MBCDN

Dies ist eine alte Version des Dokuments!

Inhaltsverzeichnis

Sophos ist eine Firewall die als eigenes Betriebssystem installiert wird. Es gibt eine kostenlose Community Edition. Das Webadmin Interface ist unter Port 4444 erreichbar.

Zuerst das Netzwerk über die CLI konfigurieren. Danach das Webinterface aufrufen und das Setup starten.

Reset

Sophos Central ist ein zentrales Managment Tool in der Cloud (für UTM9?).

show system
show interfaces
show firewall

set interface <interface_name> ip <new_ip_address> mask <subnet_mask>
set interface <interface_name> gateway <gateway_ip_address>

add firewall rule <Rule> src <Source> dst <Destination> service <Service> action <Action>
delete firewall rule <Rule>

save config

<m> FW/root # sh /usr/local/bin/openvpn_connections.sh // show remote access vpn connections
<m> FW/root # cc get http
<m> FW/root # ipsec status
<m> FW/root # cc get_ipsec_status // see phase 1 and 2
<m> FW/root # iptables -L AUTO_FORWARD
<m> FW/root # iptables -L USR_FORWARD

cc

// ssh into box.
// get root
<M> loginuser@fw-akm:/home/login > sudo -i

// get objects
<M> fw-akm:/root # cc get ipsec connections

<M> fw-akm:/root # cc get_objects network
<M> fw-akm:/root # cc get_object "REF_xxxxxx"

API

Die API (Web Interface) ist unter https://sophos:4444/api erreichbar. Documentation

AAA

# AAA
/api/objects/aaa/user
/api/objects/aaa/group

Authentication

# Authentication
/api/objects/authentication/adirectory
/api/objects/authentication/edirectory
/api/objects/authentication/group
/api/objects/authentication/otp_token
/api/objects/authentication/ldap
/api/objects/authentication/radius
/api/objects/authentication/tacacs

CA

# Certificate authority
/api/objects/ca/crl
/api/objects/ca/csr
/api/objects/ca/group
/api/objects/ca/host_cert
/api/objects/ca/host_key_cert
/api/objects/ca/http_verification_ca
/api/objects/ca/meta_crl
/api/objects/ca/meta_x509
/api/objects/ca/rsa
/api/objects/ca/signing_ca
/api/objects/ca/verification_ca

Clientless VPN

# Clientless VPN
/api/objects/clientless_vpn/connection
/api/objects/clientless_vpn/group

Conditions

# Conditions
/api/objects/condition/group
/api/objects/condition/objref

DHCP

# DHCP
/api/objects/dhcp/group
/api/objects/dhcp/option
/api/objects/dhcp/option6
/api/objects/dhcp/server
/api/objects/dhcp/server6
/api/objects/dhcp/stateless

DNS

# DNS
/api/objects/dns/axfr
/api/objects/dns/group
/api/objects/dns/route

Endpoint protection

# Endpoint protection
/api/objects/epp/av_exception
/api/objects/epp/av_policy
/api/objects/epp/dc_exception
/api/objects/epp/dc_policy
/api/objects/epp/device
/api/objects/epp/endpoint
/api/objects/epp/endpoints_group
/api/objects/epp/group

HTTP

Interfaces

# Interfaces
/api/objects/interface/bridge
/api/objects/interface/ethernet
/api/objects/interface/group
/api/objects/interface/ppp3g
/api/objects/interface/pppmodem
/api/objects/interface/pppoa
/api/objects/interface/pppoe
/api/objects/interface/tunnel
/api/objects/interface/vlan

Intrusion prevention

# Intrusion prevention
/api/objects/ips/exception
/api/objects/ips/group
/api/objects/ips/rule
/api/objects/ips/rule_modifier

IPSec

# IPSec
/api/objects/ipsec/group
/api/objects/ipsec/policy
/api/objects/ipsec/remote_gateway

IPSec connection

# IPSec connection
/api/objects/ipsec_connection/amazon_vpc
/api/objects/ipsec_connection/group
/api/objects/ipsec_connection/l2tp
/api/objects/ipsec_connection/roadwarrior_ca
/api/objects/ipsec_connection/roadwarrior_cisco
/api/objects/ipsec_connection/roadwarrior_psk
/api/objects/ipsec_connection/roadwarrior_x509
/api/objects/ipsec_connection/site2site

IPSec Auth

# IPSec Auth
/api/objects/ipsec_remote_auth/ca
/api/objects/ipsec_remote_auth/group
/api/objects/ipsec_remote_auth/psk
/api/objects/ipsec_remote_auth/rsa
/api/objects/ipsec_remote_auth/x509

Interface Hardware

# Interface Hardware
/api/objects/itfhw/awe_network
/api/objects/itfhw/awe_network_group
/api/objects/itfhw/bridge
/api/objects/itfhw/ethernet
/api/objects/itfhw/group
/api/objects/itfhw/lag
/api/objects/itfhw/red_client
/api/objects/itfhw/red_server
/api/objects/itfhw/serial
/api/objects/itfhw/usbserial
/api/objects/itfhw/virtual

Interface Params

/api/objects/itfparams/bridge_port
/api/objects/itfparams/group
/api/objects/itfparams/link_aggregation_group
/api/objects/itfparams/primary
/api/objects/itfparams/secondary

MAC list

# 
/objects/mac_list/group
/objects/mac_list/mac_list

Network

# Network
/api/objects/network/aaa
/api/objects/network/any
/api/objects/network/availability_group
/api/objects/network/dns_group
/api/objects/network/dns_host
/api/objects/network/group
/api/objects/network/host
/api/objects/network/interface_address
/api/objects/network/interface_broadcast
/api/objects/network/interface_network
/api/objects/network/multicast
/api/objects/network/network
/api/objects/network/range

Notification

# Notification
/api/objects/notification/group
/api/objects/notification/notification

OSPF

# OSPF
/api/objects/ospf/area
/api/objects/ospf/group
/api/objects/ospf/interface
/api/objects/ospf/message_digest_key

Packetfilter

# Packetfilter
/api/objects/packetfilter/1to1nat
/api/objects/packetfilter/generic_proxy
/api/objects/packetfilter/group
/api/objects/packetfilter/loadbalance
/api/objects/packetfilter/mangle
/api/objects/packetfilter/masq
/api/objects/packetfilter/nat
/api/objects/packetfilter/packetfilter
/api/objects/packetfilter/ruleset

QoS

# QoS
/api/objects/qos/application_selector
/api/objects/qos/group
/api/objects/qos/ingress_rule
/api/objects/qos/interface
/api/objects/qos/rule
/api/objects/qos/traffic_selector
/api/objects/qos/traffic_selector_group

Remote Syslog

# Remote Syslog
/api/objects/remote_syslog/group
/api/objects/remote_syslog/server

Reverse proxy (virtual webserver

# Reverse proxy (virtual webservers)
/api/objects/reverse_proxy/auth_profile
/api/objects/reverse_proxy/backend
/api/objects/reverse_proxy/blockpage
/api/objects/reverse_proxy/exception
/api/objects/reverse_proxy/filter
/api/objects/reverse_proxy/form_template
/api/objects/reverse_proxy/frontend
/api/objects/reverse_proxy/group
/api/objects/reverse_proxy/location
/api/objects/reverse_proxy/profile
/api/objects/reverse_proxy/redirection
/api/objects/reverse_proxy/threats_filter

Rights

# Rights
/api/objects/right/group
/api/objects/right/right

Role

# Role
/api/objects/role/group
/api/objects/role/role

Route

# Route
/api/objects/route/group
/api/objects/route/policy
/api/objects/route/static

Scheduler

# Scheduler
/api/objects/scheduler/group
/api/objects/scheduler/loadbalance
/api/objects/scheduler/rule

Services

# Services (Firewall)
/api/objects/service/ah
/api/objects/service/any
/api/objects/service/esp
/api/objects/service/group
/api/objects/service/icmp
/api/objects/service/icmpv6
/api/objects/service/ip
/api/objects/service/tcp
/api/objects/service/tcpudp
/api/objects/service/udp

SMTP

# SMTP
/api/objects/smtp/exception
/api/objects/smtp/group
/api/objects/smtp/header_operation
/api/objects/smtp/profile

SNMP

# SNMP
/api/objects/snmp/group
/api/objects/snmp/trap

SPX

# SPX
/api/objects/spx/group
/api/objects/spx/template

SSL VPN

# SSL VPN
/api/objects/ssl_vpn/client_connection
/api/objects/ssl_vpn/group
/api/objects/ssl_vpn/remote_access_profile
/api/objects/ssl_vpn/server_connection

Man kann überall ein /REF anhängen um eine bestimmte Referenz anzuzeigen und /REF/usedby um anzuzeigen wo ein Objekt referenziert wird.

cURL

Script

path="$1"
curl -k -L "https://172.31.2.2:4444/api/$path" \
-H "Authorization: Basic XXXXX"

Call

sh script.sh objects/network/network | jq -r '.[] | "\(.name) - \(.address)/\(.netmask)"'
sh sophos.sh objects/network/network | jq -r '.[] | select(.name | contains("Server")) | .name'

Wireless LAN (Access Points)

Access Point LED Anzeige Codes. Jeder AP kann unterschiedliche SSIDs broadcasten.

Access Point registrieren:

AP anstecken, S/N (Serial Number) auf der Rückseite des AP eingeben. Manage → Aktivieren

Register Access Point

Installation

Das initiale Passwort in der Console ist „admin“.

Port1 = LAN
Port2 = WAN