This article describes how to deploy the Sophos XG Firewall (SF) in discover mode using a TAP interface and schedule a Security Audit Report (SAR).
Connect one (1) interface of the SF to the network switch (which all network traffic must pass through).
Before you begin, make sure that:
Also, to get user specific data in the SAR, the device needs to be integrated with external authentication servers, such as Active Directory (AD), RADIUS, LDAP, Apple Directory or Novell eDirectory.
Note: Discover mode can ONLY be enabled on an unbound interface.
By default, Ports A, B and C are bound to LAN, DMZ and WAN zones respectively while the rest of the ports are unbound. An administrator can bind any port, including the Ports A, B and C, to other zones at any time. discover mode can be enabled on any unbound port. In this example, we have enabled discover mode on Port D.
console> system discover-mode tap add PortD
Note: If you want to enable discover mode on a previously bound interface, you need to unbind it. To unbind an interface, go to Network > Interfaces, select the required interface, and set the Network Zone as None.
The configuration above deploys an SF Appliance in discover mode. The interface configured in discover mode will have a "Discover, Physical (TAP)" displayed on the Network > Interfaces page.
Note: SARs can also be generated by the SF Appliance while deployed in any of the in-line modes: Gateway Mode, Bridge Mode or Mixed Mode.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.