Sophos ist eine [[firewall|Firewall]] die als eigenes Betriebssystem installiert wird. Es gibt eine kostenlose Community Edition. Das Webadmin Interface ist unter Port 4444 erreichbar.
Zuerst das Netzwerk über die CLI konfigurieren. Danach das Webinterface aufrufen und das Setup starten.
[[https://support.sophos.com/support/s/article/KBA-000002405?language=en_US|Reset]]
Sophos Central ist ein zentrales Managment Tool in der Cloud (für UTM9?).
show system
show interfaces
show firewall
set interface ip mask
set interface gateway
add firewall rule src dst service action
delete firewall rule
save config
FW/root # sh /usr/local/bin/openvpn_connections.sh // show remote access vpn connections
FW/root # cc get http
FW/root # ipsec status
FW/root # cc get_ipsec_status // see phase 1 and 2
FW/root # iptables -L AUTO_FORWARD
FW/root # iptables -L USR_FORWARD
cc
// ssh into box.
// get root
loginuser@fw-akm:/home/login > sudo -i
// get objects
fw-akm:/root # cc get ipsec connections
fw-akm:/root # cc get_objects network
fw-akm:/root # cc get_object "REF_xxxxxx"
fw-akm:/root # cc get packetfilter rules
fw-akm:/root # cc get packetfilter rules_auto
=====API=====
Die API (Web Interface) ist unter https://sophos:4444/api erreichbar. [[https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.ashx|Documentation]]
Parameter werden mit "Referenzen" verknüpft. Einträge die mit "REF_" beginnen sind Referenzen. Referenzen kann man leider nicht via REST API suchen, dazu muss man in der Shell das Tool cc verwenden.
====AAA====
# AAA
/api/objects/aaa/user // Definitions & Users -> Users
/api/objects/aaa/group // Definitions & Users -> Groups
====Authentication====
# Authentication
/api/objects/authentication/adirectory // Definitions & Users -> Authentication Services -> Servers
/api/objects/authentication/edirectory // Definitions & Users -> Authentication Services -> Servers
/api/objects/authentication/group
/api/objects/authentication/otp_token // Definitions & Users -> Authentication Services -> One-Time Passwords
/api/objects/authentication/ldap // Definitions & Users -> Authentication Services -> Servers
/api/objects/authentication/radius // Definitions & Users -> Authentication Services -> Servers
/api/objects/authentication/tacacs // Definitions & Users -> Authentication Services -> Servers
====CA====
# Certificate authority
/api/objects/ca/crl
/api/objects/ca/csr
/api/objects/ca/group
/api/objects/ca/host_cert
/api/objects/ca/host_key_cert
/api/objects/ca/http_verification_ca
/api/objects/ca/meta_crl
/api/objects/ca/meta_x509
/api/objects/ca/rsa
/api/objects/ca/signing_ca
/api/objects/ca/verification_ca
====Clientless VPN====
# Clientless VPN
/api/objects/clientless_vpn/connection
/api/objects/clientless_vpn/group
====Conditions====
# Conditions
/api/objects/condition/group
/api/objects/condition/objref
====DHCP====
# DHCP
/api/objects/dhcp/group
/api/objects/dhcp/option
/api/objects/dhcp/option6
/api/objects/dhcp/server
/api/objects/dhcp/server6
/api/objects/dhcp/stateless
====DNS====
# DNS
/api/objects/dns/axfr
/api/objects/dns/group
/api/objects/dns/route
====Endpoint protection====
# Endpoint protection
/api/objects/epp/av_exception
/api/objects/epp/av_policy
/api/objects/epp/dc_exception
/api/objects/epp/dc_policy
/api/objects/epp/device
/api/objects/epp/endpoint
/api/objects/epp/endpoints_group
/api/objects/epp/group
====HTTP====
====Interfaces====
# Interfaces
/api/objects/interface/bridge
/api/objects/interface/ethernet
/api/objects/interface/group
/api/objects/interface/ppp3g
/api/objects/interface/pppmodem
/api/objects/interface/pppoa
/api/objects/interface/pppoe
/api/objects/interface/tunnel
/api/objects/interface/vlan
====Intrusion prevention====
# Intrusion prevention
/api/objects/ips/exception
/api/objects/ips/group
/api/objects/ips/rule
/api/objects/ips/rule_modifier
====IPSec====
# IPSec
/api/objects/ipsec/group
/api/objects/ipsec/policy
/api/objects/ipsec/remote_gateway
====IPSec connection====
# IPSec connection
/api/objects/ipsec_connection/amazon_vpc
/api/objects/ipsec_connection/group
/api/objects/ipsec_connection/l2tp
/api/objects/ipsec_connection/roadwarrior_ca
/api/objects/ipsec_connection/roadwarrior_cisco
/api/objects/ipsec_connection/roadwarrior_psk
/api/objects/ipsec_connection/roadwarrior_x509
/api/objects/ipsec_connection/site2site
====IPSec Auth====
# IPSec Auth
/api/objects/ipsec_remote_auth/ca
/api/objects/ipsec_remote_auth/group
/api/objects/ipsec_remote_auth/psk
/api/objects/ipsec_remote_auth/rsa
/api/objects/ipsec_remote_auth/x509
====Interface Hardware====
# Interface Hardware
/api/objects/itfhw/awe_network
/api/objects/itfhw/awe_network_group
/api/objects/itfhw/bridge
/api/objects/itfhw/ethernet
/api/objects/itfhw/group
/api/objects/itfhw/lag
/api/objects/itfhw/red_client
/api/objects/itfhw/red_server
/api/objects/itfhw/serial
/api/objects/itfhw/usbserial
/api/objects/itfhw/virtual
====Interface Params====
/api/objects/itfparams/bridge_port
/api/objects/itfparams/group
/api/objects/itfparams/link_aggregation_group
/api/objects/itfparams/primary
/api/objects/itfparams/secondary
====MAC list====
#
/objects/mac_list/group
/objects/mac_list/mac_list
====Network====
# Network
/api/objects/network/aaa (???)
/api/objects/network/any
/api/objects/network/availability_group
/api/objects/network/dns_group
/api/objects/network/dns_host
/api/objects/network/group
/api/objects/network/host
/api/objects/network/interface_address
/api/objects/network/interface_broadcast
/api/objects/network/interface_network
/api/objects/network/multicast
/api/objects/network/network // Definitions & Users -> Network Definitions
/api/objects/network/range
====Notification====
# Notification
/api/objects/notification/group
/api/objects/notification/notification
====OSPF====
# OSPF
/api/objects/ospf/area
/api/objects/ospf/group
/api/objects/ospf/interface
/api/objects/ospf/message_digest_key
====Packetfilter====
# Packetfilter
/api/objects/packetfilter/1to1nat
/api/objects/packetfilter/generic_proxy
/api/objects/packetfilter/group
/api/objects/packetfilter/loadbalance
/api/objects/packetfilter/mangle
/api/objects/packetfilter/masq
/api/objects/packetfilter/nat
/api/objects/packetfilter/packetfilter
/api/objects/packetfilter/ruleset
====QoS====
# QoS
/api/objects/qos/application_selector
/api/objects/qos/group
/api/objects/qos/ingress_rule
/api/objects/qos/interface
/api/objects/qos/rule
/api/objects/qos/traffic_selector
/api/objects/qos/traffic_selector_group
====Remote Syslog====
# Remote Syslog
/api/objects/remote_syslog/group
/api/objects/remote_syslog/server
====Reverse proxy (virtual webserver====
/api/objects/reverse_proxy/auth_profile
/api/objects/reverse_proxy/backend // Webserver Protection -> WAF -> Real Webservers
/api/objects/reverse_proxy/blockpage
/api/objects/reverse_proxy/exception
/api/objects/reverse_proxy/filter
/api/objects/reverse_proxy/form_template
/api/objects/reverse_proxy/frontend // Webserver Protection -> WAF -> Virtual Webservers
/api/objects/reverse_proxy/group
/api/objects/reverse_proxy/location // Webserver Protection -> WAF -> Site Path Routing
/api/objects/reverse_proxy/profile
/api/objects/reverse_proxy/redirection
/api/objects/reverse_proxy/threats_filter
====Rights====
# Rights
/api/objects/right/group
/api/objects/right/right
====Role====
# Role
/api/objects/role/group
/api/objects/role/role
====Route====
# Route
/api/objects/route/group
/api/objects/route/policy
/api/objects/route/static
====Scheduler====
# Scheduler
/api/objects/scheduler/group
/api/objects/scheduler/loadbalance
/api/objects/scheduler/rule
====Services====
# Services (Firewall)
/api/objects/service/ah
/api/objects/service/any
/api/objects/service/esp
/api/objects/service/group
/api/objects/service/icmp
/api/objects/service/icmpv6
/api/objects/service/ip
/api/objects/service/tcp
/api/objects/service/tcpudp
/api/objects/service/udp
====SMTP====
# SMTP
/api/objects/smtp/exception
/api/objects/smtp/group
/api/objects/smtp/header_operation
/api/objects/smtp/profile
====SNMP====
# SNMP
/api/objects/snmp/group
/api/objects/snmp/trap
====SPX====
# SPX
/api/objects/spx/group
/api/objects/spx/template
====SSL VPN====
# SSL VPN
/api/objects/ssl_vpn/client_connection
/api/objects/ssl_vpn/group
/api/objects/ssl_vpn/remote_access_profile
/api/objects/ssl_vpn/server_connection
Man kann überall ein /REF anhängen um eine bestimmte Referenz anzuzeigen und /REF/usedby um anzuzeigen wo ein Objekt referenziert wird.
====cURL====
Script
path="$1"
curl -k -L "https://172.31.2.2:4444/api/$path" \
-H "Authorization: Basic XXXXX"
Call
sh script.sh objects/network/network | jq -r '.[] | "\(.name) - \(.address)/\(.netmask)"'
sh sophos.sh objects/network/network | jq -r '.[] | select(.name | contains("Server")) | .name'
=====Wireless LAN (Access Points)=====
Access Point [[https://utm-shop.de/information/technische-informationen/sophos-wireless-access-points-led-anzeige-hinweise|LED Anzeige Codes]]. Jeder AP kann unterschiedliche SSIDs broadcasten.
* [[https://www.youtube.com/watch?v=E6J2_cIjfb4|WIFI Fundamentals]]
* [[https://www.youtube.com/watch?v=1RglRfRFQhs|Deploy Wireless LAN on Sophos XG]]
Access Point registrieren:
AP anstecken, S/N (Serial Number) auf der Rückseite des AP eingeben. Manage -> Aktivieren
* [[https://www.youtube.com/watch?v=sKqa5lAYlbY|Register Access Point]]
=====Installation=====
Das initiale Passwort in der Console ist "admin".
* Port1 = LAN
* Port2 = WAN
=====Links=====
* [[https://www.youtube.com/watch?v=YGR9_kmPlig|Installation]]
* [[https://www.youtube.com/playlist?list=PLunT6XYZ_aISVfqgOGMdEprfnGV8gj7rT|Sophos UTM 9 Playlist]]
* [[https://www.mpca.solutions/wp/knowledgebase/topic/useful-shell-commands/|Useful shell commands]]