Sophos has released this guide, to get your firewall secured as minimal best practice:
The focus of this document is to provide baseline guidance to secure the Sophos XG Firewall to a minimum level. The document will not provide guidance on each individual XG firewall feature that may, in turn, secure internal network devices and resources (a full, exhaustive Sophos XG Firewall best practice guide will be published in due course).
Download the guide here: Securing your Sophos XG Firewall – Best Practice Guide