Sophos XG Firewall Architect (XGFA)

This course provides an in-depth study of Sophos XG Firewall, designed for experienced technical professionals who will be planning, installing, configuring and supporting deployments in production environments. The course is intended to be delivered in a classroom setting, and consists of presentations and practical lab exercises to reinforce the taught content. Printed copies of the supporting documents for the course will be provided to each trainee. Due to the nature of delivery, and the varying experiences of the trainees, open discussion is encouraged during the training.
On completion of this course, trainees will be able to:
  • Understand the product architecture
  • Size the solution appropriately
  • Complete a complex evaluation or deployment
  • Design and implement a solution to fit a customer’s requirements
  • Complete a PoC
Target audience
This course is designed for technical professionals who will be planning, installing, configuring and supporting deployments in production environments. And for indivudials wishing to obtain the XG Firewall Certified Architect certification
Prior to attending this course, trainees should:
  • Complete the Sophos XG Firewall Certified Engineer course.
  • Have experience configuring network security devices
To achieve the Sophos Certified Architect certification in Sophos XG Firewall trainees must take and pass a timed online assessment. The assessment tests their knowledge of both the taught and practical content. The pass mark for the assessment is 80%, and it may be taken a maximum of three times.
3 days
Course Modules
Module 1: Engineer Review
  • Recall important information from the Engineer course
  • Labs
    • Register for Sophos Central evaluation
    • Register for Sophos XG Firewall serial numbers
Module 2: Deployment
  • Describe the deployment modes supported by the XG Firewall
  • Understand the types of interfaces that can be created
  • Configured gateways
  • Configure policy based and dynamic routing
  • Labs
    • Activate the Sophos XG Firewalls
    • Post-installation configuration
    • Bridge interfaces
    • Multiple WAN links
    • Create a policy-based route for an MPLS scenario
Module 3: Network Protection
  • Understand the benefits of Fast Path technology
  • Understand what Strict Policy is
  • Examine advanced Intrusion Prevention and optimize policies
  • Configure advanced DoS Protection Policies
  • Explain what Local NAT policy is and known how to configure it
  • Be able to configure routing per firewall rule
  • Understand best practice for ordering of firewall rules
  • Labs
    • Local NAT Policy
    • Advanced DoS Rules
Module 4: Web Server Protection
  • Explain how Web Server Protection works
  • Describe the protection features
  • Configure protection policies for a web application
  • Publish a web service using the Web Application Firewall
  • Use the preconfigured templates to configure Web Server Protection for common purposes, such as Exchange
  • Configure SlowHTTP protection
  • Labs
    • Web Application Firewall
    • Load balancing with Web Server Protection
    • Web Server Authentication and path-specific routing
Module 5: Site-to-Site Connections
  • Configure and deploy site-to-site VPNs in wide range of environments
  • Create RED tunnels between two XG Firewalls
  • Understand when to use RED
  • Labs
    • Create an IPsec site-to-siteVPN
    • Configure VPN network NATing
    • Configure VPN failover
    • Enable RED on the XG Firewall
    • Create a RED tunnel between two XG Firewalls
    • Configure routing for the RED tunnel
Module 6: Authentication
  • Configure RADIUS accounting
  • Deploy STAS in complex scenarios
  • Configure SATC and STAS together
  • Configure Secure LDAP
  • Explain how to use the Sophos XG API
  • Labs
    • Configure an Active Directory authentication server
    • Configure single sign-on using STAS
    • Create user-based policies
    • Install the SSL CA certificate
    • Create custom user-based web policies
Module 7: Synchronized Security (65 mins)
  • Explain how Security Heartbeat works
  • Understand the advantages and disadvantages of deploying it in different scenarios
  • Labs
    • Source-based Security Heartbeat
    • Destination-based Security Heartbeat
    • Missing Security Heartbeat
    • Security Heartbeat over VPN
Module 8: Wireless and Remote Access (60 mins)
  • Explain how Sophos Access Points are deployed and identify some common issues that may be encountered
  • Configure a mesh network
  • Configure an IPsec remote access VPN
Module 9: High Availability
  • Explain the packet flow in high availability
  • List the prerequisites for high availability
  • Configure high availability
  • Labs
    • Active-Active Cluster
    • Active-Passive High Availability
Module 10: Sizing and Troubleshooting (75 mins)
  • Size a hardware, software or virtual Sophos XG Firewall appropriately
  • Identify factors that can affect sizing
  • Perform basic troubleshooting using tcpdump
  • Enable debug logging
  • Create a Consolidated Troubleshooting Report and explain what information it contains
  • Labs
    • Debug logging
    • Retrieving log files
    • Troubleshoot an issue from an imported configuration