Sophos XG Firewall Web Reference and Admin Guide

1 Sophos XG Firewall v Release Notes Sophos XG Firewall Web Interface Reference and Admin Guide v17 For Sophos Customers Document Date: October 2017 Sophos XG Firewall | Contents | Admin Navigation 11 Monitor and Connections Live Connection 23 IPsec Category Traffic 56 Network Address and Host Host 68 Country 69 Service XG Firewall | Contents | Revocation 90 Backup & & 95 Pattern Link Router (ARP-NDP)..155 Dynamic User VPN (Remote Access)..219 SSL VPN (Site to Site)..221 CISCO VPN (Remote Access)..227 Clientless (Remote Access)..233 IPsec 235 Sophos XG Firewall | Contents | ivSSL 269 Multicast (PIM-SIM).. Shaping / Network Application IPS & Spoof 401 Application Shaping Client Point Point Voucher AP 433 Sophos XG Firewall | Contents | vMTA 461 Web 490 Authentication 497 SlowHTTP Threat A - List of System List of Web Filter 505 View List of Application Filter List of Malware 507 View List of Email List of Firewall List of IPS List of Authentication List of Admin List of Web Server Protection (WAF) List of Advanced Threat Protection List of Security Heartbeat ID 515 Log Subtype and Module Fields for all Filter Filter 542 Module-specific Logs.

2 543 Web Server Protection (WAF) 543 Advanced Threat Protection (ATP) Heartbeat B - IPS - Custom Pattern C - Default File Type E - Compatibility with SFMOS F - Additional XG Firewall | Introduction | 7 IntroductionSophos XG Firewall provides unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized reportingacross multiple here to view list of all features supported by Sophos XG section provides information about different flavors available for Sophos XG is available in following flavors: Physical Devices Virtual Devices SoftwarePhysical DevicesSophos provides a range of physical devices to cater the needs of all size of businesses small business to homeusers to DevicesVirtual Network Security devices can be deployed as Next-Generation Firewalls or UTMs and offer industry-leadingnetwork security to virtual data-centers, Security-in-a-Box set-up for MSSPs/organizations, and Office-in-a-Box set-up.

3 By offering comprehensive security features available in its hardware security devices, in virtualized form,these virtual devices offer Layer 8 Identity-based security on a single virtual device, which is as strong as security forthe physical offers a complete virtual security solution to organizations with its virtual network security devices (Next-Generation Firewalls/UTMs), virtual Sophos Firewall Manager (SFM) for centralized management, and SophosiView software for centralized logging and InterfacesDevice can be accessed and administered through: Admin Console: Admin Console is a web-based application that an Administrator can use to configure, monitor,and manage the Device. Command Line Interface: Command Line Interface (CLI) console provides a collection of tools to administer,monitor, and control certain component(s) of the device.

4 Sophos Firewall Manager (SFM): Distributed Sophos devices can be centrally managed using a single SophosFirewall Manager (SFM) AccessThis section provides information on how to access administrator can connect and access the device through HTTPS, telnet, or SSH services. Depending on theAdministrator login account profile used for access, an administrator can access number of Administrative Interfacesand Admin Console configuration device is shipped with one administrator account and four administrator XG Firewall | Using Admin Console | 8 Administrator TypeLogin CredentialsConsole AccessPrivilegesSuper Administratoradmin/adminAdmin consoleCLI consoleFull privileges for both the consoles. Itprovides read-write permission for all theconfiguration performed through either of : We recommend that you change the password of the user immediately on ConsoleAdmin Console is a web-based application that an Administrator can use to configure, monitor, and manage can connect to and access Admin Console of the device using HTTPS connection from any managementcomputer using web login: https://<LAN IP Address of the device>For more details, refer to section Admin Line Interface (CLI) ConsoleCLI console provides a collection of tools to administer, monitor, and control certain component(s) of the device.

5 Thedevice can be accessed remotely using the following login Utility TELNET Client (Serial Console)Use CLI console for troubleshooting and diagnosing network problems in Firewall Manager (SFM)Distributed Sophos devices can be centrally managed using a single Sophos Firewall Manager (SFM) Device,enabling high levels of security for MSSPs and large enterprises. To monitor and manage devices through SFMdevice you SFM in Sophos Sophos device with you have added the Devices and organized them into groups, you can configure single device or groups Admin ConsoleSophos Firewall OS uses a Web based easy-to-use graphical interface termed as Admin Console to configure andmanage the can access the device for HTTPS web browser-based administration from any of the interfaces.

6 Device whenconnected and powered up for the first time, it will have a following default Admin Console Access configuration forHTTPS PortHTTPSWANTCP Port 4444 The administrator can update the default ports for HTTPS service from System > Administration > Admin SettingsSophos XG Firewall | Using Admin Console | 9 Admin Console LanguageThe Admin Console supports multiple languages, but by default appears in English. Apart from English, Chinese-Simplified, Chinese-Traditional, Hindi, French, German, Italian, Korean and Brazilian Portuguese languages are alsosupported. Administrator can choose the preferred language at the time of elements of Admin Console are displayed in the configured language: Control Center contents Navigation menu Screen elements including field & button labels and tips Error messagesAdministrator can also specify description for various policies, services, and various custom categories in any of thesupported the configurations done from the Admin Console take effect immediately.

7 To assist you in configuring the device,the device includes detailed context-sensitive online on procedureThe log on procedure authenticates the user and creates a session with the Device until the user get the login window, open the browser and type LAN IP Address of the device in browser s URL box. A dialogbox appears prompting you to enter username and are the screen elements with their description:UsernameEnter user login you are logging on for the first time after installation, use the default user account are the placeholders in the password you are logging on for the first time after installation with the default username, use the the language. The available options are: Chinese-Simplified Chinese-Traditional English French Hindi German Italian Korean Brazilian PortugueseDefault EnglishLog on toTo administer device, select Admin login into your account, select User buttonClick to log on the Admin XG Firewall | Using Admin Console | 10 Control Center appears as soon as you log on to the Admin Console.

8 Control Center provides a quick and fastoverview of all the important parameters of your out procedureTo avoid un-authorized users from accessing Sophos , log off after you have finished working. This will end thesession and exit from log out of the device, navigate to Admin at the top right of any of the Admin Console pages and click BrowsersYou can connect to Admin Console of the device using a secure HTTPS connection from any management computerusing one of the following web browsers:Latest version of Firefox (recommended), latest version of Chrome, latest version of Safari, or Microsoft InternetExplorer 10 onwards with JavaScript minimum screen resolution for the management computer is 1280 X bar on the leftmost side provides access to various configuration pages.

9 Menu consists of sub-menus andtabs. On clicking menu item in the navigation bar, related management functions are displayed as tabs. To view pageassociated with the tab, click the required navigation menu includes following modules: Monitor & Analyze Protect ConfigureSophos XG Firewall | Monitor and Analyze | 11 SystemNote: Use F1 key for page specific section in this Guide shows the menu path to the configuration page. For example, to reach the High Availabilitypage, choose System Services menu from Configure section in the navigation bar, and then choose High Availabilitytab. Online help mentions this path as:Configure > System Services > High AvailabilityPagesA Leaf page is a page from where all the configurations can be done. The Admin tab on the upper rightmost corner ofevery page provides access to several commonly used functions : Opens the customer login page for creating a Technical Support Ticket.

10 It is fast, easy and puts yourcase right into the Technical Support Product: Opens the device registration information : Opens the Network Configuration : Opens the Command Line Interface (CLI) Device: Reboots the Device: Shut downs the : Locks the Admin Console. Admin Console is automatically locked if the device is in inactive state for morethan 3 minutes. To unlock the Admin Console you need to relogin. By default, Lock functionality is Admin Session Lock from System > Administration > : Logs out from the Admin Help hyperlink on the upper rightmost corner of every page opens the content-sensitive help How-To Guides to browse through our extensive library of how-to videos for XG Navigation ControlsThe Admin Console pages display information in the form of lists and many lists are spread across the multiple Navigation Controls at the bottom of the list provides navigation buttons for moving through list pages withlarge number of entries.