Setting up Sophos XGS Collector
This setup is for the XDR Collector only. If you are using a physical or virtual sensor, refer to Integrating Sophos XGS.
Due to XG firewalls nearing end of life (March 2025), this integration may be used for XG firewalls, but support may be limited.
To set up Sophos XGS Collector, follow the procedures below:
Enable Sophos XGS Collector
Install the XDR Collector
Configure the Firewall
Open port on the XDR Collector Host
Enable Sophos XGS Collector
In Barracuda XDR Dashboard, navigate to Administration > Integrations.
On the Sophos XG/XGS Collector card, click Setup.
Select the Enable check box.
Click Save.
Install the XDR Collector
When collecting logs from one or more integrated data sources, always set up the XDR Collector on a dedicated host server. Don't use an existing server because the amount of data produced by logs can impact critical infrastructure.
If you haven't already set up the XDR Collector, do one of the following:
Configure the Firewall
For the Firewall to be configured properly, ensure that the Syslog server uses port 9208.
In System Services > Log settings, ensure that:
You type 9208 in the Port field.
The Secure log transmission check box is clear.
Go to System Services > Log settings and click Add.
Enter a name.
Specify the following settings:
Type a Name.
Specify the IP address/Domain.
Ensure the Secure log transmission check box is clear.
Type 9208 in Port. The Syslog server must use port 9208.
Select the Facility.
Select the Severity level.
Select the Format.
Click Save.
Go to Log settings and select the logs you want to send to the syslog server.
For more information, see the Sophos Firewall Documentation.
Open port on the XDR Collector Host
Ensure incoming traffic is allowed on UDP port 9208.
Linux
sudo ufw allow 9208/udp
Windows
netsh advfirewall firewall add rule name=“Sophos XGS Firewall Events” dir=in action=allow protocol=UDP localport=9208
Contact Us
Barracuda Campus
Barracuda Support