SolvedPrivate

Sophos UTM Beginner's Help

Posted on 2014-12-05
2
76 Views
Last Modified: 2016-02-25
A client just bought a Sophos SG-125 UTM appliance.  I'm trying to set up access to some web and mail servers on the LAN through the web interface.  The configuration seems simple enough except that it isn't working.  I'm coming from a SonicWALL background and I'm not sure if NAT policies need to be configured the same way as in a SonicWALL.

What I'm looking for is a basic beginners guide for configuring the Sophos and I'm having a difficult time finding one.  I just want a step-by-step approach to setting up my first port forward rule that works and then I should be able to figure out the rest from there.  I think I'm just overlooking a simple step somewhere in the process.

Is there a built-in rule wizard?  Is there a packet monitor similar to SonicWALL's? I'd like to know if the packets are hitting the firewall and what is possibly them to drop.
0
Comment
Question by:jekautz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40484513
Some reference to help in port forwarding (or NAT).
Do leverage on the kb to aid troubleshooting too. Their tech support
http://www.sophos.com/en-us/support/contact-support.aspx
For feature request consideration - http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/396298-logging-live-log-for-packet-filter-with-rule-filt

Below are two common use case:

For servers or systems behind the ASG to be accessible to internet connections
http://www.sophos.com/en-us/support/knowledgebase/115145.aspx
OR another blog https://drashna.net/blog/2014/03/port-forwarding-with-sophos/ stating on  having “Automatic Firewall rule” checked. This will create a rule for the firewall, so that the traffic is allowed

UTM: Accessing Internal or DMZ servers from Internal Networks using DNAT (this alters the destination)
http://www.sophos.com/en-us/support/knowledgebase/115191.aspx

Not seen a wizard per se but you can catch the admin guide (though old) and refer to the section 18 Support. The 3 Dashboard also stated it display total of dropped and rejected data packets for which logging is enabled, it has a flow monitor displays the traffic of the last ten minutes and refreshes automatically at short intervals. However, these may not be as effective for drilling in troubleshooting. There is another "Live Log: Firewal" which can help in filtering searching e.g. via IP else it is tcpdump and tail as commonly use or pipe it to external syslog server..The log can be found in Logging & Reporting | View Log Files
http://www.sophos.com/en-us/medialibrary/PDFs/documentation/utm9_manual_eng.pdf

in fact there is shell console access but it is not recommended as whole - it stated "Direct configuration of Astaro from the shell is unsupported, unless directed to by Astaro Support staff or official documentation. For paid licenses, modifications done from the shell without direction or sanction may nullify your support agreement."
https://www.astaro.org/gateway-products/general-discussion/39237-astaro-useful-shell-commands.html

There is useful command such as atop to aid troubleshooting
https://www.sophos.com/en-us/support/knowledgebase/120835.aspx
0
 
LVL 4

Author Closing Comment

by:jekautz
ID: 40494686
Btan,

The article you posted, http://www.sophos.com/en-us/support/knowledgebase/115145.aspx, helped me with my question.  The rest of the links provided good bonus material.  Thank you.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question