Sophos 101 - Initial Setup and Configuration

Рет қаралды 114,664

Mike Faucher

Күн бұрын

Пікірлер: 90

@josephotobo7933 3 жыл бұрын

Very few people make videos with exhaustive detail.. Thanks!!

@MikeFaucher 3 жыл бұрын

Thank you very much for the feedback. It is appreciated.

@khamisomar2798 Жыл бұрын

It's very nice to study on your video for the begginer

@MikeFaucher Жыл бұрын

Thanks for the feedback, it is appreciated.

@DeathVRGame 2 жыл бұрын

Thank you for this video. Very few go into much details.

@MikeFaucher 2 жыл бұрын

Great to hear and thanks for the feedback!

@mahirvahora3832 3 жыл бұрын

fantastic understanding

@MikeFaucher 3 жыл бұрын

Great to hear and thanks for the feedback.

@peterayuba8308 5 ай бұрын

Thank you sir for this intensive introduction to Sophos. Please, what should I do when any system connected to my network is not controlled by the rules of the firewall. Initially, I will have to add the Mac address of the system and then asign the level of internet access. But right now it is no longer functioning. Please, I need your support. Thanks

@MikeFaucher 5 ай бұрын

Hard to tell as I do not understand your configuration. MAC addresses are not require unless you setup a MAC filter. Without better understanding your configuration I really can't offer much help. Sorry.

@euginchasia1173 10 ай бұрын

You are fantastic man

@MikeFaucher 10 ай бұрын

Thanks for the feedback.

@Sky1 3 жыл бұрын

i wish my screen looked like yours. I think it did a long time ago

@ninosodicho382 3 жыл бұрын

Thank you Sir

@MikeFaucher 3 жыл бұрын

My Pleasure, glad you liked it.

@josephkilonzo5994 4 жыл бұрын

Hello Sir, KIndly advice me how to configure a second WAN (2nd ISP) on Sophos XG125, have already configured 1st WAN on port 2. Need the second ISP to be the failover .

@MikeFaucher 4 жыл бұрын

You can use the same configuration as this video but instead of failover use balancing. I have not done a video on version 18 yet but I will be.

@josephkilonzo5994 4 жыл бұрын

@@MikeFaucher .Thank you for the advice. The issue i have is that i'm not able to edit/configure port 4 to accept ISP's static settings, how can one edit Port 4?

@josephkilonzo5994 4 жыл бұрын

@@MikeFaucher The 1st ISP has a dynamic ip settings , but second isp says that we need to configure the port to use the static ip addresses they have given us.

@MikeFaucher 4 жыл бұрын

@@josephkilonzo5994 The process is the same, if you go to my failover video (kzbin.info/www/bejne/paLYopSZZqiMb7s) at 8:40 when you plug in your second WAN, you have the option to set up that extra WAN port as DHCP or Static. You should be able to select Static and enter the parameters.

@Martin-ot7xj 5 жыл бұрын

Hi there, i have a question, i have normal router with wifi antenna that my mobile and another devices connect to my router wirelessly, and i have pfsese firewall but it doesn't support wifi my question is how can i connect my pfsese firewall to my router then my wifi devices can connect to my pfsense wirelessly?? Thnx

@jaycayanes1700 Жыл бұрын

Hi Mike, can you help me, the static IP of my Firewall Sophos XGS 107 I changed it and my bad. Now, I can’t browse. Please help how to get back the IP address to open the Firewall interface. Thank and advance Mike.

@MikeFaucher Жыл бұрын

Hard to answer this question as I do not know anything about your configuration. If you used the default LAN, you should be able to access the interface with 172.16.16.16, but if you changed it to something else, then I have no way to answer your question. If you are still able to get an IP address for your computers such as 192.168.1.5, then you could try 192.168.1.1:4444. Worst case, you may have to reset you device if that is an option. Sorry I can't be more help.

@jaycayanes1700 Жыл бұрын

@@MikeFaucher thank you Mike, it was a great help.

@MikeFaucher Жыл бұрын

@@jaycayanes1700 Glad to hear that. Thanks for the feedback.

@canadianwildlifeservice8883 Жыл бұрын

Great intro video. XG sure is a mixed bag. Sad to hear they are making the UTM end of life in a few years. I wish creating static IPs was easier. This product must be a nightmare for admins to use, the flow is horrible between creating static IPs and MAC hosts compared to the UTM.

@MikeFaucher Жыл бұрын

“Mixed bag” is a great way to put it. I have switched to the UniFi UDM SE Pro but we still run 3 XG units at work. They are not horrible to maintain but you are right about the static IP especially for home use. In the enterprise most of the static reservation is done in Active Directory so I guess it is not too bad.

@khunzsec0094 4 жыл бұрын

Thanks alot Sir ! do you have a complete video on it

@MikeFaucher 4 жыл бұрын

There are way too many options in Sophos to do in one video. I have done several on my channel and I have included the link below. It would be easier if you once you got it configured and running you narrow what features you would me to focus on and that way I can add it to my list. kzbin.infosearch?query=sophos

@joshemm4991 3 жыл бұрын

in case anyone else has this issue, port 8090 is a login screen also, but it doesn't respond to admin / admin, you have to use 4444, so there is 3 www server ports apparently.

@MikeFaucher 3 жыл бұрын

Thanks for the input!

@Ankhaa147 Жыл бұрын

Thank you!

@MikeFaucher Жыл бұрын

Glad you found it useful.

@owenkittredge3433 4 жыл бұрын

Thank you for the videos, i am setting up the Sophos XG home routers for family members and the Sophos instructions are out of date and was floundering . It did not help that i have been deploying Kerio Control routers for my clients for 8 years so had to get out of my standard way of thinking and figure this out.

@MikeFaucher 4 жыл бұрын

Thank you and glad you like it. I have several other XG videos on my channel as I am a big fan of the software. You are right, it is a little different but very powerful when you get used to it. Good luck and thanks for the feedback.

@renatocalub9784 4 жыл бұрын

I have XG86 device. However there is no Port1 on the Interface. Only Guest, Port2 and br0. How can I add Port1?

@MikeFaucher 4 жыл бұрын

The XG865 has 4 configurable ports that and be setup. If you hare showing a BR0 than you most likely have 2 ports that have bee bridged into one. You can either do a factory reset or delete the BR0 interface and you should get port 1 back. You will lose your configuration in the process. See my other video that will explain how you got the BR0. kzbin.info/www/bejne/jpWxYp5-nbB1ftE

@themex22k 3 жыл бұрын

Saberia me tirar uma dúvida, o meu xg 105 não inicia. parece que o SSD parou;

@MikeFaucher 3 жыл бұрын

Esse seria o meu palpite também.

@jasoncummings7052 Жыл бұрын

Want to thank you for your very informative and helpful content. A recent problem surfaced at a client and I hope you or anyone can help. Problem summary: Invalid certification error for https sites. Infrastructure overview: Head Office has an XG230 FW appliance and AD integrated. Remote office has RED appliance and use XG-230 as Internet gateway. Description: All has been going well until recently the users in the remote access complained they cannot open https sites. However this does not happen to the users at the head office. Also users over remote VPN do not have the problem either, even those from the remote office Research points to DST Root CA X3 2021 expiration as the source of the problem. So why only RED users are affected when they rely on the FW rules as head office users. Any insight will be appreciated.

@MikeFaucher Жыл бұрын

Interesting question and do not know the answer. I have not seen this condition unless there are differences in permissions/setting between the groups. You may want to post that question with the Sophos community or support. They are slow but they do respond.

@jasoncummings7052 Жыл бұрын

@@MikeFaucher Ok thank you for responding. Yes I find their support lacking.

@MikeFaucher Жыл бұрын

@@jasoncummings7052 We have paid support and it takes a long time on hold. They do not support the free version at all.

@journeyamigos3242 4 жыл бұрын

ty sir

@MikeFaucher 4 жыл бұрын

Thank you for the feedback. I appreciate it.

@vicentegonzales369 2 жыл бұрын

Hi, how to change Sophos home Dashboard's language?

@MikeFaucher 2 жыл бұрын

Take a look at this. support.home.sophos.com/hc/en-us/articles/360043006531-How-to-change-the-Sophos-Home-Dashboard-language Hope that helps.

@wallywoll7334 5 жыл бұрын

Mike could you explain how to put in order firewall rules. Sophos is saying we should block everything in top rule and than allow what we want in bottom rules.

@MikeFaucher 5 жыл бұрын

There are different approaches. If you block "All" as Sophos recommends, you will have to create rules for every user or PC on your home network. which means no one can connect unless you create users and allow them. In a business environment that is the preferred way as you typically authenticate to an active directory. In a home network, you will typically filter/control the entire network so you will apply some default rules that are global and not user specific. It would be helpful if you could describe your network, #users, Vlans, etc. then I could make a more specific recommendation.

@wallywoll7334 5 жыл бұрын

Mike thanks for taking the time. I have a typical network. With one vlan and 1 dafault rule, vlan I’m using for guest. I’m using the default rule as my main rule But the problem I’m have is, (VPN’s) people can bypass my system with vpn’s. Like X-VPN and others like it. Wondering if you see this in your network. My system is deployed in a multi home environment with about 200 users.

@MikeFaucher 5 жыл бұрын

@@wallywoll7334 VPNs are tricky. I would try the following. Create an application rule that will be assigned to both VLAN and your main network firewall rules (see my video on creating application rules and filters) and add a block for all VPN's. It supports 105 different ones among those is X-VPN. If you apply this application rule to each firewall rule, the clients should not be able to connect going out. There maybe some free games that stop working though as some use VPNs in multi user gaming. As for my network here is a link to my basic config (thedocsworld.net/home-network/). Its missing a few things but it is close. Hope this helps and let me know how it turns out and let me know if I can help.

@Tech-geeky 3 жыл бұрын

@@MikeFaucher Its in a routers way as well lol :)

@paulogarachico7173 4 жыл бұрын

Where is your next video Sir? :) you educate me a lot by this video.

@MikeFaucher 4 жыл бұрын

I have many on my channel. kzbin.info/door/Bqox9okPrHvJNSZxs7ZjYAsearch?query=sophos Thanks for the feed and I am working on the Version 18 videos.

@Tech-geeky 3 жыл бұрын

Anybody problems with WAN?

@candicefernandes5455 2 жыл бұрын

how do i find which device was used for the setup? e.g. xg450 etc

@MikeFaucher 2 жыл бұрын

I used a regular Core I3 desktop computer. Their home version is free and runs on most hardware

@candicefernandes5455 2 жыл бұрын

@@MikeFaucher thank you mike!

@MikeFaucher 2 жыл бұрын

@@candicefernandes5455 Anytime. Good luck if you end up trying it.

@Tim123-w6d 4 жыл бұрын

Hello! Thanks for the video! I just have one issue I'm facing.. I must download the firewall offline due to it being the router of my network that is connected to a VM workstation and a VM Active Directory, running on Windows Server 2019 on an Host-Only NIC. But I keep on being stuck on the "Finishing" screen. How can I solve this?

@MikeFaucher 4 жыл бұрын

The only thing I can think of is it appears you only have one NIC and you need at least two. The finish process takes about 4-6 minutes but I do not think it will do the final configuration with only 1 NIC.

@Tim123-w6d 4 жыл бұрын

@@MikeFaucher That wasn't the issue in my case, however I'd like to thank you for the response and help. I indeed only have 1 NIC in the workstation that is Host-Only and 2 in the Firewall (NAT and host-only), since this is my router that connects me to the WAN. I solved this issue, what I did wrong was I had changed the IP of the configuration set-up in the manual part, I simply had to click on "register offline" (I had tried both) Now, I got another issue. I need internet through the Firewall. So, that means ports 443 (HTTPS), 80 (HTTP) and 53 (DNS TCP/UDP) both need to be opened in both in and outbound traffic. How do I do this? Just make another Firewall Rule? Sorry, I'm an IT Student 😅

@MikeFaucher 4 жыл бұрын

@@Tim123-w6d I am at a disadvantage not quire seeing how you have things hooked up but yes, you do need a firewall rule to allow traffic to pass.

@Tim123-w6d 4 жыл бұрын

@@MikeFaucher Thanks for attempting to help me out. I really do appreciate both the effort and time. As for my current configuration, this is the set-up in VMware workstation 16 Pro: Sophos XG Firewall: (17.5.9) Active Directory Domain Controller Windows 10, 2004 (one VM) All of the network instruments have host-only NICs, except the FW (it has a NAT NIC too). Meaning my DC and WS don't have direct internet. So, the internet must be configured somewhere in the Sophos XG web-interface. I know I must make a FW rule, which I have done. But what do I do now and most particularly, where?

@MikeFaucher 4 жыл бұрын

@@Tim123-w6d Are you trying to authenticate via AD? If so that is a whole process in its self. If you have this in a VM them first make sure the correct virtual Nics are called out in the network settings. The firewall rule should be the same as the one video. Try on on rule after you have defined your wan and lan interfaces.

@danimoosakhan 5 жыл бұрын

Does the firewall rules set have implicit deny at the end?

@MikeFaucher 5 жыл бұрын

Normally in business it is best practice but in this example I expect all IOT devices to use the internet not the LAN.

@Tech-geeky 3 жыл бұрын

@@MikeFaucher 'As we see fit'... of course. security wise, i can only think of why you wouldn't want to phone home. There have been some pretty shifty in-secure iOT devices out there

@tanasmith1000 3 жыл бұрын

we are backup XG210 and restore on XG310 ?

@MikeFaucher 3 жыл бұрын

As long as your 310 has the same or more NICS.

@tanasmith1000 3 жыл бұрын

@@MikeFaucher Have a more NICS

@MikeFaucher 3 жыл бұрын

@@tanasmith1000 Network Connections. RJ45.

@MomG-f4i 11 ай бұрын

When the adimn password is changed... Does this mean that my Router Admin password has also changed?

@MikeFaucher 11 ай бұрын

Yes, exactly.

@Martin-ot7xj 5 жыл бұрын

Hi there, thankyou for your useful tutorial video. My question is when we install sophos firewall by default all port all black from outside?? I mean all incoming traffic from outside or internet for more security ?? Or we must make a rule in firewall??

@MikeFaucher 5 жыл бұрын

Look at my Sophos XG Firewall and the configuration and filtering video. You have to create a "defualt" rules that control traffic the way you want.

@garyrds 5 жыл бұрын

Great Instructions! BUT, I greatly appreciate advice to setup Sophos UTM Home as Bridge setup: WAN >> Cable/Modem (SB6190) >> Bridge Protectli/SophosUTM >> DD-WRT Router (DHCP/WiFi) >> LAN. The router is set (192.168.10.2). I need UTM as a Bridge/Firewall/IPS so hoping is can be 192.168.10.1. When I set eth0 IPv4/GW on UTM, I do get an IP from the modem but cannot get access to the Internet from a Protectli port or from the DD-WRT router. Admin on UTM is on eth2 at 192.168.10.112. Can you give some advice and also point me to a good video on this? Thanks!

@MikeFaucher 5 жыл бұрын

Gary D Thanks for the question. I will add it to the list of future videos.

@Martin-ot7xj 5 жыл бұрын

Hi, can we block apps like telegram or WhatsApp or Skype or wechat?? On sophos firewall??

@stylez1989 4 жыл бұрын

Yes

4 жыл бұрын

Yes, you can either create a Web Policy or an Application Filter for that