Sophos XG Firewall Web Interface Reference and Admin Guide ...

Sophos XG Firewall v 15.01.0 ? Release Notes

Sophos XG Firewall Web Interface Reference and Admin Guide v17.1

For Sophos Customers Document Date: June 2018

Sophos XG Firewall | Contents | ii

Contents

Introduction............................................................................................................... 7

Flavors................................................................................................................................................................... 7 Administrative Interfaces......................................................................................................................................7 Administrative Access.......................................................................................................................................... 7

Using Admin Console............................................................................................... 8

Supported Browsers............................................................................................................................................ 10 Menus.................................................................................................................................................................. 10 Pages....................................................................................................................................................................11 List Navigation Controls.................................................................................................................................... 11

Monitor and Analyze..............................................................................................11

Control center......................................................................................................................................................11 Current Activities................................................................................................................................................18

Live Users............................................................................................................................................... 19 Live Connections.................................................................................................................................... 19 Live Connections IPv6........................................................................................................................... 22 View Live Connection Details............................................................................................................... 23 IPsec Connections...................................................................................................................................27 Remote Users.......................................................................................................................................... 28 Diagnostics.......................................................................................................................................................... 28 Tools........................................................................................................................................................ 28 System Graphs........................................................................................................................................ 32 URL Category Lookup........................................................................................................................... 37 Packet Capture........................................................................................................................................ 38 Connection List.......................................................................................................................................43 Support Access........................................................................................................................................47

System.......................................................................................................................48

Profiles.................................................................................................................................................................48 Schedule.................................................................................................................................................. 48 Access Time............................................................................................................................................50 Surfing Quotas........................................................................................................................................ 53 Network Traffic Quota........................................................................................................................... 56 Network Address Translation................................................................................................................. 60 Device Access.........................................................................................................................................61

Hosts and Services..............................................................................................................................................63 IP Host.................................................................................................................................................... 64 IP Host Group.........................................................................................................................................65 MAC Host...............................................................................................................................................66 FQDN Host............................................................................................................................................. 67 FQDN Host Group................................................................................................................................. 68 Country Group........................................................................................................................................ 68 Services................................................................................................................................................... 69 Service Group......................................................................................................................................... 70

Administration.....................................................................................................................................................71

Sophos XG Firewall | Contents | iii

Licensing................................................................................................................................................. 72 Device Access.........................................................................................................................................73 Admin Settings........................................................................................................................................76 Central Management............................................................................................................................... 79 Time.........................................................................................................................................................81 Notification Settings............................................................................................................................... 82 SNMP...................................................................................................................................................... 84 Netflow.................................................................................................................................................... 86 Messages................................................................................................................................................. 86 Certificates...........................................................................................................................................................86 Certificates...............................................................................................................................................86 Certificate Authorities.............................................................................................................................89 Certificate Revocation Lists................................................................................................................... 90 Backup & Firmware........................................................................................................................................... 90 Backup & Firmware............................................................................................................................... 91 API...........................................................................................................................................................92 Import Export..........................................................................................................................................94 Firmware................................................................................................................................................. 95 Pattern Updates....................................................................................................................................... 97

Configure..................................................................................................................99

Network............................................................................................................................................................... 99 Interfaces................................................................................................................................................. 99 Zones..................................................................................................................................................... 128 WAN Link Manager............................................................................................................................. 130 DNS....................................................................................................................................................... 136 DHCP.................................................................................................................................................... 141 IPv6 Router Advertisement.................................................................................................................. 147 Cellular WAN........................................................................................................................................151 IP Tunnels............................................................................................................................................. 153 Neighbors (ARP-NDP)......................................................................................................................... 155 Dynamic DNS.......................................................................................................................................158

Authentication................................................................................................................................................... 160 Servers................................................................................................................................................... 161 Services................................................................................................................................................. 170 Groups................................................................................................................................................... 178 Users...................................................................................................................................................... 182 One-Time Password.............................................................................................................................. 189 Captive Portal........................................................................................................................................192 Guest Users........................................................................................................................................... 195 Clientless Users.....................................................................................................................................201 Guest User Settings.............................................................................................................................. 204 Client Downloads..................................................................................................................................209 STAS..................................................................................................................................................... 210

VPN................................................................................................................................................................... 211 IPsec Connections.................................................................................................................................212 SSL VPN (Remote Access)..................................................................................................................219 SSL VPN (Site to Site)........................................................................................................................ 221 CISCOTM VPN Client............................................................................................................................ 224 L2TP (Remote Access).........................................................................................................................227 Clientless Access.................................................................................................................................. 231 Bookmarks.............................................................................................................................................232 Bookmark Groups.................................................................................................................................233 PPTP (Remote Access).........................................................................................................................234 IPsec Policies........................................................................................................................................ 235

Sophos XG Firewall | Contents | iv

SSL VPN...............................................................................................................................................239 L2TP...................................................................................................................................................... 242 Routing.............................................................................................................................................................. 243 Static Routing........................................................................................................................................243 Policy Routing...................................................................................................................................... 247 Gateways............................................................................................................................................... 249 BGP....................................................................................................................................................... 250 OSPF..................................................................................................................................................... 252 Information............................................................................................................................................ 256 Upstream Proxy.................................................................................................................................... 269 Multicast (PIM-SIM)............................................................................................................................ 271 RIP.........................................................................................................................................................273 System Services................................................................................................................................................ 276 High Availability...................................................................................................................................277 Traffic Shaping Settings....................................................................................................................... 284 RED....................................................................................................................................................... 286 Log Settings.......................................................................................................................................... 287 Data Anonymization............................................................................................................................. 293 Traffic Shaping......................................................................................................................................296 Services................................................................................................................................................. 300

Protect.................................................................................................................... 302

Firewall..............................................................................................................................................................302 User/Network Rule............................................................................................................................... 305 Business Application Rule....................................................................................................................317

Intrusion Prevention..........................................................................................................................................373 DoS Attacks.......................................................................................................................................... 373 IPS Policies........................................................................................................................................... 373 Custom IPS Signatures......................................................................................................................... 377 DoS & Spoof Prevention......................................................................................................................379

Web....................................................................................................................................................................389 Policies.................................................................................................................................................. 389 User Activities...................................................................................................................................... 392 Categories.............................................................................................................................................. 393 URL Groups..........................................................................................................................................394 Exceptions............................................................................................................................................. 395 General Settings.................................................................................................................................... 396 File Types..............................................................................................................................................399 Surfing Quotas...................................................................................................................................... 399 User Notifications................................................................................................................................. 402 Content Filters.......................................................................................................................................402

Applications.......................................................................................................................................................402 Cloud applications................................................................................................................................ 403 Application List.................................................................................................................................... 403 Synchronized Application Control....................................................................................................... 404 Application Filter.................................................................................................................................. 404 Traffic Shaping Default........................................................................................................................ 406

Wireless............................................................................................................................................................. 408 Wireless Client List.............................................................................................................................. 408 Wireless Networks................................................................................................................................ 408 Access Point Overview.........................................................................................................................412 Access Point Groups.............................................................................................................................418 Mesh Networks..................................................................................................................................... 420 Hotspots.................................................................................................................................................422 Hotspot Voucher Definition..................................................................................................................431

Sophos XG Firewall | Contents | v

Rogue AP Scan.....................................................................................................................................432 Wireless Settings...................................................................................................................................434 Hotspot Settings.................................................................................................................................... 435 Email................................................................................................................................................................. 437 MTA Mode............................................................................................................................................437 Legacy Mode........................................................................................................................................ 465 Web Server........................................................................................................................................................493 Web Servers.......................................................................................................................................... 493 Protection Policies................................................................................................................................ 495 Authentication Policies......................................................................................................................... 499 Authentication Templates..................................................................................................................... 501 General Settings.................................................................................................................................... 502 Advanced Threat...............................................................................................................................................503 Advanced Threat Protection................................................................................................................. 503 SandstormActivity.................................................................................................................................504 Sandstorm Settings................................................................................................................................505 Synchronized Security.......................................................................................................................... 505

Appendix A - Logs................................................................................................507

Log Viewer........................................................................................................................................................507 View List of System Events.................................................................................................................509 View List of Web Filter Events........................................................................................................... 509 View List of Application Filter Events................................................................................................ 510 View List of Malware Events.............................................................................................................. 511 View List of Email Events................................................................................................................... 511 View List of Firewall Events............................................................................................................... 512 View List of IPS Events.......................................................................................................................513 View List of Authentication Events..................................................................................................... 514 View List of Admin Events..................................................................................................................515 View List of Web Server Protection (WAF) Events............................................................................ 516 View List of Advanced Threat Protection Events................................................................................517 View List of Security Heartbeat Events...............................................................................................517

Log ID Structure...............................................................................................................................................518 Log Type............................................................................................................................................... 519 Log Component.................................................................................................................................... 519 Log Subtype and Module Icons........................................................................................................... 521

Common Fields for all Logs............................................................................................................................ 523 System Logs......................................................................................................................................................524 Web Filter Logs................................................................................................................................................ 532

Module-specific Fields..........................................................................................................................532 Application Filter Logs.....................................................................................................................................535

Module-specific Fields..........................................................................................................................535 Malware Logs................................................................................................................................................... 536

Module-specific Fields..........................................................................................................................536 Email Logs........................................................................................................................................................ 537

Module-specific Fields..........................................................................................................................539 Firewall Logs.................................................................................................................................................... 540

Module-specific Fields..........................................................................................................................542 IPS Logs............................................................................................................................................................544

Module-specific Fields..........................................................................................................................544 Authentication Logs..........................................................................................................................................546

Module-specific Fields..........................................................................................................................547 Admin Logs...................................................................................................................................................... 548

Module-specific Fields..........................................................................................................................548 Sandstorm Logs................................................................................................................................................ 548

Web Server Protection (WAF) Logs................................................................................................................ 549 Advanced Threat Protection (ATP) Logs.........................................................................................................549 Security Heartbeat Logs................................................................................................................................... 549 Web Content Policy Logs.................................................................................................................................550 Policy Test.........................................................................................................................................................550

Appendix B - IPS - Custom Pattern Syntax...................................................... 551

Appendix C - Default File Type Categories....................................................... 558

Appendix E - Compatibility with SFMOS 15.01.0............................................ 562

Appendix F - Additional Documents.................................................................. 562

Copyright Notice................................................................................................... 562

Sophos XG Firewall | Introduction | 7

Introduction

Sophos XG Firewall provides unprecedented visibility into your network, users, and applications directly from the allnew control center. You also get rich on-box reporting and the option to add Sophos iView for centralized reporting across multiple firewalls. Click here to view list of all features supported by Sophos XG Firewall.

Flavors

This section provides information about different flavors available for Sophos XG Firewall. Sophos XG Firewall is available in following flavors: ? Physical Devices ? Virtual Devices ? Software Physical Devices Sophos provides a range of physical devices to cater the needs of all size of businesses i.e. small business to home users to enterprises. Virtual Devices Virtual Network Security devices can be deployed as Next-Generation Firewalls or UTMs and offer industry-leading network security to virtual data-centers, "Security-in-a-Box" set-up for MSSPs/organizations, and "Office-in-a-Box" set-up. By offering comprehensive security features available in its hardware security devices, in virtualized form, these virtual devices offer Layer 8 Identity-based security on a single virtual device, which is as strong as security for the physical networks. Sophos offers a complete virtual security solution to organizations with its virtual network security devices (NextGeneration Firewalls/UTMs), virtual Sophos Firewall Manager (SFM) for centralized management, and Sophos iView software for centralized logging and reporting.

Administrative Interfaces

Device can be accessed and administered through: ? Admin Console: Admin Console is a web-based application that an Administrator can use to configure, monitor,

and manage the Device. ? Command Line Interface: Command Line Interface (CLI) console provides a collection of tools to administer,

monitor, and control certain component(s) of the device. ? Sophos Firewall Manager (SFM): Distributed Sophos devices can be centrally managed using a single Sophos

Firewall Manager (SFM) Device.

Administrative Access

This section provides information on how to access Device. An administrator can connect and access the device through HTTPS, telnet, or SSH services. Depending on the Administrator login account profile used for access, an administrator can access number of Administrative Interfaces and Admin Console configuration pages. The device is shipped with one administrator account and four administrator profiles.

Sophos XG Firewall | Using Admin Console | 8

Administrator Type Login Credentials Super Administrator admin/admin

Console Access Admin console CLI console

Privileges

Full privileges for both the consoles. It provides read-write permission for all the configuration performed through either of the consoles.

Note: We recommend that you change the password of the user immediately on deployment.

Admin Console

Admin Console is a web-based application that an Administrator can use to configure, monitor, and manage the Device. You can connect to and access Admin Console of the device using HTTPS connection from any management computer using web browser: 1. HTTPS login: https://

For more details, refer to section Admin Console.

Command Line Interface (CLI) Console

CLI console provides a collection of tools to administer, monitor, and control certain component(s) of the device. The device can be accessed remotely using the following connections: 1. Remote login Utility ? TELNET login 2. SSH Client (Serial Console)

Use CLI console for troubleshooting and diagnosing network problems in details.

Sophos Firewall Manager SFM

Distributed Sophos devices can be centrally managed using a single Sophos Firewall Manager (SFM) Device, enabling high levels of security for MSSPs and large enterprises. To monitor and manage devices through SFM device you must: 1. ConfigureSFM in Sophos device. 2. Integrate Sophos device with SFM.

Once you have added the Devices and organized them into groups, you can configure single device or groups of devices.

Using Admin Console

Sophos Firewall OS uses a Web 2.0 based easy-to-use graphical interface termed as Admin Console to configure and manage the device.

You can access the device for HTTPS web browser-based administration from any of the interfaces. Device when connected and powered up for the first time, it will have a following default Admin Console Access configuration for HTTPS service.

Services HTTPS

Interface/Zones WAN

Default Port TCP Port 4444

The administrator can update the default ports for HTTPS service from System > Administration > Admin Settings

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.