Benutzer-Werkzeuge
sophos
Dies ist eine alte Version des Dokuments!
Inhaltsverzeichnis
Sophos ist eine Firewall die als eigenes Betriebssystem installiert wird. Es gibt eine kostenlose Community Edition. Das Webadmin Interface ist unter Port 4444 erreichbar.
Zuerst das Netzwerk über die CLI konfigurieren. Danach das Webinterface aufrufen und das Setup starten.
Sophos Central ist ein zentrales Managment Tool in der Cloud.
show system show interfaces show firewall set interface <interface_name> ip <new_ip_address> mask <subnet_mask> set interface <interface_name> gateway <gateway_ip_address> add firewall rule <Rule> src <Source> dst <Destination> service <Service> action <Action> delete firewall rule <Rule> save config
<m> FW/root # sh /usr/local/bin/openvpn_connections.sh // show remote access vpn connections <m> FW/root # cc get http <m> FW/root # ipsec status <m> FW/root # cc get_ipsec_status // see phase 1 and 2 <m> FW/root # iptables -L AUTO_FORWARD <m> FW/root # iptables -L USR_FORWARD
cc
// ssh into box. // get root <M> loginuser@fw-akm:/home/login > sudo -i // get objects <M> fw-akm:/root # cc get ipsec connections <M> fw-akm:/root # cc get_objects network <M> fw-akm:/root # cc get_object "REF_xxxxxx"
API
Die API (Web Interface) ist unter https://sophos:4444/api erreichbar. Documentation
/api/objects/network/network /api/objects/network/interface_address /api/objects/network/interface_network # User & Groups /api/objects/aaa/user /api/objects/group # Authentication /api/objects/authentication/adirectory /api/objects/authentication/edirectory /api/objects/authentication/group /api/objects/authentication/otp_token /api/objects/authentication/ldap /api/objects/authentication/radius /api/objects/authentication/tacacs # Certificate authority /api/objects/ca/crl /api/objects/ca/csr /api/objects/ca/group /api/objects/ca/host_cert /api/objects/ca/host_key_cert /api/objects/ca/http_verification_ca /api/objects/ca/meta_crl /api/objects/ca/meta_x509 /api/objects/ca/rsa /api/objects/ca/signing_ca /api/objects/ca/verification_ca # Clientless VPN /api/objects/clientless_vpn/connection´ /api/objects/clientless_vpn/group # Conditions /api/objects/condition/group /api/objects/condition/objref # DHCP /api/objects/dhcp/group /api/objects/dhcp/option /api/objects/dhcp/option6 /api/objects/dhcp/server /api/objects/dhcp/server6 /api/objects/dhcp/stateless # DNS /api/objects/dns/axfr /api/objects/dns/group /api/objects/dns/route # Endpoint protection /api/objects/epp/av_exception /api/objects/epp/av_policy /api/objects/epp/dc_exception /api/objects/epp/dc_policy /api/objects/epp/device /api/objects/epp/endpoint /api/objects/epp/endpoints_group /api/objects/epp/group # HTTP # Interfaces /api/objects/interface/bridge /api/objects/interface/ethernet /api/objects/interface/group /api/objects/interface/ppp3g /api/objects/interface/pppmodem /api/objects/interface/pppoa /api/objects/interface/pppoe /api/objects/interface/tunnel /api/objects/interface/vlan # Intrusion prevention /api/objects/ips/exception /api/objects/ips/group /api/objects/ips/rule /api/objects/ips/rule_modifier # IPSec /api/objects/ipsec/group /api/objects/ipsec/policy /api/objects/ipsec/remote_gateway # IPSec connection /api/objects/ipsec_connection/amazon_vpc /api/objects/ipsec_connection/group /api/objects/ipsec_connection/l2tp /api/objects/ipsec_connection/roadwarrior_ca /api/objects/ipsec_connection/roadwarrior_cisco /api/objects/ipsec_connection/roadwarrior_psk /api/objects/ipsec_connection/roadwarrior_x509 /api/objects/ipsec_connection/site2site # IPSec Auth /api/objects/ipsec_remote_auth/ca /api/objects/ipsec_remote_auth/group /api/objects/ipsec_remote_auth/psk /api/objects/ipsec_remote_auth/rsa /api/objects/ipsec_remote_auth/x509 # WLAN ??? /api/objects/itfhw/awe_network /api/objects/itfhw/awe_network_group /api/objects/itfhw/bridge /api/objects/itfhw/ethernet /api/objects/itfhw/group /api/objects/itfhw/lag /api/objects/itfhw/red_client /api/objects/itfhw/red_server /api/objects/itfhw/serial /api/objects/itfhw/usbserial /api/objects/itfhw/virtual /api/objects/itfparams/bridge_port /api/objects/itfparams/group /api/objects/itfparams/link_aggregation_group /api/objects/itfparams/primary /api/objects/itfparams/secondary # /objects/mac_list/group /objects/mac_list/mac_list # Network /api/objects/network/aaa /api/objects/network/any /api/objects/network/availability_group /api/objects/network/dns_group /api/objects/network/dns_host /api/objects/network/group /api/objects/network/host /api/objects/network/interface_address /api/objects/network/interface_broadcast /api/objects/network/interface_network /api/objects/network/multicast /api/objects/network/network /api/objects/network/range # Notification /api/objects/notification/group /api/objects/notification/notification # OSPF /api/objects/ospf/area /api/objects/ospf/group /api/objects/ospf/interface /api/objects/ospf/message_digest_key # Packetfilter /api/objects/packetfilter/1to1nat /api/objects/packetfilter/generic_proxy /api/objects/packetfilter/group /api/objects/packetfilter/loadbalance /api/objects/packetfilter/mangle /api/objects/packetfilter/masq /api/objects/packetfilter/nat /api/objects/packetfilter/packetfilter /api/objects/packetfilter/ruleset # QoS /api/objects/qos/application_selector /api/objects/qos/group /api/objects/qos/ingress_rule /api/objects/qos/interface /api/objects/qos/rule /api/objects/qos/traffic_selector /api/objects/qos/traffic_selector_group # Remote Syslog /api/objects/remote_syslog/group /api/objects/remote_syslog/server # Reverse proxy (virtual webservers) /api/objects/reverse_proxy/auth_profile /api/objects/reverse_proxy/backend /api/objects/reverse_proxy/blockpage /api/objects/reverse_proxy/exception /api/objects/reverse_proxy/filter /api/objects/reverse_proxy/form_template /api/objects/reverse_proxy/frontend /api/objects/reverse_proxy/group /api/objects/reverse_proxy/location /api/objects/reverse_proxy/profile /api/objects/reverse_proxy/redirection /api/objects/reverse_proxy/threats_filter # Rights /api/objects/right/group /api/objects/right/right # Role /api/objects/role/group /api/objects/role/role # Route /api/objects/route/group /api/objects/route/policy /api/objects/route/static # Scheduler /api/objects/scheduler/group /api/objects/scheduler/loadbalance /api/objects/scheduler/rule # Services (Firewall) /api/objects/service/ah /api/objects/service/any /api/objects/service/esp /api/objects/service/group /api/objects/service/icmp /api/objects/service/icmpv6 /api/objects/service/ip /api/objects/service/tcp /api/objects/service/tcpudp /api/objects/service/udp # SMTP /api/objects/smtp/exception /api/objects/smtp/group /api/objects/smtp/header_operation /api/objects/smtp/profile # SNMP /api/objects/snmp/group /api/objects/snmp/trap # SPX /api/objects/spx/group /api/objects/spx/template # SSL VPN /api/objects/ssl_vpn/client_connection /api/objects/ssl_vpn/group /api/objects/ssl_vpn/remote_access_profile /api/objects/ssl_vpn/server_connection
Man kann überall ein /REF anhängen um eine bestimmte Referenz anzuzeigen und /REF/usedby um anzuzeigen wo ein Objekt referenziert wird.
cURL
Script
path="$1" curl -k -L "https://172.31.2.2:4444/api/$path" \ -H "Authorization: Basic XXXXX"
Call
sh script.sh objects/network/network | jq -r '.[] | "\(.name) - \(.address)/\(.netmask)"'
sh sophos.sh objects/network/network | jq -r '.[] | select(.name | contains("Server")) | .name'
Wireless LAN (Access Points)
Access Point LED Anzeige Codes. Jeder AP kann unterschiedliche SSIDs broadcasten.
Access Point registrieren:
AP anstecken, S/N (Serial Number) auf der Rückseite des AP eingeben. Manage → Aktivieren
Installation
Das initiale Passwort in der Console ist „admin“.
- Port1 = LAN
- Port2 = WAN
Links
sophos.1738840697.txt.gz · Zuletzt geändert: 2025/02/06 12:18 von jango
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-NoDerivatives 4.0 International
