Professional Documents
Culture Documents
Navigating and Managing Sophos Firewall
Navigating and Managing Sophos Firewall
Sophos Firewall
Sophos Firewall
Version: 19.5v1
Sophos Firewall
FW1505: Navigating and Managing Sophos Firewall
November 2022
Version: 19.5v1
© 2022 Sophos Limited. All rights reserved. No part of this document may be used or reproduced
in any form or by any means without the prior written consent of Sophos.
Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and
marks mentioned in this document may be the trademarks or registered trademarks of Sophos
Limited or their respective owners.
While reasonable care has been taken in the preparation of this document, Sophos makes no
warranties, conditions or representations (whether express or implied) as to its completeness or
accuracy. This document is subject to change at any time without notice.
Sophos Limited is a company registered in England number 2096520, whose registered office is at
The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP.
DURATION
11 minutes
When you have completed this chapter, you will be familiar with the Sophos Firewall WebAdmin
and understand how it uses objects as the building blocks for the configuration of rules and
policies.
When you first login to the WebAdmin you are presented with the Control Center, which provides a
live view of what is happening on the Sophos Firewall, and allows you to quickly identify anything
that requires your attention.
Down the left-hand side is the main menu for navigating the Sophos Firewall. This is divided into
four sections:
MONITOR & ANALYZE, provides access to information on the current activity on the Sophos
Firewall, and reports and diagnostic tools.
PROTECT, for configuring the rules, policies and settings related to protection features.
CONFIGURE, where you setup connectivity, routing, authentication and global settings.
SYSTEM, which houses the device access settings, as well as objects and profiles that are used
within rules and policies.
Each section that is accessible from the main menu is further broken down into tabs for accessing
each area of configuration.
On some screens additional, less frequently used tabs, can be accessed using the ellipses on the
right-hand side of the tabs.
Display additional
Settings for reports
In the Reports section there is an additional, Show Reports settings option, that allows you to
access some of the less often used options.
When the settings are accessed, the screen will flip to the additional options. You can identify
when you are on this screen because the title bar at the top of the page will be yellow.
Found in the top-right is the admin menu. Here you can reboot, shutdown, lock and logout of the
Sophos Firewall. This menu also provides links to the support website, the Sophos Firewall
licensing page, and web-based access to the console.
Found on every screen on the Sophos firewall is a context sensitive link to the online help file.
When clicked, it opens a separate window. This online version of the help is fully interactive, and
can be browsed by selecting the various menu items in the left side menu. It can also be searched
using keywords. When a search result is selected it will load the appropriate section within the
help file.
[Additional Information]
https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/index.html
Next to the help link is the Log viewer, which opens in a new window to provide access to all log
files.
In the ‘Log viewer’ you can filter the logs and perform context sensitive actions. Other chapters in
the course will explore this in more detail.
Clicking the How-to guides link in the Web Admin takes you to the Sophos Community page.
This provides a link to a library of videos that demonstrate how to perform common tasks on
Sophos Firewall.
The Sophos Firewall uses objects as the building blocks for the configuration of rules and policies.
By defining reusable objects once for things such as hosts, services and networks, it can speed up
configuration, and simplify future changes by having a single place to make a change.
Objects can be created and edited ahead of time, but they can also be created inline when
configuring protection features. This means that you do not have to navigate away from what you
are configuring to create an object, because you will have the option to create it where you need
it.
There are two categories of object – hosts and services; and profiles. These can be found in the
SYSTEM section on the Sophos Firewall.
There are three types of host object on the Sophos Firewall: IP, MAC and FQDN
There are three types of host object on the Sophos Firewall: IP, MAC and FQDN.
IP host objects can represent a single IP address, a subnet, a range of IP addresses or a list of IP
address, for either IPv4 or IPv6.
The object has a name and then must be configured by IP version (IPv4 or IPv6) and a type. Note
that the IP version and type cannot be modified after the object has been created.
You then provide the data for the type of object you selected. Note that IP address lists are comma
separated.
IP host groups can be used to group IP host objects for IP addresses, networks and IP ranges, but
not IP lists.
MAC host objects can be created for individual MAC addresses or MAC address lists.
The MAC host object has a name and then must be configured for a specific type, either MAC
address or MAC list. This cannot be changed once the object has been saved.
FQDN host objects can include a wildcard prefix to resolve sub-domains, for example,
*.sophos.com.
FQDN host groups allow you to create a collection of FQDN host objects to further simplify the
using of objects in rules and policies.
Service based on
TCP and UDP ports
Service based on
IP protocol numbers
Service based on
ICMP types & codes
Each service object is for a single type, and can contain one or more definitions.
Sophos Firewall maintains a geo IP database that maps IP addresses to countries, and this is
automatically updated with the pattern definitions.
There are several predefined country groups that ship with Sophos Firewall, which can be edited.
You can also create custom groups of countries.
Decryption IPsec
• Settings for TLS decryption • IKE parameters for establishing tunnels
between two firewalls
Device access
• Roles for administrators
Profiles are a collection of settings that can be defined and used when configuring protection
features.
Upload firmware
Sophos Firewall has two firmware slots, one for the current active firmware, and the other that can
be updated with a new version. This means that if an issue is encountered with the running
firmware, the previous version can be booted.
Firmware can be downloaded automatically or uploaded manually. When there is a new firmware
version you will be prompted to upgrade when you login.
As well as uploading new firmware, you can select which firmware version to boot, or choose to
boot one of the firmware versions with the default factory settings.
Firmware updates require a valid support license. For devices that do not have a valid support
license applied, a banner is shown on the firmware page that shows the number of free firmware
updates that are left.
Three free firmware updates are provided, and mandatory updates that are installed as part of the
initial setup wizard are not counted towards this. Pattern updates are not affected.
The main menu is the primary navigation tool and is divided into four sections. Pages are
further broken down into tabs for accessing each area of configuration
Two types of object – hosts and services, and profiles – are used as the building blocks
for the configuration of rules and policies
Here are the three main things you learned in this chapter.
The main menu is the primary navigation tool and is divided into four sections. Pages are further
broken down into tabs for accessing each area of configuration.
The Sophos Firewall uses two types of object – hosts and services, and profiles - as the building
blocks for the configuration of rules and policies.