Navigating and Managing

Sophos Firewall

Sophos Firewall
Version: 19.5v1

Sophos Firewall
FW1505: Navigating and Managing Sophos Firewall

November 2022
Version: 19.5v1

© 2022 Sophos Limited. All rights reserved. No part of this document may be used or reproduced
in any form or by any means without the prior written consent of Sophos.

Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and
marks mentioned in this document may be the trademarks or registered trademarks of Sophos
Limited or their respective owners.

While reasonable care has been taken in the preparation of this document, Sophos makes no
warranties, conditions or representations (whether express or implied) as to its completeness or
accuracy. This document is subject to change at any time without notice.

Sophos Limited is a company registered in England number 2096520, whose registered office is at
The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP.

Navigating and Managing Sophos Firewall v1.0 - 1

 Navigating and Managing Sophos Firewall

When you have completed this RECOMMENDED KNOWLEDGE AND EXPERIENCE

chapter, you will be familiar with ✓ Sophos Firewall configuration using the Initial
the Sophos Firewall WebAdmin Setup Wizard
and understand how it uses
objects as the building blocks for
the configuration of rules and
policies.

DURATION

11 minutes

When you have completed this chapter, you will be familiar with the Sophos Firewall WebAdmin
and understand how it uses objects as the building blocks for the configuration of rules and
policies.

Navigating and Managing Sophos Firewall v1.0 - 2

 WebAdmin: Control Center

When you first login to the WebAdmin you are presented with the Control Center, which provides a
live view of what is happening on the Sophos Firewall, and allows you to quickly identify anything
that requires your attention.

The Control Center is broken down into six main areas.

• System, which shows the health of the firewall and services. Each item can be clicked to get
more detailed information.
• Traffic insight, which provides an at a glance overview of what is happening on the network and
the traffic being processed
• User and device insight, for the status of users and devices being protected by Sophos Firewall.
This section includes the User Threat quotient, which is a risk assessment of users based on
their behaviour.
• Active firewall rules displays the usage of firewall rules by type. Below the graph you can see
the state of firewall rules over the last 24 hours. Clicking these will take you to the firewall rules
filtering for the selected type of rule.
• Reports provides access to commonly used reports. These can either be opened by clicking on
the name of the report or downloaded using the icon to the right of each. It shows when the
report was last updated and the size of the file.
• And Messages, which displays alerts or information for the administrator, including security
warnings and new firmware updates. Messages are clickable to access the relevant
configuration.

Navigating and Managing Sophos Firewall v1.0 - 3

 WebAdmin: Main Menu

Information on current activity,

reports and diagnostic tools

Down the left-hand side is the main menu for navigating the Sophos Firewall. This is divided into
four sections:

MONITOR & ANALYZE, provides access to information on the current activity on the Sophos
Firewall, and reports and diagnostic tools.

Navigating and Managing Sophos Firewall v1.0 - 4

 WebAdmin: Main Menu

Configure rules policies and settings

related to protection features

PROTECT, for configuring the rules, policies and settings related to protection features.

Navigating and Managing Sophos Firewall v1.0 - 5

 WebAdmin: Main Menu

Setup connectivity, routing,

authentication and global settings

CONFIGURE, where you setup connectivity, routing, authentication and global settings.

Navigating and Managing Sophos Firewall v1.0 - 6

 WebAdmin: Main Menu

Device access settings, objects and

profiles that are used in rules and
policies

SYSTEM, which houses the device access settings, as well as objects and profiles that are used
within rules and policies.

Navigating and Managing Sophos Firewall v1.0 - 7

 WebAdmin: Tabbed Navigation

Each section that is accessible from the main menu is further broken down into tabs for accessing
each area of configuration.

On some screens additional, less frequently used tabs, can be accessed using the ellipses on the
right-hand side of the tabs.

Navigating and Managing Sophos Firewall v1.0 - 8

 WebAdmin: Advanced Settings

Display additional
Settings for reports

In the Reports section there is an additional, Show Reports settings option, that allows you to
access some of the less often used options.

When the settings are accessed, the screen will flip to the additional options. You can identify
when you are on this screen because the title bar at the top of the page will be yellow.

Navigating and Managing Sophos Firewall v1.0 - 9

 WebAdmin: Admin Drop-Down Menu

Found in the top-right is the admin menu. Here you can reboot, shutdown, lock and logout of the
Sophos Firewall. This menu also provides links to the support website, the Sophos Firewall
licensing page, and web-based access to the console.

Navigating and Managing Sophos Firewall v1.0 - 10

 WebAdmin: Help

Found on every screen on the Sophos firewall is a context sensitive link to the online help file.

When clicked, it opens a separate window. This online version of the help is fully interactive, and
can be browsed by selecting the various menu items in the left side menu. It can also be searched
using keywords. When a search result is selected it will load the appropriate section within the
help file.

[Additional Information]
https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/index.html

Navigating and Managing Sophos Firewall v1.0 - 11

 WebAdmin: Log Viewer

Next to the help link is the Log viewer, which opens in a new window to provide access to all log
files.

In the ‘Log viewer’ you can filter the logs and perform context sensitive actions. Other chapters in
the course will explore this in more detail.

Navigating and Managing Sophos Firewall v1.0 - 12

 How-to Guides

View How-to videos

Clicking the How-to guides link in the Web Admin takes you to the Sophos Community page.

This provides a link to a library of videos that demonstrate how to perform common tasks on
Sophos Firewall.

Navigating and Managing Sophos Firewall v1.0 - 13

 Objects

Objects are the building blocks for rules and policies

Define hosts, networks, services, groups and profiles

Can be created inline when configuring rules and policies

The Sophos Firewall uses objects as the building blocks for the configuration of rules and policies.
By defining reusable objects once for things such as hosts, services and networks, it can speed up
configuration, and simplify future changes by having a single place to make a change.

Objects can be created and edited ahead of time, but they can also be created inline when
configuring protection features. This means that you do not have to navigate away from what you
are configuring to create an object, because you will have the option to create it where you need
it.

There are two categories of object – hosts and services; and profiles. These can be found in the
SYSTEM section on the Sophos Firewall.

Navigating and Managing Sophos Firewall v1.0 - 14

 Hosts
IP MAC FQDN

There are three types of host object on the Sophos Firewall: IP, MAC and FQDN

There are three types of host object on the Sophos Firewall: IP, MAC and FQDN.

Navigating and Managing Sophos Firewall v1.0 - 15

 Hosts
IP MAC FQDN

IP version and host type cannot be

changed after creation

IP host groups can be used to group IP

host objects for IP addresses, networks
and IP ranges, but not IP lists

IP host objects can represent a single IP address, a subnet, a range of IP addresses or a list of IP
address, for either IPv4 or IPv6.

The object has a name and then must be configured by IP version (IPv4 or IPv6) and a type. Note
that the IP version and type cannot be modified after the object has been created.

You then provide the data for the type of object you selected. Note that IP address lists are comma
separated.

IP host groups can be used to group IP host objects for IP addresses, networks and IP ranges, but
not IP lists.

Navigating and Managing Sophos Firewall v1.0 - 16

 Hosts
IP MAC FQDN

Type cannot be changed after it has been

Lists are comma separated
created

MAC host objects can be created for individual MAC addresses or MAC address lists.

The MAC host object has a name and then must be configured for a specific type, either MAC
address or MAC list. This cannot be changed once the object has been saved.

MAC address lists are comma separated.

Navigating and Managing Sophos Firewall v1.0 - 17

 Hosts
IP MAC FQDN

Supports wildcard prefix to resolve sub-

domains

Can be grouped with FQDN host groups

FQDN hosts are used to define fully qualified domain names.

FQDN host objects can include a wildcard prefix to resolve sub-domains, for example,
*.sophos.com.

FQDN host groups allow you to create a collection of FQDN host objects to further simplify the
using of objects in rules and policies.

Navigating and Managing Sophos Firewall v1.0 - 18

 Services

Service based on
TCP and UDP ports

Service based on
IP protocol numbers

Service based on
ICMP types & codes

Service objects can be created for:

• TCP and UDP based on protocol, source and destination port,
• IP based on protocol number,
• ICMP and ICMPv6 based on the ICMP type and code.

Each service object is for a single type, and can contain one or more definitions.

You can also create groups of service objects.

Navigating and Managing Sophos Firewall v1.0 - 19

 Country Groups

Sophos Firewall maintains a geo IP database that maps IP addresses to countries, and this is
automatically updated with the pattern definitions.

There are several predefined country groups that ship with Sophos Firewall, which can be edited.
You can also create custom groups of countries.

Navigating and Managing Sophos Firewall v1.0 - 20

 Profiles
Schedule Access time
• Defines a period of time • Allow or deny action for a schedule
• Recurring or one-off

Surfing quota Network traffic quota

• Browsing time restrictions • Bandwidth restrictions
• Recurring or one-off • Separate upload/download or combined

Decryption IPsec
• Settings for TLS decryption • IKE parameters for establishing tunnels
between two firewalls

Device access
• Roles for administrators

Profiles are a collection of settings that can be defined and used when configuring protection
features.

There are profiles for:

• Schedule, which defines a period, either recurring or one-off,
• Access time, that defines an allow or deny action for a schedule,
• Surfing quota, which defines either recurring or one-off restrictions for browsing time,
• Network traffic quota, for upload and download bandwidth quota restrictions,
• Decryption, for controlling the decryption of TLS traffic,
• IPsec, to specify the IKE (Internet Key Exchange) parameters for establishing tunnels between
two firewalls,
• And Device access, which defines access roles for admins logging into the WebAdmin.

Navigating and Managing Sophos Firewall v1.0 - 21

 Firmware Updates

Upload firmware

Boot firmware image

Boot with factory

default configuration

Sophos Firewall has two firmware slots, one for the current active firmware, and the other that can
be updated with a new version. This means that if an issue is encountered with the running
firmware, the previous version can be booted.

Firmware can be downloaded automatically or uploaded manually. When there is a new firmware
version you will be prompted to upgrade when you login.

As well as uploading new firmware, you can select which firmware version to boot, or choose to
boot one of the firmware versions with the default factory settings.

Navigating and Managing Sophos Firewall v1.0 - 22

 Firmware Updates

Three free firmware updates

Mandatory updates during initial setup wizard do not count

Pattern updates are not affected

Firmware updates require a valid support license. For devices that do not have a valid support
license applied, a banner is shown on the firmware page that shows the number of free firmware
updates that are left.

Three free firmware updates are provided, and mandatory updates that are installed as part of the
initial setup wizard are not counted towards this. Pattern updates are not affected.

Navigating and Managing Sophos Firewall v1.0 - 23

 Chapter Review

The main menu is the primary navigation tool and is divided into four sections. Pages are
further broken down into tabs for accessing each area of configuration

Every page provides a link to context sensitive help

Two types of object – hosts and services, and profiles – are used as the building blocks
for the configuration of rules and policies

Here are the three main things you learned in this chapter.

The main menu is the primary navigation tool and is divided into four sections. Pages are further
broken down into tabs for accessing each area of configuration.

Every page provides a link to context sensitive help.

The Sophos Firewall uses two types of object – hosts and services, and profiles - as the building
blocks for the configuration of rules and policies.

Navigating and Managing Sophos Firewall v1.0 - 28

Navigating and Managing Sophos Firewall v1.0 - 29