Thanks to all for the suggestions. I am working on some additional videos for VLANs, Unify WiFi integration, and VPN. I am also going to plan for DMZ and better LAN coverage in the near future.
@aDogNamedGromit5 жыл бұрын
Reporting and logs would be a good one too. I often don't know that something is happening on my network. I want to bring that information forward to me. How to get reports and how to customize visual data to easily show things that are happening. I often have also had trouble with specific pages loading and have to often figure out why a rule is blocking that page. After watching tech support sift through the logs and ID the culprit is I realize I just don't know how to problem solve with the log file. I want to allow streaming media but not open too many holes too. Your videos are far better than the support videos and sophos help sections. I actually understand when your explaining it. I also want to tighten security on my kids pcs They also have allot of android tablets. I am not sure how to handle them as they don't have windows logons.
@jacobbugatti98235 жыл бұрын
Hello Mike, I am doing my first SOPHOS products installation, I would like to know what is the best way to contact you
@MikeFaucher6 жыл бұрын
The MAC address can be found in the listing of devices after you attach your network devices click on DHCP tab an scroll toward the bottom and you will see a list of devices and their respective MAC address. Some devices also have them on a label and computers have then in the network properties.
@MikeFaucher6 жыл бұрын
Thanks to all for the comments. Let me know if you would like to see a specific feature.
@piratev205 жыл бұрын
SSO . STAS is not getting properly deployed . AD 2k12. Kindly show the steps of STAS deployment
@aDogNamedGromit4 жыл бұрын
Mike this is a great video. Very concise. I would like to see more on how to trouble shoot or analyse the Log. file. There is allot of information in the log. Knowing how to look at it and adjust things would be really helpful.
@MikeFaucher4 жыл бұрын
Thanks, I will put it on the list. Working on V18 now and will include some log detail in one of those videos. Thanks for the feedback.
@abulaith44856 жыл бұрын
Excellent Video Mike, Thank you. Very clearly explained and very valuable information demonstrated. Will be great if you can present a typical corporate setup of firewall configuration, such as a trusted network LAN, DMZ and WAN. Web servers in the DMZ connected to back end Database Servers.
@deivissolano182510 ай бұрын
Estamos ya en el 2024 y este video sigue ayudando saludos,,
@MikeFaucher10 ай бұрын
Muchas gracias. Me alegro que haya ayudado. feliz año nuevo.
@geejonez24247 жыл бұрын
Great Video! I found this to be very helpful.
@ZoSkiLuv6 жыл бұрын
Great video Mike. Explained the firewall rules very nicely. A++
@GregInHouston22 жыл бұрын
Extremely useful! I do not understand when you set up the reservation in DHCP. It was half a second between I need to enter the MAC address and it is all done and saved. It is useful to know the reservation must be outside the dynamic range; I've used firewalls that require it to be in the range. I do not like that!
@MikeFaucher2 жыл бұрын
Thanks for pointing that out. Creating a static IP is as easy as giving it a name copying the MAC address and assigning the ip of choice then saving your settings. Thanks for the feedback.
@GregInHouston22 жыл бұрын
One thing you did not cover is the format for the MAC address. One thing I hate about Windows reservations is that must be in the XX:XX... format. But when I set one, I want to simply ping the device, show the arp table so I can copy/paste the MAC address. Except Microsoft shows the arp table in a XX-XX... format.
@MikeFaucher2 жыл бұрын
@@GregInHouston2 What I do is look at the DHCP listing of my devices and just highlight the MAC address of the one I want and copy, then paste that in. The MAC format is standard and must be entered or copied in the xx:xx:xx:xx:xx:xx. Hope that helps.
@MrSmoleff5 жыл бұрын
Hi Mike! Thank you for this video, you explained the firewall rules very good and in detail
@MikeFaucher5 жыл бұрын
Thank you. Glad you found it helpful. Please post a comment at any time for topic suggestions
@MrSmoleff5 жыл бұрын
@@MikeFaucher I'm new to XG Firewall, so I First have to get a little bit into it, but I will do that. Maybe you can make a video about notifications, because at the Moment I have some Problems with it
@MikeFaucher5 жыл бұрын
Roland Erler I have a few more to make and I will put it on my list. Thanks for the feedback.
@ahmedbenali93824 жыл бұрын
Thank you Mike ! Great job !!
@MikeFaucher4 жыл бұрын
Thank you. I appreciate the feedback.
@sajidshamir6 жыл бұрын
Nice work, want to see more on vpn, antivirus, proxy and communication between zones and DMZ..
@usatheeshkumar10835 жыл бұрын
Hi Mike, Thank you very much, Great Video and excellent explanation !!!! Pls do the more video like this ..
@hassaan19824 жыл бұрын
I have found very informative video for basic configurations
@MikeFaucher4 жыл бұрын
Thanks, for the feedback. Appreciate it.
@isaacvv6 жыл бұрын
This was helpful thanks!
@aDogNamedGromit6 жыл бұрын
Hi Mike your videos are really good. I have to say with most other videos I watch about this I remain pretty confused. When I am watching yours it is Immediately clear what I am trying to do and what I am doing wrong. I can very easily set some little box wrong. I would like to see how you do some basic stuff and it may sound silly. I need to set up a Printer and access to that printer from an office behind the XG85. Although I don't want access to the printer from the wan. I am pretty sure all it needs a Nat. Beyond that I am trying to put a Google Wifi device behind an XG firewall which is my other large dilemma. Most people are saying it cannot work. In the XG forum with the Google wifi there are some people with setups that go through the DMZ zone and access to DHCP as the Google wifi needs it. These are the basics of what I am trying to do. Beyond that I have gotten working two MagicJacks through the XG85. As long as they have DHCP they started to work. Although I do see a voip guarantee rule I would like to implement and safe guard each connection out of the Wan zone. Soon I would like to set up a network file server for music and other storage. Access to it should be read only. I am not sure how to go about all of those other things. Your videos and your web page are really helpful. The XG doesn't have allot of documentation and the help resources and forums are not too helpful, often leave me confused and thinking I need a small degree in IT security.
@TomGeogecko6 жыл бұрын
Nice! So much easier than pfsense!
@MikeFaucher6 жыл бұрын
Could not agree more.
@hishamhazim95435 жыл бұрын
Hi I want to thank you for your very good Lesson , Thank you again Baghdad/Iraq
@formidability12 жыл бұрын
Thank you for video, but in 38.44 min., you give access to all very high risky software :)
@MikeFaucher2 жыл бұрын
Good point but there are infinite options, which is why I show the risk levels as a place to start. Thanks for your input.
@tlokeijak2 жыл бұрын
Very helpful video.
@MikeFaucher2 жыл бұрын
Thanks. Glad you found it useful.
@angeloquirozze5 жыл бұрын
Hi Mike very interesting your video ... Thanks a lot for share ...I have a question on Very Risk (5 ) you check allow ... is only for example correct ???
@MikeFaucher5 жыл бұрын
Very observant. You are correct and it should have been marked as deny. As this was the last example of filtering I rushed through it. Thanks for pointing that out.
@ricardorengifomejia93555 жыл бұрын
Thanks for share the video.
@MikeFaucher5 жыл бұрын
Glad you enjoyed it.
@miles2676 жыл бұрын
Great video!
@MikeFaucher5 жыл бұрын
Thank you very much. Any particular area/subject?
@WoodrowBone4 жыл бұрын
Hi Mike, great video! I did just follow your Brigde mode setup and continued with this V17 to setup the rules etc. It seems the creating firewall rules are different in V18, or possibly when you run bridge mode. After the creation of the first firewall rule it does not show up on the firewall rule page??? If I try to create a new rule or clone the default one, and edit that with my filters etc, it says that a rule with the same name exists. So, I created a rule that I can not see, and if I try to make a new one with the same name, the fw says it already exists....any toughs?
@MikeFaucher4 жыл бұрын
That certainly is something I have not seen before. The whole rules premise has changed in V18. Check out my video on V18 rules to see if that helps kzbin.info/www/bejne/rGXUoKCbrZxpmtE. As for disappearing rules, I do not have any good ideas on what is causing that. Sorry I could not be more help. BTW, I have a video coming out next Friday that takes a V18 from scratch and sets it up. V18 is a little different for everyone. Good luck.
@Sky15 жыл бұрын
Mike, do you have a video showing exactly how to find which policy is blocking an application? I find the log viewer leaves much to be desired.
@MikeFaucher5 жыл бұрын
Not at this time. The log mostly shows the "category" with a specific site such as "Social Networking - Facebook". As for actual apps like Word or CAD. that feature is only available through the license version when tied to Sophos central. In a home situation, I usually look at the category then drill down to the IP or user to find a problem. I will work up something for a future video to see if I can add some clarity.
@MikeFaucher5 жыл бұрын
They have a new version due out any day now and I am hoping that capability is expanded. I will be doing a deep dive when it is released.
@deivissolano182510 ай бұрын
Hola un gran saludo por Navidad y año nuevo, tal vez pudieras actualizar este video
@MikeFaucher10 ай бұрын
Gracias por los comentarios. Lamentablemente ya no uso Sophos, pero si tengo la oportunidad lo consideraré.
@amilakalharawagasinghe49336 жыл бұрын
Great video
@aforvendetta5 жыл бұрын
I configure the XG firewall recently but I'm not able to ping through the INTERNET, can you help to make a video for a beginner
@Dadawaki6 жыл бұрын
Excellent work but how can i let traffic pass through the Sophos firewall ?
@Basssssseeeeeeee5 жыл бұрын
I would like to enable/disable an existing rule via SSH, is this possible? I cant figure it out...
@johnmax25035 жыл бұрын
ThaNK YOU
@miguelcrtz9 ай бұрын
thank you
@MikeFaucher9 ай бұрын
Thanks for the feedback.
@bym0076 жыл бұрын
Liked and subscribed!
@esmatsaidy6 жыл бұрын
It's awesome video and thank you for your efforts. Could you please make a video how to track VPN active users?
@infotechsavvy49816 жыл бұрын
Hi Mike, I would like to ask much deeper explanation regarding the IP Hosts. In my case I have Static IP in my whole LAN. having 300+Hosts, now I want to name each devices a specific name. Example: Mark - 172.16.0.45, I want to know if all the traffic logs of 172.16.0.45 will be in the name of Mark? once I received the notification report by Sophos Firewall? In Sophos UTM 9 has features of that, by the way I am using Sophos XG 430. Thanks.
@MikeFaucher6 жыл бұрын
Great question. All of my logs still use the IP address and not the name. I will investigate if there is a way to change this that I am not aware of.
@infotechsavvy49816 жыл бұрын
Yes, this is very useful because when the Sophos sent the log reports you will able to identify the Name of the user. Unlike displaying only the IP you don't know where's the traffics comes from. I believed it has the features I am also exploring it. All Firewalls are capable of making a database for all the names of end-user and their designated static IP. Please give me feedback on this if you will. Thanks in advance.
@MikeFaucher6 жыл бұрын
I am sure it has but only if you have users. In my case, I only use users for VPN and not internal traffic so the firewall does not have any way of knowing. I was planning on getting a sample report from one my sites that use active directory and see what their reports look like. I will be visiting there by the end of the week. The site does not allow remote access so I have to wait till I get there. Let me know if you find out before I do.
@infotechsavvy49816 жыл бұрын
I asked the sophos tech support, they said it has no features of what I am looking for. So sad, before I bought the XG430 they said it has a feature of that. They said I should use a 3rd party software, i follow another question to them, I asked them is it a plug-ins from the sophos or another software to buy. in pfsense you can download and install plug-ins for free coz the pfsense is open source. But in sophos i believe something that i need to buy. Much better if they will released an update included that features.
@MikeFaucher6 жыл бұрын
I am actually at the other site this morning and the logs DO show the user where applicable such as Firewall, filtering, etc. Not sure whoever you spoke to understood the question. If you PM me on twitter @pcdocsworld I can send you a screenshot to make sure that is what you are looking for.
@SouthwestComm6 жыл бұрын
I've added a firewall rule for port forwarding and included all my rtp ports but something is blocking voice on sip calls. The calls connect but no audio, any suggestions, the xg 115 is in a default state for the most part, I setup wan and lan but that's all default firewall rule plus the one I created for my pbx rtp ports
@MikeFaucher6 жыл бұрын
If all you have is the default firewall rule, does it work without any other rules or port forward? Without knowing your network config it is difficult to make any suggestions. Typically with the default rule most devices on the network work if the default rule includes the IP you are using. In my experience with phone systems, I believe that many use a dedicated audio port so I would check that is included. Sorry, but without more information I am limited in my suggestions.
@SouthwestComm6 жыл бұрын
@@MikeFaucher I understand, I'll try to remove what I did and just add my ports to that default rule. Thank you
@MikeFaucher6 жыл бұрын
One thing, if this is on an internal network, your default rule will open all internal ports so you should not have to forward any ports internally. I have a couple of screenshots on my blog (thedocsworld.net/sophos-xg-v17-configuration-and-rules/) if that helps. I also have an older (version 16) guideline that may or may not help (thedocsworld.net/sophos-xg-firewall-1-the-basics/)
@rankovick3 жыл бұрын
My question is, how do i create rules for port scans, because my firewall is between the VPN and the LAN. The portscans pass through the firewall and are caught by the anti-virus in the LAN. Please advise me on that. :)
@MikeFaucher3 жыл бұрын
I assume you hare talking about port forwards? Not clear on how you are configured and what you are trying to accomplish. This may help. kzbin.info/www/bejne/rGXUoKCbrZxpmtE
@rankovick3 жыл бұрын
@@MikeFaucher I am dealing with port scan attacks that pass through the firewall and are detected by SEP (Symantec Endpoint Protection). The firewall is in bridge mode, if that helps. For the past week I have been watching videos and reading the user manuals on various firewall models to find a way to make the device drop such packets that are used for port scan attacks. I am currently waiting on a test device to arrive, so I can test things safely. I don’t have experience with firewalls, can someone tell me if I'm looking in the wrong place?
@MikeFaucher3 жыл бұрын
@@rankovick Sure does. VPN does not work in bridge mode. Thanks
@rankovick3 жыл бұрын
@@MikeFaucher The VPN is on the ISP router, it isn't on the firewall.
@Martin-ot7xj5 жыл бұрын
Hi there, i have a question about sophos firewall, why we have to select sophos firewall, we can have microtik firewall router, i mean we can have microtik router and configure as firewall!! What do you think??
@MikeFaucher5 жыл бұрын
It comes down to personal choice and how secure you want things. Microtik has been known for more vulnerabilities but they are easier to setup. Having been a victim in the past I looked at solutions such as Untangle, pfSense, and Sophos for the best security. At the end of the day, Sophos provides the most features and best protection but is also the hardest to setup so you have to decide what you are comfortable with. This is of course my opinion. Good question and thanks for asking.
@Martin-ot7xj5 жыл бұрын
Wow, thankyou for your quick response. It was very useful explanation. I have another question please, if you have three options 1 edgerouter uinifi as firewall 2. Microtik router as firewall 3.USG unifi as firewall, which one of these firewall would you choose?? In these options which one is the best?? My secend question is for sophos XG for home and small business like 15 computer , how much per year i have to pay?? Im waiting for your answer. Thnxxx.
@MikeFaucher5 жыл бұрын
@@Martin-ot7xj I will answer this backwards. Sophos is free for personal use if you have your own hardware (extra PC). The only restriction is an integration with their client protection which is an enterprise functionality. As for the other part of your question, either Ubiquiti product is fine and would be my second choice but you do give up some filtering and protection but they are pretty easy to setup, and lastly, I personally would not buy a Microtik router. Hope that helps.
@Martin-ot7xj5 жыл бұрын
Thankyou to giving your time to me and answered my question. So i can buy sophos xg firewall for my home and use it for a long time and i dont need to pay for license per year. By the way do you have experience with SonicWall firewall? SonicWall and watchguard is like sophos firewall??they are good as sophos and watchguard firewall? I'm so sorry i ask you so many question, beause it seems you have every good experience in it. Thnxxx
@MikeFaucher5 жыл бұрын
@@Martin-ot7xj Sophos is a free download that you install on your own hardware and is full featured with no expiration date. I have only used pfSense, Untangle, Cisco, and Sophos so I can only compare to those and for me Sophos offers me the best protection for my family. At some point I may test Wachgaurd and Sonicwall and have seen demos of them but I can only say that what I saw on the demo did not compare. As I have not used them myself, this is really an unfair comparison. I will say this, the Sonicwall, and watchguard are better choices than any off the shelf router in my opinion.
@simbarashemadziture51054 жыл бұрын
hi Mike.can you do a video on deploying an XG in bridge mode
@MikeFaucher4 жыл бұрын
Simbarashe Madziture It is on the list.
@MikeFaucher4 жыл бұрын
I just completed the video on deploying XG in bridge mode. It will be available on the 10th after 8:00am.
@usatheeshkumar10835 жыл бұрын
Looking forward Load balancing configuration
@MikeFaucher5 жыл бұрын
Thank!
@nghiaminh2463 жыл бұрын
how did you do it can you share with me , thank you
@MikeFaucher3 жыл бұрын
Can you clarify the question? How did I do what? Thanks
@sanacasta4 жыл бұрын
i can't block tiktok app with sophos. Can you?
@MikeFaucher4 жыл бұрын
Have not tried. Will give it a shot and post if I find anything.
@elhamiid98846 жыл бұрын
I am trying to configure port forwarding on SOPHOS v.17.0.6 however I cannot modify or enter port forwarding, the box to change port forwarding cannot be ticked in anyway. Is this a BUG in this release?
@elhamiid98846 жыл бұрын
in the destination & services, choose the destination host, then; in the services, CHOOSE: TCP or UDP, in the forward to; choose the PROTECTED SERVER; then in the PORTS, click DESTINATION PORTS; you will be allowed to configure them well. in the first field, INSERT your PORT of the SERVER, in the second field leave it BLANK
@itgco64132 жыл бұрын
you speek alot please ,next time do resume
@MikeFaucher2 жыл бұрын
It was an earlier video and was learning, Thank you for the feedback!
@diasrt44932 жыл бұрын
Pleas tutorial seeting NAT Rull v18. WAN TO LAN/DMZ allow all acces🙏
@MikeFaucher2 жыл бұрын
It is on my list of videos. I did do an update on V18 (kzbin.info/www/bejne/rGXUoKCbrZxpmtE) that may help. Thanks for the request.
@diasrt44932 жыл бұрын
@@MikeFaucher i have qustions. whats is unraid? how to creat unraid?.. on my local network I have a Mikrotik connected to the sophos WAN. and I want all networks connected to the mikrotik to be able to access the network on sophos both LAN and DMZ. previously everything was fine when I was still using the v17 but when upgrading to firewall v18 everything became problematic. can you help me solve my problem?