Sophos XG Firewall: How to create multiple public IP on the XG public interface in Azure

Disclaimer: Please contact Sophos Professional Services if you require assistance with your specific environment.

Pre-requisites

  • Already deployed and running Sophos XG Firewall in Microsoft Azure.
  • The GUI of the XG should be accessible on https://<IPublic IP address>:4444

Problem statement

  • Creating Multiple public IPs on Azure and associating it with Sophos XG WAN Interface.
  • This can be applicable in scenarios where a customer may want a unique Public IP for every workload running in Azure(1:1 mapping).

Steps

Create a public IP configuration on Azure portal

  1. Navigate to https://portal.azure.com/.
  2. Search for the Resource group containing XG instance.
  3. Click on the hyperlink associated with your resource group.

  4. You will be redirected to your resource group containing the deployed infrastructure.
  5. Click PortB.
  6. Click IP configurations.
  7. Click Add.
  8. Fill in the details.
    • Name: secondpublicip
    • Allocation: Dynamic
    • Public IP address: Associate
  9. Click IP address to configure a public IP.
  10. Click Create New.
  11. Provide a descriptive Name.
  12. Click OK.
  13. The new public IP gets associated.
  14. Click OK.
  15. Wait for some time while the public IP is in creation.


  16. Notice that the second public IP is now associated with PortB.
  17. Make a note of the associated Private IP address.

Create an alias interface on XG with the created private IP

  1. Navigate to the Sophos XG Firewall's GUI on https://<ipv4 Public IP>:4444
  2. Under Configure > Network > Interfaces:
    • Click Add interface > Add alias.
    • Under the Physical interface, select PortB.
    • Enter the newly created private IP and click Save.



  3.  Verify that the alias IP has been added to the interface.

Test to check if the XG is listening on the created public IPs

The  XG web UI should be accessible via both public IPs.