ebook img

Sophos XG Firewall Web Interface Reference and Admin Guide PDF

632 Pages·2016·9.35 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Sophos XG Firewall Web Interface Reference and Admin Guide

Sophos XG Firewall v 15.01.0 – Release Notes Sophos XG Firewall Web Interface Reference and Guide v16 Admin For Sophos Customers Document Date: November 2016 | Contents | 2 Contents Introduction...............................................................................................................7 Flavors...................................................................................................................................................................7 Administrative Interfaces......................................................................................................................................7 Administrative Access..........................................................................................................................................8 Using Admin Console...............................................................................................9 Supported Browsers............................................................................................................................................10 Menus..................................................................................................................................................................10 Pages....................................................................................................................................................................11 List Navigation Controls....................................................................................................................................12 Tool Tips.............................................................................................................................................................12 Notification pop-ups...........................................................................................................................................12 Common Operations...........................................................................................................................................12 Editing an Entity.....................................................................................................................................13 Deleting an Entity...................................................................................................................................13 Sorting Lists............................................................................................................................................13 Filtering Lists..........................................................................................................................................13 Show additional properties.....................................................................................................................13 Reordering Lists......................................................................................................................................13 Summary.................................................................................................................................................14 More........................................................................................................................................................14 Monitor and Analyze..............................................................................................15 Control Center.....................................................................................................................................................15 Current Activities................................................................................................................................................21 Live Users...............................................................................................................................................21 Live Connections....................................................................................................................................22 Live Connections IPv6...........................................................................................................................24 View Live Connection Details...............................................................................................................26 IPsec Connections...................................................................................................................................30 Remote Users..........................................................................................................................................30 Diagnostics..........................................................................................................................................................30 Tools........................................................................................................................................................31 System Graphs........................................................................................................................................34 URL Category Lookup...........................................................................................................................39 Packet Capture........................................................................................................................................40 Connection List.......................................................................................................................................46 Support Access........................................................................................................................................49 System.......................................................................................................................51 Profiles.................................................................................................................................................................51 Schedule..................................................................................................................................................51 Access Time............................................................................................................................................53 Surfing Quotas........................................................................................................................................56 Network Traffic Quota...........................................................................................................................59 Network Address Translation.................................................................................................................63 | Contents | 3 Device Access.........................................................................................................................................64 Hosts and Services..............................................................................................................................................67 IP Host....................................................................................................................................................67 IP Host Group.........................................................................................................................................68 MAC Host...............................................................................................................................................69 FQDN Host.............................................................................................................................................70 FQDN Host Groups................................................................................................................................71 Country Group........................................................................................................................................72 Services...................................................................................................................................................73 Service Group.........................................................................................................................................74 Administration.....................................................................................................................................................75 Licensing.................................................................................................................................................75 Device Access.........................................................................................................................................77 Admin Settings........................................................................................................................................81 Central Management...............................................................................................................................85 Time.........................................................................................................................................................86 Notification Settings...............................................................................................................................87 SNMP......................................................................................................................................................89 Netflow....................................................................................................................................................92 Messages.................................................................................................................................................93 Certificates...........................................................................................................................................................98 Certificates...............................................................................................................................................98 Certificate Authorities...........................................................................................................................104 Certificate Revocation Lists.................................................................................................................107 Backup & Firmware.........................................................................................................................................108 Backup & Firmware.............................................................................................................................109 API.........................................................................................................................................................110 Import Export........................................................................................................................................112 Firmware...............................................................................................................................................113 Pattern Updates.....................................................................................................................................115 Configure............................................................................................................... 117 Network.............................................................................................................................................................117 Interfaces...............................................................................................................................................117 Zones.....................................................................................................................................................145 WAN Link Manager.............................................................................................................................148 DNS.......................................................................................................................................................154 DHCP....................................................................................................................................................158 IPv6 Router Advertisement..................................................................................................................164 Cellular WAN.......................................................................................................................................168 IP Tunnels.............................................................................................................................................170 Neighbors (ARP-NDP).........................................................................................................................172 Dynamic DNS.......................................................................................................................................175 Authentication...................................................................................................................................................177 Servers...................................................................................................................................................177 Services.................................................................................................................................................187 Groups...................................................................................................................................................194 Users......................................................................................................................................................197 One-Time Password..............................................................................................................................203 Captive Portal........................................................................................................................................207 Guest Users...........................................................................................................................................209 Clientless Users.....................................................................................................................................215 Guest User Settings..............................................................................................................................217 Client Downloads..................................................................................................................................223 STAS.....................................................................................................................................................224 | Contents | 4 VPN...................................................................................................................................................................225 IPsec Connections.................................................................................................................................226 SSL VPN (Remote Access)..................................................................................................................246 SSL VPN (Site to Site)........................................................................................................................248 CISCOTM VPN Client..........................................................................................................................251 L2TP (Remote Access).........................................................................................................................254 Clientless Access..................................................................................................................................258 Bookmarks.............................................................................................................................................259 Bookmark Groups.................................................................................................................................262 PPTP (Remote Access).........................................................................................................................263 IPsec Profiles.......................................................................................................................................264 SSL VPN...............................................................................................................................................270 L2TP......................................................................................................................................................273 Routing..............................................................................................................................................................274 Static Routing........................................................................................................................................274 Policy Routing......................................................................................................................................277 Gateways...............................................................................................................................................280 BGP.......................................................................................................................................................281 OSPF.....................................................................................................................................................283 Information............................................................................................................................................288 Upstream Proxy....................................................................................................................................298 Multicast (PIM-SIM)............................................................................................................................299 RIP.........................................................................................................................................................300 System Services................................................................................................................................................304 High Availability..................................................................................................................................304 Traffic Shaping Settings.......................................................................................................................311 RED.......................................................................................................................................................313 Log Settings..........................................................................................................................................315 Data Anonymization.............................................................................................................................320 Traffic Shaping.....................................................................................................................................323 Services.................................................................................................................................................327 Protect.................................................................................................................... 329 Firewall..............................................................................................................................................................329 User / Network Rule.............................................................................................................................331 Business Application Rule....................................................................................................................342 Intrusion Prevention..........................................................................................................................................395 DoS Attacks..........................................................................................................................................395 IPS Policies...........................................................................................................................................396 Custom IPS Signatures.........................................................................................................................401 DoS & Spoof Prevention......................................................................................................................402 Web...................................................................................................................................................................410 Policies..................................................................................................................................................410 User Activities......................................................................................................................................414 Categories..............................................................................................................................................415 URL Groups..........................................................................................................................................416 Exceptions.............................................................................................................................................417 Protection...............................................................................................................................................418 Advanced...............................................................................................................................................420 File Type...............................................................................................................................................420 Surfing Quotas......................................................................................................................................421 User Notifications.................................................................................................................................424 Applications.......................................................................................................................................................424 Application List....................................................................................................................................424 Application Filter..................................................................................................................................425 | Contents | 5 Traffic Shaping Default........................................................................................................................428 Wireless.............................................................................................................................................................429 Wireless Client List..............................................................................................................................429 Wireless Networks................................................................................................................................430 Access Point Overview.........................................................................................................................434 Access Point Groups.............................................................................................................................439 Mesh Networks.....................................................................................................................................441 Hotspots.................................................................................................................................................443 Hotspot Voucher Definition.................................................................................................................451 Rogue AP Scan.....................................................................................................................................452 Settings..................................................................................................................................................454 Hotspot Settings....................................................................................................................................456 Email.................................................................................................................................................................457 MTA Mode...........................................................................................................................................458 Legacy Mode........................................................................................................................................486 Web Server........................................................................................................................................................513 Web Servers..........................................................................................................................................514 Protection Policies................................................................................................................................515 Authentication Policies.........................................................................................................................519 Authentication Templates.....................................................................................................................521 SlowHTTP Protection...........................................................................................................................522 Advanced Threat...............................................................................................................................................523 Advanced Threat Protection.................................................................................................................523 Security Heartbeat.................................................................................................................................524 Appendix A - Logs................................................................................................527 Log Viewer.......................................................................................................................................................527 View List of System Events.................................................................................................................528 View List of Web Filter Events...........................................................................................................529 View List of Application Filter Events................................................................................................529 View List of Malware Events..............................................................................................................530 View List of Email Events...................................................................................................................531 View List of Firewall Events...............................................................................................................532 View List of IPS Events.......................................................................................................................533 View List of Authentication Events.....................................................................................................534 View List of Admin Events.................................................................................................................535 View List of Web Server Protection (WAF) Events...........................................................................535 View List of Advanced Threat Protection Events...............................................................................536 View List of Security Heartbeat Events..............................................................................................537 Log ID Structure...............................................................................................................................................538 Log Type...............................................................................................................................................538 Log Component....................................................................................................................................539 Log Subtype..........................................................................................................................................541 Priority...................................................................................................................................................542 Common Fields for all Logs............................................................................................................................542 Admin Logs......................................................................................................................................................543 Firewall Rule Logs...........................................................................................................................................544 Module-specific Fields..........................................................................................................................545 Web Filter Logs................................................................................................................................................547 Module-specific Fields..........................................................................................................................547 Application Filter Logs.....................................................................................................................................548 Module-specific Fields..........................................................................................................................548 IPS Logs............................................................................................................................................................549 Module-specific Fields..........................................................................................................................549 Anti Virus Logs................................................................................................................................................550 | Contents | 6 Module-specific Fields..........................................................................................................................551 Anti Spam Logs................................................................................................................................................552 Module-specific Fields..........................................................................................................................553 System Logs......................................................................................................................................................554 Authentication Logs..........................................................................................................................................563 Advanced Threat Protection (ATP) Logs........................................................................................................564 Heartbeat Logs..................................................................................................................................................564 Web Application Firewall (WAF) Logs..........................................................................................................565 System Health Logs..........................................................................................................................................565 Appendix B - IPS - Custom Pattern Syntax......................................................566 Appendix C - Default File Type Categories.......................................................572 Appendix D - Supported Micro-Apps................................................................576 Appendix E - USB Compatibility List................................................................580 Appendix F - Compatibility with SFMOS 15.01.0............................................631 | Introduction | 7 Introduction Sophos Firewall, combines the best of both Sophos and Cyberoam technology delivering an unprecedented level of innovation to next-generation firewalls. With all new user interface, new Security Heartbeat technology, and a powerful new unified policy model, it introduces a number of important innovations that take simplicity, protection, and performance, to a whole new level. Sophos Firewall OS runs on all existing Sophos SG Series and Cyberoam NG Series hardware and is available for a variety of virtual platforms or as a software appliance. Features Summary • Control center that surfaces important information with extensive drill-down • Intuitive navigation that gets out of the way with helpful reminders and guidance • Policies of all types are managed together on a single screen • Policy tools include innovative new features like types, templates, natural language descriptions, and user-identity • User Threat Quotient that identifies user risk based on past behavior • Discover mode that makes evals, trials, and PoCs easier • FastPath optimized scanning Flavors This section provides information about different flavors available for Sophos XG Firewall. Sophos is available in following flavors: • Physical Devices • Virtual Devices • Software Physical Devices Sophos provides a range of physical devices to cater the needs of all size of businesses i.e. small business to home users to enterprises. Virtual Devices Virtual Network Security devices can be deployed as Next-Generation Firewalls or UTMs and offer industry-leading network security to virtual data-centers, “Security-in-a-Box” set-up for MSSPs/organizations, and “Office-in-a-Box” set-up. By offering comprehensive security features available in its hardware security devices, in virtualized form, these virtual devices offer Layer 8 Identity-based security on a single virtual device, which is as strong as security for the physical networks. Sophos offers a complete virtual security solution to organizations with its virtual network security devices (Next- Generation Firewalls/UTMs), virtual Sophos Firewall Manager (SFM) for centralized management, and Sophos iView software for centralized logging and reporting. Administrative Interfaces Device can be accessed and administered through: • Admin Console: Admin Console is a web-based application that an Administrator can use to configure, monitor, and manage the Device. • Command Line Interface: Command Line Interface (CLI) console provides a collection of tools to administer, monitor, and control certain component(s) of the device. | Introduction | 8 • Sophos Firewall Manager (SFM): Distributed Sophos devices can be centrally managed using a single Sophos Firewall Manager (SFM) Device. Administrative Access This section provides information on how to access Device. An administrator can connect and access the device through HTTPS, telnet, or SSH services. Depending on the Administrator login account profile used for access, an administrator can access number of Administrative Interfaces and Admin Console configuration pages. The device is shipped with one administrator account and four administrator profiles. Administrator Type Login Credentials Console Access Privileges Super Administrator admin/admin Admin console Full privileges for both the consoles. It provides read-write permission for all the CLI console configuration performed through either of the consoles. Note: We recommend that you change the password of the user immediately on deployment. Admin Console Admin Console is a web-based application that an Administrator can use to configure, monitor, and manage the Device. You can connect to and access Admin Console of the device using HTTPS connection from any management computer using web browser: 1. HTTPS login: https://<LAN IP Address of the device> For more details, refer to section Admin Console. Command Line Interface (CLI) Console CLI console provides a collection of tools to administer, monitor, and control certain component(s) of the device. The device can be accessed remotely using the following connections: 1. Remote login Utility – TELNET login 2. SSH Client (Serial Console) Use CLI console for troubleshooting and diagnosing network problems in details. Sophos Firewall Manager (SFM) Distributed Sophos devices can be centrally managed using a single Sophos Firewall Manager (SFM) Device, enabling high levels of security for MSSPs and large enterprises. To monitor and manage devices through SFM device you must: 1. Configure SFM in Sophos device. 2. Integrate Sophos device with SFM. Once you have added the Devices and organized them into groups, you can configure single device or groups of devices. | Using Admin Console | 9 Using Admin Console Sophos Firewall OS uses a Web 2.0 based easy-to-use graphical interface termed as Admin Console to configure and manage the device. You can access the device for HTTPS web browser-based administration from any of the interfaces. Device when connected and powered up for the first time, it will have a following default Admin Console Access configuration for HTTPS service. Services Interface/Zones Default Port HTTPS WAN TCP Port 4444 The administrator can update the default ports for HTTPS service from System > Administration > Admin Settings Admin Console Language The Admin Console supports multiple languages, but by default appears in English. Apart from English, Chinese- Simplified, Chinese-Traditional, Hindi, French, German, Italian, Korean and Brazilian Portuguese languages are also supported. Administrator can choose the preferred language at the time of logging. Listed elements of Admin Console are displayed in the configured language: • Control Center contents • Navigation menu • Screen elements including field & button labels and tips • Error messages Administrator can also specify description for various policies, services, and various custom categories in any of the supported languages. All the configurations done from the Admin Console take effect immediately. To assist you in configuring the device, the device includes detailed context-sensitive online help. Log on procedure The log on procedure authenticates the user and creates a session with the Device until the user logs-off. To get the login window, open the browser and type LAN IP Address of the device in browser’s URL box. A dialog box appears prompting you to enter username and password. Below are the screen elements with their description: Username Enter user login name. If you are logging on for the first time after installation, use the default username. Password Specify user account password. Dots are the placeholders in the password field. If you are logging on for the first time after installation with the default username, use the default password. Language Select the language. The available options are: • Chinese-Simplified • Chinese-Traditional

Description:
monitor, and control certain component(s) of the device Each section in this guide shows the menu path to the configuration page. Simple Network Management Protocol (SNMP) is used as the transport protocol for network
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.