Sophos:Installation and Working

This section provides information about different flavors available for Sophos XG Firewall.

Sophos is available in following flavors:

• Physical Devices

• Virtual Devices

• Software

Physical Devices

Sophos provides a range of physical devices to cater the needs of all size of businesses i.e. small business to home,users to enterprises.

Virtual Devices

Virtual Network Security devices can be deployed as Next-Generation Firewalls or UTMs and offer industry-leading network security to virtual data-centers, “Security-in-a-Box” set-up for MSSPs/organizations, and “Office-in-a-Box” set-up. By offering comprehensive security features available in its hardware security devices, in virtualized form,these virtual devices offer Layer 8 Identity-based security on a single virtual device, which is as strong as security for the physical networks.

Sophos offers a complete virtual security solution to organizations with its virtual network security devices (NextGeneration Firewalls/UTMs), virtual Sophos Firewall Manager (SFM) for centralized management, and Sophos iView software for centralized logging and reporting.

Administrative Interfaces

• Admin Console

• Command Line Interface: Command Line Interface (CLI) console provides a collection of tools to administer,monitor, and control certain component(s) of the device.

• Sophos Firewall Manager (SFM): Distributed Sophos devices can be centrally managed using a single Sophos Firewall Manager (SFM) Device.

An administrator can connect and access the device through HTTPS, telnet, or SSH services. Depending on the Administrator login account profile used for access, an administrator can access number of Administrative Interfaces and Admin Console configuration pages.

Note: We recommend that you change the password of the user immediately on deployment.

Admin Console

Admin Console is a web-based application that an Administrator can use to configure, monitor, and manage the Device.

You can connect to and access Admin Console of the device using HTTPS connection from any management computer using web browser:

1. HTTPS login: https://<LAN IP Address of the device>

For more details, refer to section Admin Console.

Command Line Interface (CLI) Console

CLI console provides a collection of tools to administer, monitor, and control certain component(s) of the device. The device can be accessed remotely using the following connections:

1. Remote login Utility – TELNET login

2. SSH Client (Serial Console)

Use CLI console for troubleshooting and diagnosing network problems in details.

Sophos Firewall Manager (SFM)

Distributed Sophos devices can be centrally managed using a single Sophos Firewall Manager (SFM) Device,enabling high levels of security for MSSPs and large enterprises. To monitor and manage devices through SFM device you must:

1. Configure SFM in Sophos device.

2. Integrate Sophos device with SFM.

Once you have added the Devices and organized them into groups, you can configure single device or groups of devices.

Using Admin Console

Administrator can also specify description for various policies, services, and various custom categories in any of the supported languages.

All the configurations done from the Admin Console take effect immediately.

The navigation menu includes following modules:

• Monitor & Analyze

• Protect

• Configure

• System

Note:

• Use F1 key for page specific help.

Configure > System Services > High Availability(For high Availability)

Pages

1. Support: Opens the customer login page for creating a Technical Support Ticket. It is fast, easy and puts your case right into the Technical Support queue.

2. About Product: Opens the device registration information page.

3. Wizard: Opens the Network Configuration Wizard.

4. Console: Opens the Command Line Interface (CLI) console.

5. Reboot Device: Reboots the device.

6. Shutdown Device: Shut downs the device.

7. Lock: Locks the Admin Console. Admin Console is automatically locked if the device is in inactive state for more than 3 minutes. To unlock the Admin Console you need to relogin. By default, Lock functionality is disabled.

Enable Admin Session Lock from System > Administration > Settings

8. Logout: Logs out from the Admin Console.

Clicking Help hyperlink on the upper rightmost corner of every page opens the content-sensitive help page.

Monitor and Analyze

Control Center:Control Center provides a single screen snapshot of the state and health of the security system, which is easy to explore and drill.

System Panel

System panel displays the real-time state of device services, VPN connections, WAN links and performance as well as number of days since the device is up and running. Status is displayed as an icon and colored icons are used to differentiate statuses. On clicking the icon, detailed information of the services is displayed.

The icons and their various status are:

Performance Widget

Services Widget

On clicking the icon, details of VPN tunnels are displayed.

CPU Widget

CPU graphs allow administrator to monitor the CPU usage by the Users and System components. Maximum and Average CPU usage is also displayed when clicked on the widget.

X-axis –Hours/Weeks/Months/Year (depending on the option selected)

Y-axis – % use

Click the widget to view details. Clicking any of the hyperlinks under System Tools and Network Utilities will redirect you to the respective page.

Memory Widget

Memory graphs allow administrator to monitor the memory usage in percentage. Graphs displays the memory used,

free memory and total memory available. In addition, shows maximum and average memory usage.

X-axis – selected)

Y-axis – % use

Click the widget to view details. Clicking any of the hyperlinks under System Tools and Network Utilities will

redirect you to the respective page.

Bandwidth Widget

Graph displays total data transfer through WAN Zone. In addition, shows maximum and average data transfer.

X axis – Hours/Days/Months/Year (depending on the option selected)

Y-axis – Total data transfer in KBits/Second

Click the widget to view details. Clicking any of the hyperlinks under System Tools and Network Utilities will

redirect you to the respective page.Sophos XG Firewall | Monitor and Analyze | 14

Sessions Widget

Graph displays current sessions of the device. It also displays the maximum and average live connections.

Click the widget to view details. Clicking any of the hyperlinks under System Tools and Network Utilities will redirect you to the respective page.

High Availability (HA) Details

Displays HA mode configured as below:

A-A : When device is configured in Active-Active mode.

A-P (M): When device is configured in Active-Passive mode and is acting as Primary Device..

A-P (S): When device is configured in Active-Passive mode and is acting as Auxiliary Device.

Traffic Insight Panel

Browse to this site and download the zip file,extract it:

https://download.sophos.com/network/SophosFirewall/installers/VI-19.5.3_MR-3.VMW-652.zip

Configure the VM according to figure:

Go to virtual network editor.

VMnet8:Nat:103.234.116.0-->Port D

VMnet0:Auto-Bridging-->Port B

VMnet1:Host Only:10.1.1.0-255.255.255.0(Uncheck DHCP)-->Port A

VMnet2:Host Only:172.16.0.0-255.255.255.0(Uncheck DHCP)-->Port C

Add Network if Required.

Network Adapter 1:VMnet1(host only)

Network Adapter 2:Bridge Only

Network Adapter 3:VMnet2(host only)

Create Three Network Adapter.

Browse to VM and open the sophos file

Asking for password:admin

Accept it

admin

1.Network Configuration-->Interface Configuration-->y-->10.1.1.200-->255.255.255.0

Administrative Console

Profile-->Device Access

Control Center-->

Real Time State of Device Services:

VPN Connections

WAN Links

No of days since Activated

Performance-->

Current(Live) Activities-->

Live Users:no of users connected to device.

Creating Firewall Rules and Policies:

System>Hosts and Services>

Dynamic Hosts

Default Hosts

Mannually Aided Hosts

IP Hosts

ADD-->Lab-PC1-->10.1.1.150-->Save

ADD-->Lab-PC2-->10.1.1.100-->Save

IP Hosts Group

Security policies can be created for hosts or hosts group.

IP Hosts Group-->Add-->Lab-PC-->add new items-->Select Lab-PC1,Lab-PC2.-->save

1.Adding another Pc to group.

Add a PC and add to the group to Lab-PC.

2.Adding another Pc to group.

Mac Hosts:Configure through Mac Hosts or Lists(using comma).

FQDN Hosts:(Fully Qualified Domain Name):It fascilitate add to domain name.

FQDN Hosts Group:

Country Group:

Source:Ip hosts,FQDN,Manual Hosts

Services:(Network Traffic-TCP,ICMP,UDP,Ports No-aalow,deny)

Services Group:

Configure-->Network

Port A:

Port B:

Zones: Provide flexible layer of fascilities for Firewall.

Logical grouping of ports, Interfaces.

Administrator can write the policies to all instead of single.

Port C

Protect-->Rules & Policies

4.How To Create Firewall Rules and Policy

(VM WARE)Create two PC:ClientPC1 & Client PC2

ClientPC1-10.1.1.150 GW-10.1.1.200-->Setting-->Custom-->vmnet1

ClientPC2-10.1.1.100 GW-10.1.1.200-->Setting-->Custom-->vmnet1

From both ffic to WAN:ping 10.1.1.200

Go to Sophos firewall-->System-->Hosts and Services-->Add

CLIENT-PC1->10.1.1.150

CLIENT-PC2->10.1.1.150

Goto -->Project-->Rules and Policies-->Add Firewall Rule-->

Automatic-->automatically linked with the group

Traffic to Internal-->Internal Zone(outside to inside)

Traffic to WAN-->Automatically(inside to outside)

Traffic to DMZ-->DMZ

Auto Aided Firewall-->any to ANY ADDED(Disable it)

Drop all-If any policy is not working then it automatically come int drop all.

Create the NAT Rule

Select MASQ(Access private IP to Public IP)

PAT is more likely something based on Ports. The P stands for Port translation. A MASQ (SNAT) is to translate the source IP of a network/IP to the Interface IP of the firewall.

Save the Rule