Sophos XG Firewall Web Interface Reference and Admin Guide ...
Sophos XG Firewall v 15.01.0 ? Release Notes
Sophos XG Firewall Web Interface Reference and Admin Guide v17.1
For Sophos Customers Document Date: June 2018
Sophos XG Firewall | Contents | ii
Contents
Introduction............................................................................................................... 7
Flavors................................................................................................................................................................... 7 Administrative Interfaces......................................................................................................................................7 Administrative Access.......................................................................................................................................... 7
Using Admin Console............................................................................................... 8
Supported Browsers............................................................................................................................................ 10 Menus.................................................................................................................................................................. 10 Pages....................................................................................................................................................................11 List Navigation Controls.................................................................................................................................... 11
Monitor and Analyze..............................................................................................11
Control center......................................................................................................................................................11 Current Activities................................................................................................................................................18
Live Users............................................................................................................................................... 19 Live Connections.................................................................................................................................... 19 Live Connections IPv6........................................................................................................................... 22 View Live Connection Details............................................................................................................... 23 IPsec Connections...................................................................................................................................27 Remote Users.......................................................................................................................................... 28 Diagnostics.......................................................................................................................................................... 28 Tools........................................................................................................................................................ 28 System Graphs........................................................................................................................................ 32 URL Category Lookup........................................................................................................................... 37 Packet Capture........................................................................................................................................ 38 Connection List.......................................................................................................................................43 Support Access........................................................................................................................................47
System.......................................................................................................................48
Profiles.................................................................................................................................................................48 Schedule.................................................................................................................................................. 48 Access Time............................................................................................................................................50 Surfing Quotas........................................................................................................................................ 53 Network Traffic Quota........................................................................................................................... 56 Network Address Translation................................................................................................................. 60 Device Access.........................................................................................................................................61
Hosts and Services..............................................................................................................................................63 IP Host.................................................................................................................................................... 64 IP Host Group.........................................................................................................................................65 MAC Host...............................................................................................................................................66 FQDN Host............................................................................................................................................. 67 FQDN Host Group................................................................................................................................. 68 Country Group........................................................................................................................................ 68 Services................................................................................................................................................... 69 Service Group......................................................................................................................................... 70
Administration.....................................................................................................................................................71
Sophos XG Firewall | Contents | iii
Licensing................................................................................................................................................. 72 Device Access.........................................................................................................................................73 Admin Settings........................................................................................................................................76 Central Management............................................................................................................................... 79 Time.........................................................................................................................................................81 Notification Settings............................................................................................................................... 82 SNMP...................................................................................................................................................... 84 Netflow.................................................................................................................................................... 86 Messages................................................................................................................................................. 86 Certificates...........................................................................................................................................................86 Certificates...............................................................................................................................................86 Certificate Authorities.............................................................................................................................89 Certificate Revocation Lists................................................................................................................... 90 Backup & Firmware........................................................................................................................................... 90 Backup & Firmware............................................................................................................................... 91 API...........................................................................................................................................................92 Import Export..........................................................................................................................................94 Firmware................................................................................................................................................. 95 Pattern Updates....................................................................................................................................... 97
Configure..................................................................................................................99
Network............................................................................................................................................................... 99 Interfaces................................................................................................................................................. 99 Zones..................................................................................................................................................... 128 WAN Link Manager............................................................................................................................. 130 DNS....................................................................................................................................................... 136 DHCP.................................................................................................................................................... 141 IPv6 Router Advertisement.................................................................................................................. 147 Cellular WAN........................................................................................................................................151 IP Tunnels............................................................................................................................................. 153 Neighbors (ARP-NDP)......................................................................................................................... 155 Dynamic DNS.......................................................................................................................................158
Authentication................................................................................................................................................... 160 Servers................................................................................................................................................... 161 Services................................................................................................................................................. 170 Groups................................................................................................................................................... 178 Users...................................................................................................................................................... 182 One-Time Password.............................................................................................................................. 189 Captive Portal........................................................................................................................................192 Guest Users........................................................................................................................................... 195 Clientless Users.....................................................................................................................................201 Guest User Settings.............................................................................................................................. 204 Client Downloads..................................................................................................................................209 STAS..................................................................................................................................................... 210
VPN................................................................................................................................................................... 211 IPsec Connections.................................................................................................................................212 SSL VPN (Remote Access)..................................................................................................................219 SSL VPN (Site to Site)........................................................................................................................ 221 CISCOTM VPN Client............................................................................................................................ 224 L2TP (Remote Access).........................................................................................................................227 Clientless Access.................................................................................................................................. 231 Bookmarks.............................................................................................................................................232 Bookmark Groups.................................................................................................................................233 PPTP (Remote Access).........................................................................................................................234 IPsec Policies........................................................................................................................................ 235
Sophos XG Firewall | Contents | iv
SSL VPN...............................................................................................................................................239 L2TP...................................................................................................................................................... 242 Routing.............................................................................................................................................................. 243 Static Routing........................................................................................................................................243 Policy Routing...................................................................................................................................... 247 Gateways............................................................................................................................................... 249 BGP....................................................................................................................................................... 250 OSPF..................................................................................................................................................... 252 Information............................................................................................................................................ 256 Upstream Proxy.................................................................................................................................... 269 Multicast (PIM-SIM)............................................................................................................................ 271 RIP.........................................................................................................................................................273 System Services................................................................................................................................................ 276 High Availability...................................................................................................................................277 Traffic Shaping Settings....................................................................................................................... 284 RED....................................................................................................................................................... 286 Log Settings.......................................................................................................................................... 287 Data Anonymization............................................................................................................................. 293 Traffic Shaping......................................................................................................................................296 Services................................................................................................................................................. 300
Protect.................................................................................................................... 302
Firewall..............................................................................................................................................................302 User/Network Rule............................................................................................................................... 305 Business Application Rule....................................................................................................................317
Intrusion Prevention..........................................................................................................................................373 DoS Attacks.......................................................................................................................................... 373 IPS Policies........................................................................................................................................... 373 Custom IPS Signatures......................................................................................................................... 377 DoS & Spoof Prevention......................................................................................................................379
Web....................................................................................................................................................................389 Policies.................................................................................................................................................. 389 User Activities...................................................................................................................................... 392 Categories.............................................................................................................................................. 393 URL Groups..........................................................................................................................................394 Exceptions............................................................................................................................................. 395 General Settings.................................................................................................................................... 396 File Types..............................................................................................................................................399 Surfing Quotas...................................................................................................................................... 399 User Notifications................................................................................................................................. 402 Content Filters.......................................................................................................................................402
Applications.......................................................................................................................................................402 Cloud applications................................................................................................................................ 403 Application List.................................................................................................................................... 403 Synchronized Application Control....................................................................................................... 404 Application Filter.................................................................................................................................. 404 Traffic Shaping Default........................................................................................................................ 406
Wireless............................................................................................................................................................. 408 Wireless Client List.............................................................................................................................. 408 Wireless Networks................................................................................................................................ 408 Access Point Overview.........................................................................................................................412 Access Point Groups.............................................................................................................................418 Mesh Networks..................................................................................................................................... 420 Hotspots.................................................................................................................................................422 Hotspot Voucher Definition..................................................................................................................431
Sophos XG Firewall | Contents | v
Rogue AP Scan.....................................................................................................................................432 Wireless Settings...................................................................................................................................434 Hotspot Settings.................................................................................................................................... 435 Email................................................................................................................................................................. 437 MTA Mode............................................................................................................................................437 Legacy Mode........................................................................................................................................ 465 Web Server........................................................................................................................................................493 Web Servers.......................................................................................................................................... 493 Protection Policies................................................................................................................................ 495 Authentication Policies......................................................................................................................... 499 Authentication Templates..................................................................................................................... 501 General Settings.................................................................................................................................... 502 Advanced Threat...............................................................................................................................................503 Advanced Threat Protection................................................................................................................. 503 SandstormActivity.................................................................................................................................504 Sandstorm Settings................................................................................................................................505 Synchronized Security.......................................................................................................................... 505
Appendix A - Logs................................................................................................507
Log Viewer........................................................................................................................................................507 View List of System Events.................................................................................................................509 View List of Web Filter Events........................................................................................................... 509 View List of Application Filter Events................................................................................................ 510 View List of Malware Events.............................................................................................................. 511 View List of Email Events................................................................................................................... 511 View List of Firewall Events............................................................................................................... 512 View List of IPS Events.......................................................................................................................513 View List of Authentication Events..................................................................................................... 514 View List of Admin Events..................................................................................................................515 View List of Web Server Protection (WAF) Events............................................................................ 516 View List of Advanced Threat Protection Events................................................................................517 View List of Security Heartbeat Events...............................................................................................517
Log ID Structure...............................................................................................................................................518 Log Type............................................................................................................................................... 519 Log Component.................................................................................................................................... 519 Log Subtype and Module Icons........................................................................................................... 521
Common Fields for all Logs............................................................................................................................ 523 System Logs......................................................................................................................................................524 Web Filter Logs................................................................................................................................................ 532
Module-specific Fields..........................................................................................................................532 Application Filter Logs.....................................................................................................................................535
Module-specific Fields..........................................................................................................................535 Malware Logs................................................................................................................................................... 536
Module-specific Fields..........................................................................................................................536 Email Logs........................................................................................................................................................ 537
Module-specific Fields..........................................................................................................................539 Firewall Logs.................................................................................................................................................... 540
Module-specific Fields..........................................................................................................................542 IPS Logs............................................................................................................................................................544
Module-specific Fields..........................................................................................................................544 Authentication Logs..........................................................................................................................................546
Module-specific Fields..........................................................................................................................547 Admin Logs...................................................................................................................................................... 548
Module-specific Fields..........................................................................................................................548 Sandstorm Logs................................................................................................................................................ 548
Web Server Protection (WAF) Logs................................................................................................................ 549 Advanced Threat Protection (ATP) Logs.........................................................................................................549 Security Heartbeat Logs................................................................................................................................... 549 Web Content Policy Logs.................................................................................................................................550 Policy Test.........................................................................................................................................................550
Appendix B - IPS - Custom Pattern Syntax...................................................... 551
Appendix C - Default File Type Categories....................................................... 558
Appendix E - Compatibility with SFMOS 15.01.0............................................ 562
Appendix F - Additional Documents.................................................................. 562
Copyright Notice................................................................................................... 562
Sophos XG Firewall | Introduction | 7
Introduction
Sophos XG Firewall provides unprecedented visibility into your network, users, and applications directly from the allnew control center. You also get rich on-box reporting and the option to add Sophos iView for centralized reporting across multiple firewalls. Click here to view list of all features supported by Sophos XG Firewall.
Flavors
This section provides information about different flavors available for Sophos XG Firewall. Sophos XG Firewall is available in following flavors: ? Physical Devices ? Virtual Devices ? Software Physical Devices Sophos provides a range of physical devices to cater the needs of all size of businesses i.e. small business to home users to enterprises. Virtual Devices Virtual Network Security devices can be deployed as Next-Generation Firewalls or UTMs and offer industry-leading network security to virtual data-centers, "Security-in-a-Box" set-up for MSSPs/organizations, and "Office-in-a-Box" set-up. By offering comprehensive security features available in its hardware security devices, in virtualized form, these virtual devices offer Layer 8 Identity-based security on a single virtual device, which is as strong as security for the physical networks. Sophos offers a complete virtual security solution to organizations with its virtual network security devices (NextGeneration Firewalls/UTMs), virtual Sophos Firewall Manager (SFM) for centralized management, and Sophos iView software for centralized logging and reporting.
Administrative Interfaces
Device can be accessed and administered through: ? Admin Console: Admin Console is a web-based application that an Administrator can use to configure, monitor,
and manage the Device. ? Command Line Interface: Command Line Interface (CLI) console provides a collection of tools to administer,
monitor, and control certain component(s) of the device. ? Sophos Firewall Manager (SFM): Distributed Sophos devices can be centrally managed using a single Sophos
Firewall Manager (SFM) Device.
Administrative Access
This section provides information on how to access Device. An administrator can connect and access the device through HTTPS, telnet, or SSH services. Depending on the Administrator login account profile used for access, an administrator can access number of Administrative Interfaces and Admin Console configuration pages. The device is shipped with one administrator account and four administrator profiles.
Sophos XG Firewall | Using Admin Console | 8
Administrator Type Login Credentials Super Administrator admin/admin
Console Access Admin console CLI console
Privileges
Full privileges for both the consoles. It provides read-write permission for all the configuration performed through either of the consoles.
Note: We recommend that you change the password of the user immediately on deployment.
Admin Console
Admin Console is a web-based application that an Administrator can use to configure, monitor, and manage the Device. You can connect to and access Admin Console of the device using HTTPS connection from any management computer using web browser: 1. HTTPS login: https://
For more details, refer to section Admin Console.
Command Line Interface (CLI) Console
CLI console provides a collection of tools to administer, monitor, and control certain component(s) of the device. The device can be accessed remotely using the following connections: 1. Remote login Utility ? TELNET login 2. SSH Client (Serial Console)
Use CLI console for troubleshooting and diagnosing network problems in details.
Sophos Firewall Manager SFM
Distributed Sophos devices can be centrally managed using a single Sophos Firewall Manager (SFM) Device, enabling high levels of security for MSSPs and large enterprises. To monitor and manage devices through SFM device you must: 1. ConfigureSFM in Sophos device. 2. Integrate Sophos device with SFM.
Once you have added the Devices and organized them into groups, you can configure single device or groups of devices.
Using Admin Console
Sophos Firewall OS uses a Web 2.0 based easy-to-use graphical interface termed as Admin Console to configure and manage the device.
You can access the device for HTTPS web browser-based administration from any of the interfaces. Device when connected and powered up for the first time, it will have a following default Admin Console Access configuration for HTTPS service.
Services HTTPS
Interface/Zones WAN
Default Port TCP Port 4444
The administrator can update the default ports for HTTPS service from System > Administration > Admin Settings
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- cli guide cisco cbs250 product lines ph 3 1 command
- user manual huawei
- tandberg ex90 administrator guide tc3 1 cisco
- fr e800 instruction manual function
- nf10wv vdsl adsl n300 wifi modem router with voip
- sophos xg firewall web interface reference and admin guide
- sap hana administration with sap hana cockpit
- iscli—industry standard cli command reference
- ethernet smart cable future electronics
- canon pixma mx532 user guide manual
Related searches
- rate and service guide 2019
- 2019 ups rate and service guide usa
- sba quick reference guide 2019
- salesforce admin study guide pdf
- grammar and punctuation guide pdf
- drill and tap guide chart
- web design terminology and definitions
- application and verification guide 2019 20
- exchange admin web address
- web site development and design
- rock and mineral guide pdf
- frames of reference and triangulation