8 04, 2021

Understanding and Optimizing Sophos XG’s DNAT Rules

Sophos XG makes it easy to expose internal services to the public internet using the Server Access Assistant (DNAT) wizard. However, this does generate a lot of configuration that is not strictly required. By knowing your environment, some basic theory, and what is and is not required, you can configure clean concise DNAT rules. This article uses the example of exposing a Plex server on the public internet to understand Sophos XG's DNAT Rules and how to optimize them.

18 03, 2021

Sophos XG – How to Block Searches and URLs with Specific Keywords

This article outlines how you can use Sophos XG to block searches and URLs that contain specific keywords. This is can be useful in preventing school students from wasting time searching for mobile phone wallpapers and/or looking for 'VPNs' that could potentially result in students or employees getting around your Sophos rules and policies altogether!

22 02, 2021

Using Sophos XG’s XStream DPI Engine While Enforcing SafeSearch and YouTube Restrictions

Decrypting TLS 1.3 is only available with Sophos XG's new XStream DPI engine. Unfortunately, some features are not supported with the XStream DPI engine such as SafeSearch enforcement and YouTube restrictions. Thankfully you can deploy a combination of Web Proxy and DPI rules to get the best of both methods. This article describes how.

26 05, 2020

Introducing Sophos XG VPN Reports and VPN Dashboard

With many people now working from home due to COVID-19, reporting on Sophos XG's VPN activity is top of mind for many overstretched IT teams right now. To help, we've made some additions to Fastvue Sophos Reporter to provide better visibility into Sophos XG's VPN connections and ensure your remote infrastructure is holding up. With Fastvue Sophos Reporter's new VPN Dashboard and VPN Report, you can monitor the number of active sessions throughout the day to help plan for extra capacity, or use the reports to find who has not connected recently. You can also easily see when most people connect and disconnect, and proactively respond to unexpected disconnections or excessive invalid login attempts.

13 03, 2020

Fastvue and Sophos Working Together To Keep Students Safe Online (Product Demo)

Fastvue was invited as a guest presenter in a recent webinar hosted by Sophos to help demonstrate how Fastvue Sophos Reporter together with the Sophos XG platform can provide schools with everything they need to safeguard and detect students at risk of self-harm, extremism/radicalization, and anti-social/unacceptable online behavior.

23 05, 2019

Attacking and Testing Sophos SG Web Application Firewall

Learn how to set up a Sophos SG Web Application Firewall testing environment where you can test and hone your WAF configuration skills. Step by step instruction on how to get started with a controlled security testing environment called Web Security Dojo.

8 04, 2019

Attacking and Testing Sophos XG Web Application Firewall

Continuing our series on the Web Security Dojo, this time testing Sophos XG web application firewall. Step by step instruction on how to get started with a controlled security testing environment In Sophos XG.

28 11, 2018

Network Troubleshooting with Sophos UTM tcpdump Packet Captures

Sophos UTM tcpdump information can be very useful in troubleshooting connectivity issues. In this article, I will show you how to use the tcpdump command on Sohpos UTM to verify if syslog packets are leaving your Sophos UTM appliance.

23 10, 2018

How To Retrieve Log Files From a Sophos UTM Cluster Slave Node

When you have an active-passive Sophos UTM cluster, the configuration is synchronized between the nodes, but if the Master fails, it may not sync all the log data to the Slave node. From the WebUI, there is no method to view the files on the Slave device, yet those log files can contain information about the cause of the failure. This guide takes you through how to retrieve log files from a Sophos UTM cluster slave node and copy the file(s) to your local machine for analysis.

17 07, 2018

How To Configure Sandboxing with Sophos Sandstorm

Configure sandboxing with Sophos Sandstorm in Sophos UTM and Sophos XG. Learn the benefits of this new feature, and how it will provide additional security to your network.

28 06, 2018

Troubleshooting Sophos UTM Up2Date Failure Due to Disk Space

When you are deploying physical Sophos UTM appliances, the Up2Date process may fail due to a disk space shortage. This typically happens if you have a large number of updates that are outstanding. This article covers how to resolve this issue.

1 06, 2018

Sophos SG and Amazon VPC VPN Setup and Testing Guide

This guide steps through configuring and connecting a Sophos SG to an Amazon Virtual Private Cloud (Amazon VPC) via Site-to-Site VPN.

10 05, 2018

Recategorizing Websites in Sophos XG and Reclassifying Productivity

You can use custom categories not only for recategorizing websites in Sophos XG, but also for allowing or denying access to specific sites for certain users. They can also be used to reclassify the browsing 'productivity' for certain users when viewing Internet usage reports in Fastvue Sophos Reporter. For example, you can use them to classify lingerie sites as 'productive' for people in a retail lingerie department or to classify social media sites as 'productive' for people in the marketing department. There are a couple of "gotchas" in doing this, and I will explain how to avoid them while taking you through the process.

30 04, 2018

Testing Sophos SSL VPN Performance – UDP or TCP?

When configuring a Site-to-Site VPN on your Sophos SG or Sopho XG, you are presented with an option to select either TCP or UDP as the transport protocol. The configuration page hints that UDP provides better performance, so I thought it would be interesting to test the SSL VPN performance over both UDP and TCP protocols and find out which one is faster!

16 04, 2018

Using Sophos XG Packet Capture To Troubleshoot Connectivity Issues

Sophos XG has the ability to capture and display actual network packet information right from the management web interface. This is a great tool to determine what is actually happening [...]

23 03, 2018

Sophos STAS Authentication Step by Step

Sophos STAS authentication, (Sophos Transparent Authentication Suite) is a collection of tools that provides a method of authentication that was introduced in UTM 9.4. This authentication mechanism has been lacking [...]

14 02, 2018

Improving the Performance of Sophos XG’s Intrusion Prevention System (IPS)

Sophos Intrusion Prevention System (IPS) is an advanced firewall feature that protects your network. The downside is that IPS is a resource-intensive process, as it needs to match every packet [...]

29 01, 2018

Configuring a Site-to-Site VPN Between Sophos UTM (SG) and Sophos XG

In this article, I am going to cover the supported configuration for IPSec site-to-site VPN connections between Sophos UTM (SG) and Sophos XG firewalls. The main limitation to understand is [...]

10 11, 2017

Using Sophos UTM’s Request Redirection Feature in v9.5

One key feature that was missing from the Sophos UTM SG platform prior to version 9.5 was the ability to use Sophos UTM itself to perform request redirects. We published [...]

6 09, 2017

Sophos XG and SG (UTM) SSL Site-to-Site VPN Compatibility

Sophos has been making great progress in maturing the Sophos XG platform to the point where it is now a serious contender for deployment instead of the more established Sophos [...]

31 07, 2017

How to Configure Sophos XG’s Free Dynamic DNS Service

Dynamic DNS is a service you can use to make a device with a dynamically allocated IP accessible from the outside in. Common Dynamic DNS providers include DynDNS, ZoneEdit, EasyDNS, and DynAccess. Sophos XG Firewall supports these four Dynamic DNS providers, but it also includes a fifth provider simply called Sophos, and the great news is it's free! This article takes you through configuring Sophos XG's free Dynamic DNS service.

17 07, 2017

Repurposing Sophos Hardware as a Multifunctional Virtual Server

I just happened to have an ageing Sophos UTM SG115 in our spare parts / swap out stock and thought I'd see if it could be repurposed (or rather re-imagined) as a Virtual Server running multiple virtual devices. Wouldn't it be cool to have Sophos UTM and Sophos SUM running on the same box? Let's give it a go!

15 05, 2017

Reporting on WannaCry Ransomware Infected Machines

This article describes how to use Fastvue Sophos Reporter to report on machines potentially infected with WannaCry Ransomware on your network. The first and second variations of WannaCry ransomware access specific domains before the installation phase. You can therefore report on all machines that have accessed these domains to help identify potentially infected machines.

15 05, 2017

Create Real-time Alerts for WannaCry Ransomware Infected Machines (Sophos)

The WannaCry Ransomware infection is currently causing havoc around the globe. Fortunately there are security patches available from Microsoft that fix the underlying security hole in SMB that the ransomware exploits. However it is a good idea to keep an eye on any machines on your network that are or were infected. With Fastvue Sophos Reporter, you can create a simple alert to receive instant notifications when machines on your network make requests to the domains that WannaCry accesses before installing.

4 05, 2017

Sophos XG Reporting Now Available in Fastvue Sophos Reporter!

We're pleased to announce that Fastvue Sophos Reporter now supports Sophos XG, providing the same great web usage reporting features for Sophos XG networks that Sophos UTM (SG) users have [...]

21 03, 2017

Filtering and Forwarding Sophos UTM Syslog Data with Syslog-ng

Sophos UTM enables you to specify multiple destination syslog servers, but they will all receive the same syslog information. This is inefficient when some of your syslog servers only require certain log messages for specific purposes. This article explains how to configure syslog-ng to filter and forward Sophos UTM syslog data to multiple syslog servers with different data requirements.

21 12, 2016

How to Configure Multiple Site-to-Site SSL VPNs with Sophos UTM

In a previous article we covered how to use  Sophos UTM to establish an IPSEC VPN tunnel. IPSEC VPNs are great for a number of reasons, but they have a [...]

7 11, 2016

Easy WAN Emulation for Application Testing

Anyone who has ever had to deliver application traffic over a WAN has no doubt run into the issue of trying to determine how their application would perform for a [...]

2 11, 2016

Configure a URL Redirect with Sophos UTM’s Web Application Firewall

Sophos UTM is a great Reverse Proxy solution. However, it currently lacks the capability to redirect a request. There are several reasons you might want to redirect a site, but [...]

23 09, 2016

Force Sophos UTM to Log User Information for Scanned File Downloads

This article highlights an issue in Sophos UTM where user information is not logged when files are downloaded and scanned by Sophos UTM. It shows how this issue affects reports [...]

14 06, 2016

Deploying Endpoint Protection with Sophos UTM and Enterprise Console

In this article we will show how to integrate Sophos Endpoint Protection's Web Control module with Sophos UTM using Sophos Enterprise Console (SEC) policies. This method is suitable for large deployments that utilize one or more SECs.

14 06, 2016

Deploying Endpoint Protection Web Control with Sophos UTM

This article dives into how small to medium sized organizations can use Sophos UTM Endpoint Protection to protect and manage their endpoints without any additional management infrastructure. It explains the features and limitations of using Endpoint Web Control policies vs the UTM's full Web Protection policies, as well as how to report on web browsing activity of both on and off premises devices.

30 05, 2016

Active Directory SSO Authentication in Transparent Proxy Mode

When deploying Active Directory SSO Authentication in Transparent Mode, there are couple of limitations you need to know about. This article takes you through them so you can avoid some headaches troubleshooting authentication issues.

24 05, 2016

How Google Data Saver Affects Security, Privacy and Reporting

Google's Data Saver feature can reduce the amount of data Chrome browsers download in order to load a web page. It sounds useful and harmless. Who wouldn't want to save some bandwidth, speed up web browsing and save on mobile data charges? Before rolling out or promoting the feature to your users, read this article first to be aware of how Google Data Saver works, and its implications on security, privacy and web activity reporting in your organization.

23 05, 2016

The Role of HTTPS Inspection in Google Search and YouTube Reports

Since Google made the decision to implement HTTPS across all their web properties (including YouTube), you can report that someone has been to youtube.com, but not what videos they were watching. Likewise, you can report that someone has visited google.com, but not what they searched for. Fortunately, many Next Gen Firewalls, UTMs and Secure Web Gateways have a HTTPS Inspection feature that gets around this problem.

10 05, 2016

How To Remove False Positives in Sophos UTM’s Web Application Firewall

Sophos UTM's Web Application Firewall may detect vulnerabilities in your web application that are not necessarily a problem. This article provides tips on how to investigate and remove these false positives, with the least impact on overall security.

9 05, 2016

How to Accurately Monitor and Improve Sophos UTM CPU Performance

This article provides useful tips on how gain accurate real-time visibility into Sophos UTM's resource usage, and how to reduce the CPU usage of Sophos UTM's web protection feature.

18 02, 2016

Publishing PowerShell over SSH Using Sophos UTM’s HTML5 VPN Portal

What?! Securely manage servers using PowerShell over SSH from the public Internet using a web browser? Why not! Find out how, using Sophos UTM's HTML 5 VPN.

17 02, 2016

Overcoming Sophos UTM HA Cluster Logging and Reporting Issues

Deploying a Sophos UTM HA Cluster can cause chaos when it comes to logging and reporting. This article shows how to overcome these limitations.

8 02, 2016

How To Secure Your UTM With Sophos UTM Access Control

Not everyone who logs into Sophos UTM's web admin interface needs full admin access. Perhaps you need to provide read-only access to an auditor, or define separate roles and responsibilities for your operations team. This article takes you through configuring these different levels of access using Sophos UTM's Access Control feature.

28 01, 2016

How To Allow Skype Through Sophos UTM in Standard Proxy Mode

When using a proxy (such as Sophos UTM) in Standard mode, enabling Skype is unfortunately not as simple as allowing the application in Application control. This article will take you [...]

2 12, 2015

Implementing Exceptions in Sophos UTM Without Relaxing Security

Any firewall or proxy administrator who has had to maintain a deployment for any period of time will confirm that the only constant is change. It's as if users need [...]

15 11, 2015

Two Factor Authentication with Sophos UTM – For Users

The first article in this series discussed concepts and considerations for Two Factor Authentication, and why One-time Password  (OTP) with soft tokens make a lot of sense. In the second [...]

9 11, 2015

Two Factor Authentication with Sophos UTM – For Administrators

In our introductory article, Two Factor Authentication with Sophos UTM - Concepts and Considerations, we discussed some of the options for choosing a Two Factor Authentication solution for your environment. We came [...]

29 10, 2015

Two Factor Authentication with Sophos UTM – Concepts and Considerations

Username and password has been with us for a long time, and has served us well. It is however no longer a guarantee of security or confidentiality. It is too [...]

9 10, 2015

Sophos RED 10 vs RED 50 – A Detailed Feature Comparison

The Sophos Remote Ethernet Devices (REDs) are a great way of securely expanding your network by connecting remote offices over the public Internet. The REDs come in two sizes: the [...]

6 10, 2015

Unlocking Sophos UTM’s DHCP Capabilities

At first look, Sophos UTM's DHCP server capabilities look very simple. However, you can unlock a more robust DHCP feature set if you know where to look and what to set. This [...]

16 09, 2015

A Simple Guide To Deploying A Site To Site VPN Using Sophos UTMs

In a previous article we showed how easily you could expand your network out to remote sites using the Sophos RED devices. These little guys are great and they really [...]

31 08, 2015

Sophos RED Deployment Modes Explained – Choosing The Right One For You

In a previous article, I took you through how to connect remote networks with Sophos RED Devices. In this article, I will take you on a deep dive of the three [...]

20 07, 2015

Sophos UTM DSL PPPoE Interface Explained

Sophos UTM (Unified Threat Management) is a complete security product that scales from home and small office all the way up to enterprise, supporting features such as Dynamic DNS Registration, [...]

20 07, 2015

Easily Evaluate Sophos UTM 9.3 Using Full Transparent Mode

This is an updated version of our previous article on the same topic, as the UI changed between Sophos UTM 9.2 and Sophos UTM 9.3. One of the biggest hurdles [...]

20 07, 2015

Switch Between Windows Server Core and Full GUI – The Easy Way

One of the great things about the Fastvue Reporter platform is that the entire application is web-based. After the initial installation, there is no need to connect directly to the [...]

19 07, 2015

Malvertising And Why You Should Ad-block Your Network At The Gateway

The proceeds from Internet advertising fund the Internet, providing us with some fantastic free services. Because ad revenue essentially pays for these services, you may conclude that web ads are [...]

17 07, 2015

Limit Runaway YouTube Traffic With Sophos UTM QoS

Once you start using Fastvue Sophos Reporter with Site Clean, one of the first things you may notice is the bulk of your traffic typically comes from YouTube. The Site [...]

11 07, 2015

Introduction to Sophos SUM (Sophos UTM Manager)

Sophos has done a fantastic job keeping the full management of Sophos UTM confined to the web UI. In fact, you have to explicitly enable shell access. Compared to some [...]

3 06, 2015

Block Sites Signed By Untrusted Certificate Authorities On Sophos UTM

Not all digital certificates are equal. The quality of the Certificate Authorities (CA's) that issue digital certificates and the integrity of their issuing processes are often not what they should [...]

2 06, 2015

Setup a Sophos UTM SSL VPN In 7 Simple Steps!

One of the great benefits deploying Sophos UTM in your home network is the ability to configure a VPN with incredible ease. For those that are unfamiliar, a VPN (stands [...]

21 05, 2015

Introducing Fastvue Sophos Reporter for Sophos Web Appliance (Beta)!

We are excited to announce our latest reporting application, Fastvue Sophos Reporter for Web Appliance. Now Sophos Web Appliance customers can also enjoy web reports that 'make sense' for HR [...]

19 05, 2015

How to Use Sophos UTM Uplink Balancing to Achieve ISP Redundancy

Providing Internet access to your company’s users is no longer just a nice to have. The modern cloud-enabled world means that we need to be connected to use the systems [...]

19 05, 2015

What You Really Need To Know About EV Certificates

SSL certificates are used for two purposes, encryption and validation. The encryption portion ensures the traffic is not readable by anyone other than the correct sender and receiver. The validation portion [...]

15 05, 2015

How To Connect Remote Networks with Sophos RED Devices

One of the very first features of Sophos UTM that grabbed me as a seriously cool feature is the Sophos RED device integration. The RED or Remote Ethernet Device is [...]

15 05, 2015

How to Configure Dynamic DNS on Sophos UTM

Sophos UTM is a fantastic web gateway, but it also has many features that involve securing your environment from inbound traffic originating from the Internet. When you have a way to [...]

13 05, 2015

Easy DIY Home Internet Monitoring System with Sophos UTM and Fastvue

When I was working my way through college about 6 months ago, my wife and I had a guest staying with us for a few months. He lived separately but [...]

13 05, 2015

How HTTPS / SSL Inspection Affects Logging and Reporting in Sophos UTM

Over the past few years more websites have been adopting HTTPS over HTTP. Traditionally, HTTPS was used only for sites where sensitive information such as credentials and credit card details were [...]

4 05, 2015

Fastvue Sophos Reporter v2.0 Out Now!

Finally! Fastvue Sophos Reporter v2.0 is now available! Thank you to all beta testers that helped iron out all the issues over the past few months! New Features: Fastvue Site [...]

1 04, 2015

How To Secure Fastvue Reporter for Private Report Sharing

The new Private Reports feature in Fastvue Reporter (Sophos Reporter 2.0 or TMG Reporter 3.0) enables you to share reports with people in your organization securely, without giving them access [...]

4 03, 2015

Reporting on Website Usage Including Content From CDNs

The video above illustrates how useful the Fastvue Site Clean feature is when it comes to reporting on website usage within an organization. Before Fastvue Site Clean, reporting on a [...]

26 02, 2015

Creating Your Own Sophos UTM Bootable USB Installation Drive

Installing Sophos UTM from a boot CD is straightforward and works well. The only problem with this old school method is that Sophos UTM appliances do not ship with optic [...]

12 02, 2015

Fastvue Sophos Reporter 2.0 Beta Now Available

I'm excited to announce that Fastvue Sophos Reporter 2.0 Beta is now available to test out! New Features in Fastvue Sophos Reporter 2.0 Fastvue Site Clean (works best with Sophos [...]

16 12, 2014

Sophos UTM Auto Proxy Configuration – 3 Simple Steps

Using your Sophos UTM in Standard proxy mode has a few advantages over using it in Transparent mode. One of these is the ability to use a proxy configuration script, [...]

15 12, 2014

Easily Evaluate Sophos UTM Using Full Transparent Mode

UPDATE! This article refers to Sophos UTM 9.2. The UI for configuring Sophos UTM as a Transparent proxy has since changed slightly in UTM 9.3. For the latest information, please [...]

15 12, 2014

Sophos UTM Operation Modes: Standard, Transparent vs Full Transparent

Sophos UTM can be configured to act in different operation modes, each with its own potential advantages and drawbacks. In this article we’ll investigate how they work to help you [...]

10 11, 2014

Why Web Reporting is the Big Winner in Sophos UTM 9.3

Today, Sophos announced the roll out of next version of Sophos UTM (9.3). The new release includes some significant improvements to email protection, wireless and web protection, including features such as [...]

6 10, 2014

Troubleshooting Sophos UTM’s Remote Log Archive Feature

As mentioned in my previous article, configuring Sophos UTM's Remote Log Archive feature not only gives you access to historical data for reporting on previous incidents, but it can also be [...]

6 10, 2014

Never Miss Reporting Data With Sophos UTM’s Remote Log Archive

Many log file analysis applications, including Fastvue Sophos Reporter, consume Syslog messages from the device being monitored. This is great for seeing a live view of network traffic, but if the [...]

19 09, 2014

The Bandwidth Impact of Apple’s iOS 8 Release On Your Network

This week, Apple released its new iOS 8 Operating System for iPhones, iPads and iPods. If you are responsible for running your organization's network, you may have noticed the effects [...]

3 09, 2014

How to Backup, Upgrade and Recover Sophos UTM Offline

Upgrading to the latest version of Sophos UTM is always a worthwhile exercise, however you may want to first perform this upgrade in a sandboxed lab environment. There is the [...]

25 07, 2014

Replacing Forefront TMG with Sophos UTM (Webcast)

Fastvue invited Sophos to present to Forefront TMG administrators on why they should choose Sophos UTM as their Forefront TMG replacement. Many TMG administrators are looking at replacing Forefront TMG soon, [...]

30 06, 2014

How To Publish Websites with Sophos UTM Web Server Protection

Publishing an internal website securely to the Internet goes by a number of names such as Reverse Proxy, Web Application Proxy (WAP) and Web Application Firewall (WAF). Sophos UTM refers [...]

20 06, 2014

How to Build a Sophos UTM High Availability (HA) Cluster in Hyper-V

Deploying Sophos UTM in a High Availability pair allows for continuous uptime of the Sophos UTM services in the event that one of the UTM nodes fails. Failures can occur [...]

14 05, 2014

Sophos UTM and Active Directory Step by Step Integration Guide

Almost all enterprises use Windows Active Directory as their authentication store.  Any non-Windows system that would like to Integrate into such an environment needs to be configured to interact with [...]

28 03, 2014

How To Allow Sites During Certain Times With Sophos UTM

I came across this questions on the Sophos UTM (Astaro) forums today: "Can anybody tell me how can I use profiles to configure access to sites and categories by time [...]

25 03, 2014

Six Reasons Why You Need Sophos Reporter Over Sophos UTM’s Reporting

Sophos UTM provides some on-box reporting which, by industry standards, is not too bad. So why do you need Sophos Reporter over Sophos UTM's Reporting? Here is a challenge. Try [...]

12 03, 2014

How to Deploy Sophos UTM on Hyper-V in 7 Simple Steps

Sophos UTM is very versatile when it comes to the deployment options available to you. You can purchase a physical hardware appliance, or deploy a virtual appliance on your own [...]

3 03, 2014

How To Access Blocked Sites Using Google Web Cache, And How To Prevent It With Sophos UTM

I thought I’d show you a simple way people can potentially access blocked sites using Google’s Web Cache, and how you can use Sophos UTM to prevent it. Google crawls, [...]

14 02, 2014

We’ve Launched! Fastvue Sophos Reporter Is Now Available

Yes. Fastvue's second product, Sophos Reporter is now available! Since the first beta was released on the 25th of November 2013, we have received an overwhelming amount of positive feedback [...]

4 02, 2014

How To Secure The Fastvue Sophos Reporter Web Site

By default, Fastvue Sophos Reporter is open and unrestricted for anonymous users to view. For a number of privacy related reasons you might need to restrict access to the [...]

31 01, 2014

How to Reset Sophos UTM Passwords (WebAdmin, Root and Loginuser)

So you can't login to the Sophos UTM WebAdmin interface anymore. It happens. Perhaps you've made a configuration change and locked yourself out, or perhaps you've just forgotten your password. I [...]

Load More Posts