Professional Documents
Culture Documents
ES80 20.0v1 Simulation Workbook
ES80 20.0v1 Simulation Workbook
ES80 20.0v1 Simulation Workbook
Contents
Introduction
Sophos Firewall Deployment
© 2024 Sophos Limited. All rights reserved. No part of this document may be used or reproduced in any form or by any means without the prior
written consent of Sophos.
Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and marks mentioned in this document may be
the trademarks or registered trademarks of Sophos Limited or their respective owners.
While reasonable care has been taken in the preparation of this document, Sophos makes no warranties, conditions, or representations (whether
express or implied) as to its completeness or accuracy. This document is subject to change at any time without notice.
Sophos Limited is a company registered in England number 2096520, whose registered office is at The Pentagon, Abingdon Science Park,
Abingdon, Oxfordshire, OX14 3YP.
Sophos Certified Engineer
Introduction
These simulations accompany the course and form the practical part of the
certification.
You should complete each section of the simulations when directed to do so in the training content.
If you need help or support at any point while completing the simulations, please contact us at globaltraining@sophos.com and
one of the team will be able to assist you
Sophos Certified Engineer
In this simulation you will use the CLI to change the IP address of the management port to be your LAN IP
range.
In this simulation you will configure Sophos Firewall using the initial setup wizard
Sophos Certified Engineer
In this simulation you create IP host, FQDN host, and service definitions on Sophos Firewall that can be used
in firewall rules, VPNs, and other configuration.
In this simulation you will create zones for the Intranet and MPLS, and then configure the interfaces PortD
and PortF for these zones respectively.
In this simulation you will create a simple static route on London Gateway 1 that will route traffic destined
for the New York LAN subnet over the MPLS connection to New York Gateway.
In this simulation you will configure DNS request routes on the Sophos Firewall.
Sophos Certified Engineer
In this simulation you will deploy the Sophos Firewall certificate authorities using Active Directory Group
Policy.
In this simulation you will import a CA certificate on Sophos Firewall. This can be required for the Sophos
Firewall to validate certificates signed by authorities not included on Sophos Firewall by default, such as
enterprise CAs.
Sophos Certified Engineer
Base Firewall
Create a Firewall Rule
In this simulation you will modify the default firewall rule to allow outbound traffic from additional zones,
and then create firewall rules to allow traffic to and from the New York branch office over the MPLS.
In this simulation you will remove the linked NAT rule for the default firewall rule, unlink the NAT rule for
email protection, and create a NAT rule for MPLS traffic.
In this simulation you will publish a server using a DNAT rule created using the server access assistant.
In this simulation you will create a TLS inspection rule on Sophos Firewall that will decrypt all outbound
traffic.
Sophos Certified Engineer
Network Protection
Create an IPS Policy
In this simulation you will create an IPS policy and apply it to a firewall rule.
In this simulation you will enable advanced threat protection, trigger a detection, and review the resulting
information.
In this simulation you will register Sophos Firewall with Sophos Central and enable Security Heartbeat in a
firewall rule. You will trigger a RED health status and confirm the device is blocked.
Sophos Certified Engineer
Site-to-Site Connections
Create an SSL Site-to-Site VPN
In this simulation you will create an SSL site-to-site VPN between two Sophos Firewalls.
In this simulation you will create a route-based IPsec site-to-site VPN between two Sophos Firewalls.
In this simulation you will a Remote Ethernet Device (RED) on Sophos Firewall in standard/split mode.
Sophos Certified Engineer
Authentication
Add an Active Directory Authentication Server
In this simulation you will add an Active Directory authentication server to Sophos Firewall and import
groups.
In this simulation you will configure a single sign-on for administrators to the web console using Azure AD.
In this simulation you will configure a single sign-on using the Sophos Transparent Authentication Suite on
Sophos Firewall. You will then test your configuration.
In this simulation you will configure firewall rules to match based on user identity on Sophos Firewall.
In this simulation you will enable multi-factor authentication on Sophos Firewall. You will then test your
configuration.
Sophos Certified Engineer
Web Protection
Create Custom Web Categories on Sophos Firewall
In this simulation you will create a keyword filter, modify the existing ‘Unproductive Browsing’ user activity,
and create user activity for controlling access to specific categories of website.
In this simulation you will create a custom content filter that will be used to detect web pages that contain
common bullying terms.
In this simulation you will clone and customize a web policy by adding additional rules. You will then test the
policy using two different users and the Policy Test tool
In this simulation you will enable web policy overrides for Fred Rogers. You will then create a web policy
override and use the access code generated to allow John Smith to access a site that is currently blocked.
Sophos Certified Engineer
In this simulation you will configure a surfing quota for guest users and apply it to the ‘Guest Group’. You will
create a guest user and test your quota policy.
Sophos Certified Engineer
Application Control
Create an Application Filter
In this simulation you will create a custom application filter, apply it to a firewall rule, then test the results.
In this simulation you will reclassify an application detected by synchronized application control, then test
that it is blocked.
In this simulation you will review the cloud applications detected by Sophos Firewall and classify them.
In this simulation you will configure and apply a traffic shaping policy for applications.
Sophos Certified Engineer
Remote Access
Configure an SSL Remote Access VPN
In this simulation you will configure an SSL remote access VPN using the assistant. You will then review the
configuration created and test your VPN using the Sophos Connect client.
In this simulation you will configure an IPsec remote access VPN. You will then test your VPN using the
Sophos Connect client.
In this simulation you will configure bookmarks and policies for clientless SSL VPN access. You will then login
to the user portal to test your configuration.
Sophos Certified Engineer
Wireless Protection
Deploying an Access Point
In this simulation you will run a report and filter it to customize the view. You will then create a bookmark for
the report and schedule an executive report to be sent by email.
Sophos Certified Engineer
In this simulation you will add a Sophos Firewall to Sophos Central, assign it to a group, and push
configuration changes to the firewall, including using VPN orchestration.
In this simulation you will run reports for Sophos Firewall in Sophos Central.