophos XG API will not support passwords with the following characters: #, $, or @. ! may also not be supported.

It is possible to successfully create the API user with a password with these characters. However, the API will fail when trying to use the user through the API. This is a known issue in the Sophos XG software that may be updated in the future.

Inspector Setup Preparation

Log in to the Sophos XG console

Enable API Access

  1. Navigate to System > Backup & Firmware using the left-hand menu

  1. Click on the API tab to set up API access for the Inspector
  2. Click the Enabled check box under API Configuration.
  3. Next, enter the IP address of the Agent under Allowed IP Address in the Search / Add text box. Hit the enter key to submit the IP address
  • Note: You must allow access from the appropriate source IP which can be found by navigating to Admin > Agents > Self-Managed and selecting it from the IP column.
  1. Click the Apply button.

Configure the Read-Only User

  1. Navigate to Configure > Authentication using the left-hand menu.

  1. Click on the Users tab. Click on the Add button.

  1. Fill in the Username, Name, Password, and Email as you choose. Note: The Username must not have any special characters, or it will break the Inspector.
  • Select Administrator for the User Type.
  • Click on the Profile dropdown and select Create new
  • Select Open Group under Group.
  • Fill in the Profile Name field
  • Select the Read-Only header field to select Read-Only rights under everything
  • Click Save

Configure Device Access

  1. Go to System > Administration. Select the Device Access tab. Make certain that the HTTPS access is enabled for LAN

❗️

Inspections via VPN

If inspecting via a VPN, you will also need to enable HTTPS for VPN on the screen shown above.

Liongard Inspector Setup

🚧

Serverless Environment

We recommend deploying the Sophos XG Inspector using an On-Premises Agent. However, if a client network is serverless, you can deploy and allowlist a Self-Hosted Agent and use that Agent to run the Inspector. Please review this documentation for more information.

This Inspector runs on Port 4444.

Individual Inspector Setup

In Liongard, navigate to Admin > Inspectors > Inspector Types > Navigate to the Sophos XG Inspector > Select Add System.

Fill in the following information:

  • Environment: Select the Environment this System Inspector should be associated to
  • Friendly Name: Suggested "Sophos XG [Environment Name]"
  • Agent: Select the On-premises Agent installed for this Environment
  • Inspector Version: Latest
  • IP Address: The IP Address of your Sophos XG console
  • Port: The port number of your Sophos XG console
  • Username: Username of the Liongard service account you created above
  • Password: Credentials for the above Username
  • Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule

Select Save. The Inspector will now be triggered to run within the minute.

Optional: Turn on Flexible Asset/Configuration Auto-Updating

If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:

  • ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
  • IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled

Roll out Inspectors at Mass via CSV Import

For more information, please visit our documentation.

To import Sophos XG Inspectors via CSV Import, navigate to Admin > Inspectors > Sophos XG > Select the down arrow icon in the top right-hand to Download CSV Import Template.

In the CSV Template, each row, starting on row three, will represent an Inspector. Fill in the following information for each Inspector you want to roll out:

  • Agent.Name: This column is case sensitive. Copy and paste the associated Agent name from the Admin > Agents screen
  • Inspector.Name: Enter "sophos-xg-inspector"
  • Environment.Name: This column is case sensitive. Copy and paste the associated Environment name from the Dashboard screen
  • Alias: Enter the Desired Friendly Name
  • Config.IP: Enter the IP Address of your Sophos XG console
  • Config.PORT: Enter the port number of your Sophos XG console
  • Config.USERNAME: Enter the username of the Liongard service account you created in the Inspector Setup Preparation
  • SecureConfig.PASSWORD: Enter the password for the above username
  • FreqType: Enter "days"
  • FreqInterval: Enter "1"

When ready to Import the CSV Template of Inspectors, navigate to Admin > Inspectors > Sophos XG > Select the up arrow icon in the top right-hand to Import CSV > Select your saved template.

After the successful import notification, reload your browser to find your imported Inspectors.

These Inspectors will automatically trigger themselves to run within a minute.

Sophos XG Quick Tips/FAQs

Inspector FAQs