This course is available online via the Training Portal, or as an instructor-led classroom course. Please contact your Sophos partner to find out more about the availability of classroom courses in your region.

Electronic copies of the supporting documents for the course are provided to each trainee via the training portal.

On completion of this course, trainees will be able to:

• Explain how Sophos Firewall helps to protect against security threats
• Configure Firewall rules, policies, and user authentication
• Demonstrate threat protection and commonly used features
• Perform the initial setup of a Sophos Firewall and configure the required network settings
• Perform basic troubleshooting, reporting, and management tasks

This course is designed for technical professionals who will be administrating Sophos Firewall and provides an overview of the product, including an introduction to the major capabilities and core configuration concepts.

We recommend that you have the following knowledge and experience:

• Understanding subnetting and routing
• Configuring network security devices

If you are uncertain whether you meet the necessary prerequisites, please email us at and we will be happy to help.

1. Sophos Firewall Overview

Chapters:

What is Sophos Firewall?

10 minutes

2. Sophos Firewall Deployment

Chapters:

Sophos Firewall deployment options and common Scenarios

Considerations for Deploying Sophos Firewall in Common Scenarios

Deploying Sophos Firewall using the initial setup wizard

35 minutes

Lab Tasks:

Register for a Sophos Central evaluation

Activate the Sophos Firewall

50 minutes

3. Getting Started with Sophos Firewall

Chapters:

Navigating and managing the Sophos Firewall using WebAdmin

Getting Started with Zones and Interfaces on Sophos Firewall

Advanced Interface Configuration on Sophos Firewall

Introduction to Routing and SD-WAN on Sophos Firewall

Advanced Routing and SD-WAN Configuration on Sophos Firewall

Troubleshooting Routing on Sophos Firewall

Configuring DNS and DHCP on Sophos Firewall

Managing Device Access and Certificates

Considerations for Configuring Device access on Sophos Firewall

Getting Started with Traffic Shaping on Sophos Firewall

115 minutes

Lab Tasks:

Multiple WAN Links

SD WAN Profiles

Create a policy-based route for an MPLS scenario

Configure Device Access

Bridge Interfaces

80 minutes

4. Base Firewall

Chapters:

Getting Started with Firewall and NAT Rules on Sophos Firewall

Advanced Firewall Rule Management on Sophos Firewall

Troubleshooting Firewall Rules on Sophos Firewall

Advanced NAT Configuration on Sophos Firewall

Troubleshooting NAT Rules on Sophos Firewall

Configuring TLS decryption on Sophos Firewall

Network Traffic Shaping on Sophos Firewall

100 minutes

Lab Tasks:

Load-Balanced NAT

Local NAT Policy

Install Sophos Central

30 minutes

5. Network Protection

Chapters:

Getting Started with Intrusion Prevention

Advanced IPS Configuration

Enabling Advanced Threat Protection Sophos Firewall

Troubleshooting ATP Alerts

Getting Started with Security Heartbeat

Managing and Deploying Security Heartbeat on Sophos Firewall

70 minutes

Lab Tasks:

Source-based Security Heartbeat

Destination-based Security Heartbeat

Missing Security Heartbeat

30 minutes

6. Site-to-Site Connections

Chapters:

Connecting Sites with Sophos Firewall

Configuring SSL Site-to-Site VPNs on Sophos Firewall

Getting Started with IPsec Site-to-Site VPNs on Sophos Firewall

Advanced IPsec Site-to-Site VPN Configuration on Sophos Firewall

Getting Started with Remote Ethernet Devices (REDs) on Sophos Firewall

60 minutes

Lab Tasks:

Create an IPsec site-to-site VPN

Configure VPN network NATing

Configure a VPN failover

Configure route-based VPN

45 minutes

7. Authentication

Chapters:

Introducing Authentication on Sophos Firewall

Configuring Authentication Servers and Services on Sophos Firewall

Configuring Azure AD SSO on Sophos Firewall

Getting Started with Sophos Firewall Authentication

Advanced STAS Configuration

Enabling Multi-Factor Authentication on Sophos Firewall

95 minutes

Lab Tasks:

Configure an Active Directory Authentication server

Configure Single Sign-On using STAS

Authenticate users over a site-to-site VPN

35 minutes

8. Web Protection

Chapters:

Sophos Firewall Web Protection Overview

Configuring Web Protection on Sophos Firewall

Sophos Firewall Web Protection Quotas and Traffic Shaping

50 minutes

Lab Tasks:

Install the SSL CA Certificates

Configure TLS Inspection Rules

Configure a custom web policy for users

25 minutes

9. Application Control

Chapters:

Getting Started with Application Control on Sophos Firewall

Application Traffic Shaping on Sophos Firewall

30 minutes

10. Remote Access

Chapters:

Getting Started with Remote Access VPNs on Sophos Firewall

Advanced Sophos Remote Access VPN Configuration on Sophos Firewall

Configuring Clientless Access on Sophos Firewall

50 minutes

Lab Tasks:

Sophos Connect

Auto Provisioning

45 minutes

11. Wireless Protection

Chapters:

Introduction to Wireless Protection on Sophos Firewall

Deploying Wireless Protection on Sophos Firewall

Wireless Authentication

Creating Hotspots on Sophos Firewall

Configuring Wireless Mesh Networks

45 minutes

12. Logging and Reporting

Chapters:

Running and Customizing Reports on Sophos Firewall

Managing Logs and Notifications on Sophos Firewall

15 minutes

13. Central Firewall Management

Chapters:

Running and Customizing Reports on Sophos Firewall

Managing Logs and Notifications on Sophos Firewall

25 minutes

14. Course Review

Chapters:

How to find help from Sophos

Course review

10 minutes

Assessment

To complete this course, trainees must take and pass an online assessment.
Trainees will have to complete the assessment; the pass mark is and trainees will have to pass.

Lab Environment

Each trainee is provided a pre-configured environment, which simulates a company network with two sites, a head office, and contains Windows Servers, a client, two Sophos Firewalls and supporting infrastructure.

If you require any further information on this course, please contact us at globaltraining@sophos.com.