Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- sophos [2025/11/12 22:16]
admin angelegt
+++ sophos [2025/11/19 11:44] (aktuell)
jango [Installation]
@@ Zeile 1: / Zeile 1: @@
+Sophos ist eine [[firewall|Firewall]] die als eigenes Betriebssystem installiert wird. Es gibt eine kostenlose Community Edition. Das Webadmin Interface ist unter Port 4444 erreichbar.
+Zuerst das Netzwerk über die CLI konfigurieren. Danach das Webinterface aufrufen und das Setup starten.
+[[https://support.sophos.com/support/s/article/KBA-000002405?language=en_US|Reset]]
+Sophos Central ist ein zentrales Managment Tool in der Cloud (für UTM9?).
+<code>
+show system
+show interfaces
+show firewall
+set interface <interface_name> ip <new_ip_address> mask <subnet_mask>
+set interface <interface_name> gateway <gateway_ip_address>
+add firewall rule <Rule> src <Source> dst <Destination> service <Service> action <Action>
+delete firewall rule <Rule>
+save config
+</code>
+<code>
+<m> FW/root # sh /usr/local/bin/openvpn_connections.sh // show remote access vpn connections
+<m> FW/root # cc get http
+<m> FW/root # ipsec status
+<m> FW/root # cc get_ipsec_status // see phase 1 and 2
+<m> FW/root # iptables -L AUTO_FORWARD
+<m> FW/root # iptables -L USR_FORWARD
+</code>
+cc
+<code>
+// ssh into box.
+// get root
+<M> loginuser@fw-akm:/home/login > sudo -i
+// get objects
+<M> fw-akm:/root # cc get ipsec connections
+<M> fw-akm:/root # cc get_objects network
+<M> fw-akm:/root # cc get_object "REF_xxxxxx"
+<M> fw-akm:/root # cc get packetfilter rules
+<M> fw-akm:/root # cc get packetfilter rules_auto
+</code>
+=====API=====
+Die API (Web Interface) ist unter https://sophos:4444/api erreichbar. [[https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.ashx|Documentation]]
+Parameter werden mit "Referenzen" verknüpft. Einträge die mit "REF_" beginnen sind Referenzen. Referenzen kann man leider nicht via REST API suchen, dazu muss man in der Shell das Tool cc verwenden.
+====AAA====
+<code>
+# AAA
+/api/objects/aaa/user // Definitions & Users -> Users
+/api/objects/aaa/group // Definitions & Users -> Groups
+</code>
+====Authentication====
+<code>
+# Authentication
+/api/objects/authentication/adirectory // Definitions & Users -> Authentication Services -> Servers
+/api/objects/authentication/edirectory // Definitions & Users -> Authentication Services -> Servers
+/api/objects/authentication/group
+/api/objects/authentication/otp_token // Definitions & Users -> Authentication Services -> One-Time Passwords
+/api/objects/authentication/ldap // Definitions & Users -> Authentication Services -> Servers
+/api/objects/authentication/radius // Definitions & Users -> Authentication Services -> Servers
+/api/objects/authentication/tacacs // Definitions & Users -> Authentication Services -> Servers
+</code>
+====CA====
+<code>
+# Certificate authority
+/api/objects/ca/crl
+/api/objects/ca/csr
+/api/objects/ca/group
+/api/objects/ca/host_cert
+/api/objects/ca/host_key_cert
+/api/objects/ca/http_verification_ca
+/api/objects/ca/meta_crl
+/api/objects/ca/meta_x509
+/api/objects/ca/rsa
+/api/objects/ca/signing_ca
+/api/objects/ca/verification_ca
+</code>
+====Clientless VPN====
+<code>
+# Clientless VPN
+/api/objects/clientless_vpn/connection
+/api/objects/clientless_vpn/group
+</code>
+====Conditions====
+<code>
+# Conditions
+/api/objects/condition/group
+/api/objects/condition/objref
+</code>
+====DHCP====
+<code>
+# DHCP
+/api/objects/dhcp/group
+/api/objects/dhcp/option
+/api/objects/dhcp/option6
+/api/objects/dhcp/server
+/api/objects/dhcp/server6
+/api/objects/dhcp/stateless
+</code>
+====DNS====
+<code>
+# DNS
+/api/objects/dns/axfr
+/api/objects/dns/group
+/api/objects/dns/route
+</code>
+====Endpoint protection====
+<code>
+# Endpoint protection
+/api/objects/epp/av_exception
+/api/objects/epp/av_policy
+/api/objects/epp/dc_exception
+/api/objects/epp/dc_policy
+/api/objects/epp/device
+/api/objects/epp/endpoint
+/api/objects/epp/endpoints_group
+/api/objects/epp/group
+</code>
+====HTTP====
+====Interfaces====
+<code>
+# Interfaces
+/api/objects/interface/bridge
+/api/objects/interface/ethernet
+/api/objects/interface/group
+/api/objects/interface/ppp3g
+/api/objects/interface/pppmodem
+/api/objects/interface/pppoa
+/api/objects/interface/pppoe
+/api/objects/interface/tunnel
+/api/objects/interface/vlan
+</code>
+====Intrusion prevention====
+<code>
+# Intrusion prevention
+/api/objects/ips/exception
+/api/objects/ips/group
+/api/objects/ips/rule
+/api/objects/ips/rule_modifier
+</code>
+====IPSec====
+<code>
+# IPSec
+/api/objects/ipsec/group
+/api/objects/ipsec/policy
+/api/objects/ipsec/remote_gateway
+</code>
+====IPSec connection====
+<code>
+# IPSec connection
+/api/objects/ipsec_connection/amazon_vpc
+/api/objects/ipsec_connection/group
+/api/objects/ipsec_connection/l2tp
+/api/objects/ipsec_connection/roadwarrior_ca
+/api/objects/ipsec_connection/roadwarrior_cisco
+/api/objects/ipsec_connection/roadwarrior_psk
+/api/objects/ipsec_connection/roadwarrior_x509
+/api/objects/ipsec_connection/site2site
+</code>
+====IPSec Auth====
+<code>
+# IPSec Auth
+/api/objects/ipsec_remote_auth/ca
+/api/objects/ipsec_remote_auth/group
+/api/objects/ipsec_remote_auth/psk
+/api/objects/ipsec_remote_auth/rsa
+/api/objects/ipsec_remote_auth/x509
+</code>
+====Interface Hardware====
+<code>
+# Interface Hardware
+/api/objects/itfhw/awe_network
+/api/objects/itfhw/awe_network_group
+/api/objects/itfhw/bridge
+/api/objects/itfhw/ethernet
+/api/objects/itfhw/group
+/api/objects/itfhw/lag
+/api/objects/itfhw/red_client
+/api/objects/itfhw/red_server
+/api/objects/itfhw/serial
+/api/objects/itfhw/usbserial
+/api/objects/itfhw/virtual
+</code>
+====Interface Params====
+<code>
+/api/objects/itfparams/bridge_port
+/api/objects/itfparams/group
+/api/objects/itfparams/link_aggregation_group
+/api/objects/itfparams/primary
+/api/objects/itfparams/secondary
+</code>
+====MAC list====
+<code>
+#
+/objects/mac_list/group
+/objects/mac_list/mac_list
+</code>
+====Network====
+<code>
+# Network
+/api/objects/network/aaa (???)
+/api/objects/network/any
+/api/objects/network/availability_group
+/api/objects/network/dns_group
+/api/objects/network/dns_host
+/api/objects/network/group
+/api/objects/network/host
+/api/objects/network/interface_address
+/api/objects/network/interface_broadcast
+/api/objects/network/interface_network
+/api/objects/network/multicast
+/api/objects/network/network // Definitions & Users -> Network Definitions
+/api/objects/network/range
+</code>
+====Notification====
+<code>
+# Notification
+/api/objects/notification/group
+/api/objects/notification/notification
+</code>
+====OSPF====
+<code>
+# OSPF
+/api/objects/ospf/area
+/api/objects/ospf/group
+/api/objects/ospf/interface
+/api/objects/ospf/message_digest_key
+</code>
+====Packetfilter====
+<code>
+# Packetfilter
+/api/objects/packetfilter/1to1nat
+/api/objects/packetfilter/generic_proxy
+/api/objects/packetfilter/group
+/api/objects/packetfilter/loadbalance
+/api/objects/packetfilter/mangle
+/api/objects/packetfilter/masq
+/api/objects/packetfilter/nat
+/api/objects/packetfilter/packetfilter
+/api/objects/packetfilter/ruleset
+</code>
+====QoS====
+<code>
+# QoS
+/api/objects/qos/application_selector
+/api/objects/qos/group
+/api/objects/qos/ingress_rule
+/api/objects/qos/interface
+/api/objects/qos/rule
+/api/objects/qos/traffic_selector
+/api/objects/qos/traffic_selector_group
+</code>
+====Remote Syslog====
+<code>
+# Remote Syslog
+/api/objects/remote_syslog/group
+/api/objects/remote_syslog/server
+</code>
+====Reverse proxy (virtual webserver====
+<code>
+/api/objects/reverse_proxy/auth_profile
+/api/objects/reverse_proxy/backend // Webserver Protection -> WAF -> Real Webservers
+/api/objects/reverse_proxy/blockpage
+/api/objects/reverse_proxy/exception
+/api/objects/reverse_proxy/filter
+/api/objects/reverse_proxy/form_template
+/api/objects/reverse_proxy/frontend // Webserver Protection -> WAF -> Virtual Webservers
+/api/objects/reverse_proxy/group
+/api/objects/reverse_proxy/location // Webserver Protection -> WAF -> Site Path Routing
+/api/objects/reverse_proxy/profile
+/api/objects/reverse_proxy/redirection
+/api/objects/reverse_proxy/threats_filter
+</code>
+====Rights====
+<code>
+# Rights
+/api/objects/right/group
+/api/objects/right/right
+</code>
+====Role====
+<code>
+# Role
+/api/objects/role/group
+/api/objects/role/role
+</code>
+====Route====
+<code>
+# Route
+/api/objects/route/group
+/api/objects/route/policy
+/api/objects/route/static
+</code>
+====Scheduler====
+<code>
+# Scheduler
+/api/objects/scheduler/group
+/api/objects/scheduler/loadbalance
+/api/objects/scheduler/rule
+</code>
+====Services====
+<code>
+# Services (Firewall)
+/api/objects/service/ah
+/api/objects/service/any
+/api/objects/service/esp
+/api/objects/service/group
+/api/objects/service/icmp
+/api/objects/service/icmpv6
+/api/objects/service/ip
+/api/objects/service/tcp
+/api/objects/service/tcpudp
+/api/objects/service/udp
+</code>
+====SMTP====
+<code>
+# SMTP
+/api/objects/smtp/exception
+/api/objects/smtp/group
+/api/objects/smtp/header_operation
+/api/objects/smtp/profile
+</code>
+====SNMP====
+<code>
+# SNMP
+/api/objects/snmp/group
+/api/objects/snmp/trap
+</code>
+====SPX====
+<code>
+# SPX
+/api/objects/spx/group
+/api/objects/spx/template
+</code>
+====SSL VPN====
+<code>
+# SSL VPN
+/api/objects/ssl_vpn/client_connection
+/api/objects/ssl_vpn/group
+/api/objects/ssl_vpn/remote_access_profile
+/api/objects/ssl_vpn/server_connection
+</code>
+<box green>Man kann überall ein /REF anhängen um eine bestimmte Referenz anzuzeigen und /REF/usedby um anzuzeigen wo ein Objekt referenziert wird.</box>
+====cURL====
+Script
+<code>
+path="$1"
+curl -k -L "https://172.31.2.2:4444/api/$path" \
+-H "Authorization: Basic XXXXX"
+</code>
+Call
+<code>
+sh script.sh objects/network/network | jq -r '.[] | "\(.name) - \(.address)/\(.netmask)"'
+sh sophos.sh objects/network/network | jq -r '.[] | select(.name | contains("Server")) | .name'
+</code>
+=====Wireless LAN (Access Points)=====
+Access Point [[https://utm-shop.de/information/technische-informationen/sophos-wireless-access-points-led-anzeige-hinweise|LED Anzeige Codes]]. Jeder AP kann unterschiedliche SSIDs broadcasten.
+  * [[https://www.youtube.com/watch?v=E6J2_cIjfb4|WIFI Fundamentals]]
+  * [[https://www.youtube.com/watch?v=1RglRfRFQhs|Deploy Wireless LAN on Sophos XG]]
+Access Point registrieren:
+AP anstecken, S/N (Serial Number) auf der Rückseite des AP eingeben. Manage -> Aktivieren
+  * [[https://www.youtube.com/watch?v=sKqa5lAYlbY|Register Access Point]]
+=====Installation=====
+Das initiale Login in der Console ist "admin:admin" oder "admin:password". Die Erstkonfiguration läuft bereits über das Web Interface. Die URL wird in der Console nach dem Boot angezeigt.
+  * Port1 = LAN
+  * Port2 = WAN
+=====Links=====
+  * [[https://www.youtube.com/watch?v=YGR9_kmPlig|Installation]]
+  * [[https://www.youtube.com/playlist?list=PLunT6XYZ_aISVfqgOGMdEprfnGV8gj7rT|Sophos UTM 9 Playlist]]
+  * [[https://www.mpca.solutions/wp/knowledgebase/topic/useful-shell-commands/|Useful shell commands]]

MBCDN

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Unterschiede

Seiten-Werkzeuge