SolvedPrivate

Sophos UTM Beginner's Help

Posted on 2014-12-05
2
66 Views
Last Modified: 2016-02-25
A client just bought a Sophos SG-125 UTM appliance.  I'm trying to set up access to some web and mail servers on the LAN through the web interface.  The configuration seems simple enough except that it isn't working.  I'm coming from a SonicWALL background and I'm not sure if NAT policies need to be configured the same way as in a SonicWALL.

What I'm looking for is a basic beginners guide for configuring the Sophos and I'm having a difficult time finding one.  I just want a step-by-step approach to setting up my first port forward rule that works and then I should be able to figure out the rest from there.  I think I'm just overlooking a simple step somewhere in the process.

Is there a built-in rule wizard?  Is there a packet monitor similar to SonicWALL's? I'd like to know if the packets are hitting the firewall and what is possibly them to drop.
0
Comment
Question by:jekautz
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 40484513
Some reference to help in port forwarding (or NAT).
Do leverage on the kb to aid troubleshooting too. Their tech support
http://www.sophos.com/en-us/support/contact-support.aspx
For feature request consideration - http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/396298-logging-live-log-for-packet-filter-with-rule-filt

Below are two common use case:

For servers or systems behind the ASG to be accessible to internet connections
http://www.sophos.com/en-us/support/knowledgebase/115145.aspx
OR another blog https://drashna.net/blog/2014/03/port-forwarding-with-sophos/ stating on  having “Automatic Firewall rule” checked. This will create a rule for the firewall, so that the traffic is allowed

UTM: Accessing Internal or DMZ servers from Internal Networks using DNAT (this alters the destination)
http://www.sophos.com/en-us/support/knowledgebase/115191.aspx

Not seen a wizard per se but you can catch the admin guide (though old) and refer to the section 18 Support. The 3 Dashboard also stated it display total of dropped and rejected data packets for which logging is enabled, it has a flow monitor displays the traffic of the last ten minutes and refreshes automatically at short intervals. However, these may not be as effective for drilling in troubleshooting. There is another "Live Log: Firewal" which can help in filtering searching e.g. via IP else it is tcpdump and tail as commonly use or pipe it to external syslog server..The log can be found in Logging & Reporting | View Log Files
http://www.sophos.com/en-us/medialibrary/PDFs/documentation/utm9_manual_eng.pdf

in fact there is shell console access but it is not recommended as whole - it stated "Direct configuration of Astaro from the shell is unsupported, unless directed to by Astaro Support staff or official documentation. For paid licenses, modifications done from the shell without direction or sanction may nullify your support agreement."
https://www.astaro.org/gateway-products/general-discussion/39237-astaro-useful-shell-commands.html

There is useful command such as atop to aid troubleshooting
https://www.sophos.com/en-us/support/knowledgebase/120835.aspx
0
 
LVL 4

Author Closing Comment

by:jekautz
ID: 40494686
Btan,

The article you posted, http://www.sophos.com/en-us/support/knowledgebase/115145.aspx, helped me with my question.  The rest of the links provided good bonus material.  Thank you.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now