ebook img

Sophos XG Firewall Web Interface Reference and Admin Guide v16.5 PDF

627 Pages·2017·8.93 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Sophos XG Firewall Web Interface Reference and Admin Guide v16.5

Sophos XG Firewall v 15.01.0 – Release Notes Sophos XG Firewall Web Interface Reference and Admin Guide v16.5 For Sophos Customers Document Date: July 2017 | Contents | ii Contents What's New in this Release.....................................................................................7 Introduction...............................................................................................................9 Flavors...................................................................................................................................................................9 Administrative Interfaces......................................................................................................................................9 Administrative Access........................................................................................................................................10 Using Admin Console.............................................................................................10 Supported Browsers............................................................................................................................................12 Menus..................................................................................................................................................................12 Pages....................................................................................................................................................................13 List Navigation Controls....................................................................................................................................14 Monitor and Analyze..............................................................................................14 Control Center.....................................................................................................................................................14 Current Activities................................................................................................................................................21 Live Users...............................................................................................................................................21 Live Connections....................................................................................................................................22 Live Connections IPv6...........................................................................................................................24 View Live Connection Details...............................................................................................................26 IPsec Connections...................................................................................................................................30 Remote Users..........................................................................................................................................30 Diagnostics..........................................................................................................................................................30 Tools........................................................................................................................................................31 System Graphs........................................................................................................................................34 URL Category Lookup...........................................................................................................................39 Packet Capture........................................................................................................................................40 Connection List.......................................................................................................................................45 Support Access........................................................................................................................................49 Protect...................................................................................................................... 50 Firewall................................................................................................................................................................50 User / Network Rule...............................................................................................................................52 Business Application Rule......................................................................................................................64 Intrusion Prevention..........................................................................................................................................119 DoS Attacks..........................................................................................................................................119 IPS Policies...........................................................................................................................................120 Custom IPS Signatures.........................................................................................................................125 DoS & Spoof Prevention......................................................................................................................126 Web....................................................................................................................................................................136 Policies..................................................................................................................................................136 User Activities......................................................................................................................................139 Categories..............................................................................................................................................140 URL Groups..........................................................................................................................................142 Exceptions.............................................................................................................................................142 | Contents | iii Protection...............................................................................................................................................143 Advanced...............................................................................................................................................145 File Types..............................................................................................................................................146 Surfing Quotas......................................................................................................................................146 User Notifications.................................................................................................................................149 Applications.......................................................................................................................................................149 Application List....................................................................................................................................149 Application Filter..................................................................................................................................150 Traffic Shaping Default........................................................................................................................153 Wireless.............................................................................................................................................................154 Wireless Client List..............................................................................................................................154 Wireless Networks................................................................................................................................154 Access Point Overview.........................................................................................................................158 Access Point Groups.............................................................................................................................164 Mesh Networks.....................................................................................................................................165 Hotspots.................................................................................................................................................168 Hotspot Voucher Definition..................................................................................................................177 Rogue AP Scan.....................................................................................................................................178 Wireless Settings...................................................................................................................................180 Hotspot Settings....................................................................................................................................181 Email.................................................................................................................................................................182 MTA Mode............................................................................................................................................183 Legacy Mode........................................................................................................................................209 Web Server........................................................................................................................................................236 Web Servers..........................................................................................................................................236 Protection Policies................................................................................................................................238 Authentication Policies.........................................................................................................................242 Authentication Templates.....................................................................................................................244 SlowHTTP Protection...........................................................................................................................245 Advanced Threat...............................................................................................................................................246 Advanced Threat Protection.................................................................................................................246 Security Heartbeat.................................................................................................................................247 Sandstorm Activity...............................................................................................................................249 Sandstorm Settings................................................................................................................................250 Configure................................................................................................................250 VPN...................................................................................................................................................................250 IPsec Connections.................................................................................................................................251 SSL VPN (Remote Access)..................................................................................................................273 SSL VPN (Site to Site)........................................................................................................................275 CISCOTM VPN Client..........................................................................................................................278 L2TP (Remote Access).........................................................................................................................281 Clientless Access..................................................................................................................................285 Bookmarks.............................................................................................................................................285 Bookmark Groups.................................................................................................................................287 PPTP (Remote Access).........................................................................................................................287 IPsec Profiles.......................................................................................................................................289 SSL VPN...............................................................................................................................................295 L2TP......................................................................................................................................................298 Network.............................................................................................................................................................299 Interfaces...............................................................................................................................................299 Zones.....................................................................................................................................................328 WAN Link Manager.............................................................................................................................331 DNS.......................................................................................................................................................337 DHCP....................................................................................................................................................341 | Contents | iv IPv6 Router Advertisement..................................................................................................................348 Cellular WAN........................................................................................................................................351 IP Tunnels.............................................................................................................................................353 Neighbors (ARP-NDP).........................................................................................................................355 Dynamic DNS.......................................................................................................................................358 Routing..............................................................................................................................................................360 Static Routing........................................................................................................................................361 Policy Routing......................................................................................................................................364 Gateways...............................................................................................................................................366 BGP.......................................................................................................................................................368 OSPF.....................................................................................................................................................369 Information............................................................................................................................................374 Upstream Proxy....................................................................................................................................387 Multicast (PIM-SIM)............................................................................................................................389 RIP.........................................................................................................................................................391 Authentication...................................................................................................................................................394 Servers...................................................................................................................................................395 Services.................................................................................................................................................404 Groups...................................................................................................................................................412 Users......................................................................................................................................................416 One-Time Password..............................................................................................................................423 Captive Portal........................................................................................................................................426 Guest Users...........................................................................................................................................429 Clientless Users.....................................................................................................................................435 Guest User Settings..............................................................................................................................438 Client Downloads..................................................................................................................................443 STAS.....................................................................................................................................................444 System Services................................................................................................................................................445 High Availability...................................................................................................................................446 Traffic Shaping Settings.......................................................................................................................453 RED.......................................................................................................................................................454 Log Settings..........................................................................................................................................456 Data Anonymization.............................................................................................................................462 Traffic Shaping......................................................................................................................................465 Services.................................................................................................................................................469 System.....................................................................................................................470 Profiles...............................................................................................................................................................470 Schedule................................................................................................................................................471 Access Time..........................................................................................................................................473 Surfing Quotas......................................................................................................................................475 Network Traffic Quota..........................................................................................................................478 Network Address Translation...............................................................................................................482 Device Access.......................................................................................................................................482 Hosts and Services............................................................................................................................................484 IP Host..................................................................................................................................................485 IP Host Group.......................................................................................................................................486 MAC Host.............................................................................................................................................487 FQDN Host...........................................................................................................................................488 FQDN Host Group...............................................................................................................................489 Country Group......................................................................................................................................489 Services.................................................................................................................................................490 Service Group.......................................................................................................................................491 Administration...................................................................................................................................................492 Licensing...............................................................................................................................................493 | Contents | v Device Access.......................................................................................................................................494 Admin Settings......................................................................................................................................497 Central Management.............................................................................................................................500 Time.......................................................................................................................................................501 Notification Settings.............................................................................................................................501 Netflow..................................................................................................................................................503 Messages...............................................................................................................................................503 SNMP....................................................................................................................................................504 Backup & Firmware.........................................................................................................................................506 Backup & Firmware.............................................................................................................................506 API.........................................................................................................................................................507 Import Export........................................................................................................................................509 Firmware...............................................................................................................................................510 Pattern Updates.....................................................................................................................................512 Certificates.........................................................................................................................................................514 Certificates.............................................................................................................................................514 Certificate Authorities...........................................................................................................................516 Certificate Revocation Lists.................................................................................................................517 Appendix A - Logs................................................................................................518 Log Viewer........................................................................................................................................................518 View List of System Events.................................................................................................................519 View List of Web Filter Events...........................................................................................................520 View List of Application Filter Events................................................................................................521 View List of Malware Events..............................................................................................................522 View List of Email Events...................................................................................................................523 View List of Firewall Events...............................................................................................................524 View List of IPS Events.......................................................................................................................525 View List of Authentication Events.....................................................................................................526 View List of Admin Events..................................................................................................................527 View List of Web Server Protection (WAF) Events............................................................................527 View List of Advanced Threat Protection Events................................................................................528 View List of Security Heartbeat Events...............................................................................................529 Log ID Structure...............................................................................................................................................530 Log Type...............................................................................................................................................530 Log Component....................................................................................................................................531 Log Subtype..........................................................................................................................................533 Priority...................................................................................................................................................534 Common Fields for all Logs............................................................................................................................534 System Logs......................................................................................................................................................535 Web Filter Logs................................................................................................................................................544 Module-specific Fields..........................................................................................................................545 Application Filter Logs.....................................................................................................................................545 Module-specific Fields..........................................................................................................................546 Malware Logs...................................................................................................................................................547 Module-specific Fields..........................................................................................................................547 Email Logs........................................................................................................................................................549 Module-specific Fields..........................................................................................................................550 Firewall Rule Logs...........................................................................................................................................551 Module-specific Fields..........................................................................................................................552 IPS Logs............................................................................................................................................................554 Module-specific Fields..........................................................................................................................555 Authentication Logs..........................................................................................................................................557 Module-specific Fields..........................................................................................................................558 Admin Logs......................................................................................................................................................558 Module-specific Fields..........................................................................................................................559 Sandbox Report Logs.......................................................................................................................................559 Web Application Firewall (WAF) Logs...........................................................................................................560 Advanced Threat Protection (ATP) Logs.........................................................................................................561 Heartbeat Logs..................................................................................................................................................561 System Health Logs..........................................................................................................................................562 Appendix B - IPS - Custom Pattern Syntax......................................................562 Appendix C - Default File Type Categories.......................................................569 Appendix D - Supported Micro-Apps................................................................573 Appendix E - USB Compatibility List................................................................576 Appendix F - Compatibility with SFMOS 15.01.0............................................626 Appendix G - Additional Documents................................................................. 627 Copyright Notice...................................................................................................627 | What's New in this Release | 7 What's New in this Release Changes for v16.5 MR6 Editorial changes on Add Web Server Protection (WAF) Rule on page 65. Editorial changes on Create a New IPsec Policy on page 291. Removed all the help pages of Connectwise. Updated NAT policy to incorporated feedback. Changes for v16.5 MR4 Added new link for How-To Guides on page Pages on page 13. Updated valid values for the following on page Configure IPv6 Router Advertisement settings on page 348: • Valid Life Time • Preferred Life Time Editorial changes on following pages: Wireless Client List, Wireless Networks, Access Point Overview, Edit Access Point, Add Access Point Group, Add Mesh Network, Rogue AP Scan Changes for v16.5 MR3 Editorial changes on the following pages: • Messages • Add SSL VPN Remote Access Policy on page 273 • Admin Settings on page 497 Under Email section, updated following labels for Policies > Add Policy: MTA Mode • Add SMTP Policy to SMTP Route & Scan • Add POP-IMAP Scanning Policy to POP-IMAP Scan Legacy Mode • Add SMTP Malware Scanning Policy to SMTP Malware Scan • Add SMTP Scanning Policy to SMTP Spam Scan • Add POP-IMAP Scanning Policy to POP-IMAP Scan | What's New in this Release | 8 Changes for v16.5 MR2 Editorial changes on the following pages: • Add RED on page 320: Added link to supported RED 3G/4G/LTE USB dongle list • all the Certificate, Certificate Authority and Certificate Revocation List pages • replaced word "Navigate" with "Go" in navigation path on all the pages • Licensing on page 493 • Device Access on page 494 • Add Local Service ACL Exception Rule on page 496 • Add IP Host on page 485 • MAC Host on page 487 • FQDN Host Group on page 489 Removed following pages: • Common Operation • Tool Tips • Notification pop-ups Changes for v16.5 MR1 Editorial changes on the following pages: • Time on page 501 • SNMP on page 504 • Central Management on page 500 • Administration on page 492 • Netflow on page 503 Changes for v16.5 Added Sandstorm to provide enhanced protection against malware. View threat-detection activity on the Sandstorm Activity page. Specify settings on the Sandstorm Settings page. Added Sandstorm protection to firewall rules. See Add User/Network Rule (IPv4) and Add User/Network Rule (IPv6). Added Sandstorm protection to email policies. See Add SMTP Policy. Updated existing web protection exceptions that skip malware scanning to also skip Sandstorm analysis. See Exceptions. Added a new report Sandstorm which provides an insight of enhanced protection against advanced and targeted attacks. It includes following reports: • Policy and Content - Sandstorm Usage • Sandstorm Web Category • Sandstorm Web Users • Policy and Content - Sandstorm Mail Usage • Sandstorm Mail Category • Sandstorm Mail Senders Added Sandstorm as filter criteria for SMTP Quarantine, Mail Spool and Mail Logs pages. Added new section for details that are displayed on hovering mouse over certain objects on Firewall on page 50 page. | Introduction | 9 Changes for v16.5 Removed option 30 Day Full Guard Trial from Licensing on page 493 page. Added option Migrate UTM 9 License on Licensing on page 493 page. Added feature description to force TLS 1.2 usage. See Force TLS 1.2 on page 456 Introduction Sophos XG Firewall provides unprecedented visibility into your network, users, and applications directly from the all- new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized reporting across multiple firewalls. Click here to view list of all features supported by Sophos XG Firewall. Flavors This section provides information about different flavors available for Sophos XG Firewall. Sophos is available in following flavors: • Physical Devices • Virtual Devices • Software Physical Devices Sophos provides a range of physical devices to cater the needs of all size of businesses i.e. small business to home users to enterprises. Virtual Devices Virtual Network Security devices can be deployed as Next-Generation Firewalls or UTMs and offer industry-leading network security to virtual data-centers, “Security-in-a-Box” set-up for MSSPs/organizations, and “Office-in-a-Box” set-up. By offering comprehensive security features available in its hardware security devices, in virtualized form, these virtual devices offer Layer 8 Identity-based security on a single virtual device, which is as strong as security for the physical networks. Sophos offers a complete virtual security solution to organizations with its virtual network security devices (Next- Generation Firewalls/UTMs), virtual Sophos Firewall Manager (SFM) for centralized management, and Sophos iView software for centralized logging and reporting. Administrative Interfaces Device can be accessed and administered through: • Admin Console: Admin Console is a web-based application that an Administrator can use to configure, monitor, and manage the Device. • Command Line Interface: Command Line Interface (CLI) console provides a collection of tools to administer, monitor, and control certain component(s) of the device. • Sophos Firewall Manager (SFM): Distributed Sophos devices can be centrally managed using a single Sophos Firewall Manager (SFM) Device. | Using Admin Console | 10 Administrative Access This section provides information on how to access Device. An administrator can connect and access the device through HTTPS, telnet, or SSH services. Depending on the Administrator login account profile used for access, an administrator can access number of Administrative Interfaces and Admin Console configuration pages. The device is shipped with one administrator account and four administrator profiles. Administrator Type Login Credentials Console Access Privileges Super Administrator admin/admin Admin console Full privileges for both the consoles. It provides read-write permission for all the CLI console configuration performed through either of the consoles. Note: We recommend that you change the password of the user immediately on deployment. Admin Console Admin Console is a web-based application that an Administrator can use to configure, monitor, and manage the Device. You can connect to and access Admin Console of the device using HTTPS connection from any management computer using web browser: 1. HTTPS login: https://<LAN IP Address of the device> For more details, refer to section Admin Console. Command Line Interface (CLI) Console CLI console provides a collection of tools to administer, monitor, and control certain component(s) of the device. The device can be accessed remotely using the following connections: 1. Remote login Utility – TELNET login 2. SSH Client (Serial Console) Use CLI console for troubleshooting and diagnosing network problems in details. Sophos Firewall Manager (SFM) Distributed Sophos devices can be centrally managed using a single Sophos Firewall Manager (SFM) Device, enabling high levels of security for MSSPs and large enterprises. To monitor and manage devices through SFM device you must: 1. Configure SFM in Sophos device. 2. Integrate Sophos device with SFM. Once you have added the Devices and organized them into groups, you can configure single device or groups of devices. Using Admin Console Sophos Firewall OS uses a Web 2.0 based easy-to-use graphical interface termed as Admin Console to configure and manage the device.

Description:
Wireless Settings..180. Hotspot Settings. Bookmark Groups287. PPTP (Remote
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.