Benutzer-Werkzeuge
sophos
Dies ist eine alte Version des Dokuments!
Inhaltsverzeichnis
Sophos ist eine Firewall die als eigenes Betriebssystem installiert wird. Es gibt eine kostenlose Community Edition. Das Webadmin Interface ist unter Port 4444 erreichbar.
Zuerst das Netzwerk über die CLI konfigurieren. Danach das Webinterface aufrufen und das Setup starten.
Sophos Central ist ein zentrales Managment Tool in der Cloud (für UTM9?).
show system show interfaces show firewall set interface <interface_name> ip <new_ip_address> mask <subnet_mask> set interface <interface_name> gateway <gateway_ip_address> add firewall rule <Rule> src <Source> dst <Destination> service <Service> action <Action> delete firewall rule <Rule> save config
<m> FW/root # sh /usr/local/bin/openvpn_connections.sh // show remote access vpn connections <m> FW/root # cc get http <m> FW/root # ipsec status <m> FW/root # cc get_ipsec_status // see phase 1 and 2 <m> FW/root # iptables -L AUTO_FORWARD <m> FW/root # iptables -L USR_FORWARD
cc
// ssh into box. // get root <M> loginuser@fw-akm:/home/login > sudo -i // get objects <M> fw-akm:/root # cc get ipsec connections <M> fw-akm:/root # cc get_objects network <M> fw-akm:/root # cc get_object "REF_xxxxxx" <M> fw-akm:/root # cc get packetfilter rules <M> fw-akm:/root # cc get packetfilter rules_auto
API
Die API (Web Interface) ist unter https://sophos:4444/api erreichbar. Documentation
Parameter werden mit „Referenzen“ verknüpft. Einträge die mit „REF_“ beginnen sind Referenzen. Referenzen kann man leider nicht via REST API suchen, dazu muss man in der Shell das Tool cc verwenden.
AAA
# AAA /api/objects/aaa/user // Definitions & Users -> Users /api/objects/aaa/group // Definitions & Users -> Groups
Authentication
# Authentication /api/objects/authentication/adirectory // Definitions & Users -> Authentication Services -> Servers /api/objects/authentication/edirectory // Definitions & Users -> Authentication Services -> Servers /api/objects/authentication/group /api/objects/authentication/otp_token // Definitions & Users -> Authentication Services -> One-Time Passwords /api/objects/authentication/ldap // Definitions & Users -> Authentication Services -> Servers /api/objects/authentication/radius // Definitions & Users -> Authentication Services -> Servers /api/objects/authentication/tacacs // Definitions & Users -> Authentication Services -> Servers
CA
# Certificate authority /api/objects/ca/crl /api/objects/ca/csr /api/objects/ca/group /api/objects/ca/host_cert /api/objects/ca/host_key_cert /api/objects/ca/http_verification_ca /api/objects/ca/meta_crl /api/objects/ca/meta_x509 /api/objects/ca/rsa /api/objects/ca/signing_ca /api/objects/ca/verification_ca
Clientless VPN
# Clientless VPN /api/objects/clientless_vpn/connection /api/objects/clientless_vpn/group
Conditions
# Conditions /api/objects/condition/group /api/objects/condition/objref
DHCP
# DHCP /api/objects/dhcp/group /api/objects/dhcp/option /api/objects/dhcp/option6 /api/objects/dhcp/server /api/objects/dhcp/server6 /api/objects/dhcp/stateless
DNS
# DNS /api/objects/dns/axfr /api/objects/dns/group /api/objects/dns/route
Endpoint protection
# Endpoint protection /api/objects/epp/av_exception /api/objects/epp/av_policy /api/objects/epp/dc_exception /api/objects/epp/dc_policy /api/objects/epp/device /api/objects/epp/endpoint /api/objects/epp/endpoints_group /api/objects/epp/group
HTTP
Interfaces
# Interfaces /api/objects/interface/bridge /api/objects/interface/ethernet /api/objects/interface/group /api/objects/interface/ppp3g /api/objects/interface/pppmodem /api/objects/interface/pppoa /api/objects/interface/pppoe /api/objects/interface/tunnel /api/objects/interface/vlan
Intrusion prevention
# Intrusion prevention /api/objects/ips/exception /api/objects/ips/group /api/objects/ips/rule /api/objects/ips/rule_modifier
IPSec
# IPSec /api/objects/ipsec/group /api/objects/ipsec/policy /api/objects/ipsec/remote_gateway
IPSec connection
# IPSec connection /api/objects/ipsec_connection/amazon_vpc /api/objects/ipsec_connection/group /api/objects/ipsec_connection/l2tp /api/objects/ipsec_connection/roadwarrior_ca /api/objects/ipsec_connection/roadwarrior_cisco /api/objects/ipsec_connection/roadwarrior_psk /api/objects/ipsec_connection/roadwarrior_x509 /api/objects/ipsec_connection/site2site
IPSec Auth
# IPSec Auth /api/objects/ipsec_remote_auth/ca /api/objects/ipsec_remote_auth/group /api/objects/ipsec_remote_auth/psk /api/objects/ipsec_remote_auth/rsa /api/objects/ipsec_remote_auth/x509
Interface Hardware
# Interface Hardware /api/objects/itfhw/awe_network /api/objects/itfhw/awe_network_group /api/objects/itfhw/bridge /api/objects/itfhw/ethernet /api/objects/itfhw/group /api/objects/itfhw/lag /api/objects/itfhw/red_client /api/objects/itfhw/red_server /api/objects/itfhw/serial /api/objects/itfhw/usbserial /api/objects/itfhw/virtual
Interface Params
/api/objects/itfparams/bridge_port /api/objects/itfparams/group /api/objects/itfparams/link_aggregation_group /api/objects/itfparams/primary /api/objects/itfparams/secondary
MAC list
# /objects/mac_list/group /objects/mac_list/mac_list
Network
# Network /api/objects/network/aaa /api/objects/network/any /api/objects/network/availability_group /api/objects/network/dns_group /api/objects/network/dns_host /api/objects/network/group /api/objects/network/host /api/objects/network/interface_address /api/objects/network/interface_broadcast /api/objects/network/interface_network /api/objects/network/multicast /api/objects/network/network // Definitions & Users -> Network Definitions /api/objects/network/range
Notification
# Notification /api/objects/notification/group /api/objects/notification/notification
OSPF
# OSPF /api/objects/ospf/area /api/objects/ospf/group /api/objects/ospf/interface /api/objects/ospf/message_digest_key
Packetfilter
# Packetfilter /api/objects/packetfilter/1to1nat /api/objects/packetfilter/generic_proxy /api/objects/packetfilter/group /api/objects/packetfilter/loadbalance /api/objects/packetfilter/mangle /api/objects/packetfilter/masq /api/objects/packetfilter/nat /api/objects/packetfilter/packetfilter /api/objects/packetfilter/ruleset
QoS
# QoS /api/objects/qos/application_selector /api/objects/qos/group /api/objects/qos/ingress_rule /api/objects/qos/interface /api/objects/qos/rule /api/objects/qos/traffic_selector /api/objects/qos/traffic_selector_group
Remote Syslog
# Remote Syslog /api/objects/remote_syslog/group /api/objects/remote_syslog/server
Reverse proxy (virtual webserver
/api/objects/reverse_proxy/auth_profile /api/objects/reverse_proxy/backend // Webserver Protection -> WAF -> Real Webservers /api/objects/reverse_proxy/blockpage /api/objects/reverse_proxy/exception /api/objects/reverse_proxy/filter /api/objects/reverse_proxy/form_template /api/objects/reverse_proxy/frontend // Webserver Protection -> WAF -> Virtual Webservers /api/objects/reverse_proxy/group /api/objects/reverse_proxy/location // Webserver Protection -> WAF -> Site Path Routing /api/objects/reverse_proxy/profile /api/objects/reverse_proxy/redirection /api/objects/reverse_proxy/threats_filter
Rights
# Rights /api/objects/right/group /api/objects/right/right
Role
# Role /api/objects/role/group /api/objects/role/role
Route
# Route /api/objects/route/group /api/objects/route/policy /api/objects/route/static
Scheduler
# Scheduler /api/objects/scheduler/group /api/objects/scheduler/loadbalance /api/objects/scheduler/rule
Services
# Services (Firewall) /api/objects/service/ah /api/objects/service/any /api/objects/service/esp /api/objects/service/group /api/objects/service/icmp /api/objects/service/icmpv6 /api/objects/service/ip /api/objects/service/tcp /api/objects/service/tcpudp /api/objects/service/udp
SMTP
# SMTP /api/objects/smtp/exception /api/objects/smtp/group /api/objects/smtp/header_operation /api/objects/smtp/profile
SNMP
# SNMP /api/objects/snmp/group /api/objects/snmp/trap
SPX
# SPX /api/objects/spx/group /api/objects/spx/template
SSL VPN
# SSL VPN /api/objects/ssl_vpn/client_connection /api/objects/ssl_vpn/group /api/objects/ssl_vpn/remote_access_profile /api/objects/ssl_vpn/server_connection
Man kann überall ein /REF anhängen um eine bestimmte Referenz anzuzeigen und /REF/usedby um anzuzeigen wo ein Objekt referenziert wird.
cURL
Script
path="$1" curl -k -L "https://172.31.2.2:4444/api/$path" \ -H "Authorization: Basic XXXXX"
Call
sh script.sh objects/network/network | jq -r '.[] | "\(.name) - \(.address)/\(.netmask)"'
sh sophos.sh objects/network/network | jq -r '.[] | select(.name | contains("Server")) | .name'
Wireless LAN (Access Points)
Access Point LED Anzeige Codes. Jeder AP kann unterschiedliche SSIDs broadcasten.
Access Point registrieren:
AP anstecken, S/N (Serial Number) auf der Rückseite des AP eingeben. Manage → Aktivieren
Installation
Das initiale Passwort in der Console ist „admin“.
- Port1 = LAN
- Port2 = WAN
Links
sophos.1738857279.txt.gz · Zuletzt geändert: 2025/02/06 16:54 von jango
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-NoDerivatives 4.0 International
