Decrypting TLS 1.3 is only available with Sophos XG's new XStream DPI engine. Unfortunately, some features are not supported with the XStream DPI engine such as SafeSearch enforcement and YouTube restrictions. Thankfully you can deploy a combination of Web Proxy and DPI rules to get the best of both methods. This article describes how.
With many people now working from home due to COVID-19, reporting on Sophos XG's VPN activity is top of mind for many overstretched IT teams right now. To help, we've made some additions to Fastvue Sophos Reporter to provide better visibility into Sophos XG's VPN connections and ensure your remote infrastructure is holding up. With Fastvue Sophos Reporter's new VPN Dashboard and VPN Report, you can monitor the number of active sessions throughout the day to help plan for extra capacity, or use the reports to find who has not connected recently. You can also easily see when most people connect and disconnect, and proactively respond to unexpected disconnections or excessive invalid login attempts.
Fastvue was invited as a guest presenter in a recent webinar hosted by Sophos to help demonstrate how Fastvue Sophos Reporter together with the Sophos XG platform can provide schools with everything they need to safeguard and detect students at risk of self-harm, extremism/radicalization, and anti-social/unacceptable online behavior.
Learn how to set up a Sophos SG Web Application Firewall testing environment where you can test and hone your WAF configuration skills. Step by step instruction on how to get started with a controlled security testing environment called Web Security Dojo.
Continuing our series on the Web Security Dojo, this time testing Sophos XG web application firewall. Step by step instruction on how to get started with a controlled security testing environment In Sophos XG.
Sophos UTM tcpdump information can be very useful in troubleshooting connectivity issues. In this article, I will show you how to use the tcpdump command on Sohpos UTM to verify if syslog packets are leaving your Sophos UTM appliance.
When you have an active-passive Sophos UTM cluster, the configuration is synchronized between the nodes, but if the Master fails, it may not sync all the log data to the Slave node. From the WebUI, there is no method to view the files on the Slave device, yet those log files can contain information about the cause of the failure. This guide takes you through how to retrieve log files from a Sophos UTM cluster slave node and copy the file(s) to your local machine for analysis.
Configure sandboxing with Sophos Sandstorm in Sophos UTM and Sophos XG. Learn the benefits of this new feature, and how it will provide additional security to your network.
When you are deploying physical Sophos UTM appliances, the Up2Date process may fail due to a disk space shortage. This typically happens if you have a large number of updates that are outstanding. This article covers how to resolve this issue.
This guide steps through configuring and connecting a Sophos SG to an Amazon Virtual Private Cloud (Amazon VPC) via Site-to-Site VPN.
You can use custom categories not only for recategorizing websites in Sophos XG, but also for allowing or denying access to specific sites for certain users. They can also be used to reclassify the browsing 'productivity' for certain users when viewing Internet usage reports in Fastvue Sophos Reporter. For example, you can use them to classify lingerie sites as 'productive' for people in a retail lingerie department or to classify social media sites as 'productive' for people in the marketing department. There are a couple of "gotchas" in doing this, and I will explain how to avoid them while taking you through the process.
When configuring a Site-to-Site VPN on your Sophos SG or Sopho XG, you are presented with an option to select either TCP or UDP as the transport protocol. The configuration page hints that UDP provides better performance, so I thought it would be interesting to test the SSL VPN performance over both UDP and TCP protocols and find out which one is faster!
Sophos XG has the ability to capture and display actual network packet information right from the management web interface. This is a great tool to determine what is actually happening [...]
Sophos STAS authentication, (Sophos Transparent Authentication Suite) is a collection of tools that provides a method of authentication that was introduced in UTM 9.4. This authentication mechanism has been lacking [...]
Sophos Intrusion Prevention System (IPS) is an advanced firewall feature that protects your network. The downside is that IPS is a resource-intensive process, as it needs to match every packet [...]
In this article, I am going to cover the supported configuration for IPSec site-to-site VPN connections between Sophos UTM (SG) and Sophos XG firewalls. The main limitation to understand is [...]
One key feature that was missing from the Sophos UTM SG platform prior to version 9.5 was the ability to use Sophos UTM itself to perform request redirects. We published [...]
Sophos has been making great progress in maturing the Sophos XG platform to the point where it is now a serious contender for deployment instead of the more established Sophos [...]
Dynamic DNS is a service you can use to make a device with a dynamically allocated IP accessible from the outside in. Common Dynamic DNS providers include DynDNS, ZoneEdit, EasyDNS, and DynAccess. Sophos XG Firewall supports these four Dynamic DNS providers, but it also includes a fifth provider simply called Sophos, and the great news is it's free! This article takes you through configuring Sophos XG's free Dynamic DNS service.
I just happened to have an ageing Sophos UTM SG115 in our spare parts / swap out stock and thought I'd see if it could be repurposed (or rather re-imagined) as a Virtual Server running multiple virtual devices. Wouldn't it be cool to have Sophos UTM and Sophos SUM running on the same box? Let's give it a go!
This article describes how to use Fastvue Sophos Reporter to report on machines potentially infected with WannaCry Ransomware on your network. The first and second variations of WannaCry ransomware access specific domains before the installation phase. You can therefore report on all machines that have accessed these domains to help identify potentially infected machines.
The WannaCry Ransomware infection is currently causing havoc around the globe. Fortunately there are security patches available from Microsoft that fix the underlying security hole in SMB that the ransomware exploits. However it is a good idea to keep an eye on any machines on your network that are or were infected. With Fastvue Sophos Reporter, you can create a simple alert to receive instant notifications when machines on your network make requests to the domains that WannaCry accesses before installing.
We're pleased to announce that Fastvue Sophos Reporter now supports Sophos XG, providing the same great web usage reporting features for Sophos XG networks that Sophos UTM (SG) users have [...]
Sophos UTM enables you to specify multiple destination syslog servers, but they will all receive the same syslog information. This is inefficient when some of your syslog servers only require certain log messages for specific purposes. This article explains how to configure syslog-ng to filter and forward Sophos UTM syslog data to multiple syslog servers with different data requirements.
In a previous article we covered how to use Sophos UTM to establish an IPSEC VPN tunnel. IPSEC VPNs are great for a number of reasons, but they have a [...]
Anyone who has ever had to deliver application traffic over a WAN has no doubt run into the issue of trying to determine how their application would perform for a [...]
Sophos UTM is a great Reverse Proxy solution. However, it currently lacks the capability to redirect a request. There are several reasons you might want to redirect a site, but [...]
This article highlights an issue in Sophos UTM where user information is not logged when files are downloaded and scanned by Sophos UTM. It shows how this issue affects reports [...]
In this article we will show how to integrate Sophos Endpoint Protection's Web Control module with Sophos UTM using Sophos Enterprise Console (SEC) policies. This method is suitable for large deployments that utilize one or more SECs.
This article dives into how small to medium sized organizations can use Sophos UTM Endpoint Protection to protect and manage their endpoints without any additional management infrastructure. It explains the features and limitations of using Endpoint Web Control policies vs the UTM's full Web Protection policies, as well as how to report on web browsing activity of both on and off premises devices.
Google's Data Saver feature can reduce the amount of data Chrome browsers download in order to load a web page. It sounds useful and harmless. Who wouldn't want to save some bandwidth, speed up web browsing and save on mobile data charges? Before rolling out or promoting the feature to your users, read this article first to be aware of how Google Data Saver works, and its implications on security, privacy and web activity reporting in your organization.
Since Google made the decision to implement HTTPS across all their web properties (including YouTube), you can report that someone has been to youtube.com, but not what videos they were watching. Likewise, you can report that someone has visited google.com, but not what they searched for. Fortunately, many Next Gen Firewalls, UTMs and Secure Web Gateways have a HTTPS Inspection feature that gets around this problem.
Sophos UTM's Web Application Firewall may detect vulnerabilities in your web application that are not necessarily a problem. This article provides tips on how to investigate and remove these false positives, with the least impact on overall security.
This article provides useful tips on how gain accurate real-time visibility into Sophos UTM's resource usage, and how to reduce the CPU usage of Sophos UTM's web protection feature.
What?! Securely manage servers using PowerShell over SSH from the public Internet using a web browser? Why not! Find out how, using Sophos UTM's HTML 5 VPN.
Deploying a Sophos UTM HA Cluster can cause chaos when it comes to logging and reporting. This article shows how to overcome these limitations.
Not everyone who logs into Sophos UTM's web admin interface needs full admin access. Perhaps you need to provide read-only access to an auditor, or define separate roles and responsibilities for your operations team. This article takes you through configuring these different levels of access using Sophos UTM's Access Control feature.
When using a proxy (such as Sophos UTM) in Standard mode, enabling Skype is unfortunately not as simple as allowing the application in Application control. This article will take you [...]
Any firewall or proxy administrator who has had to maintain a deployment for any period of time will confirm that the only constant is change. It's as if users need [...]
The first article in this series discussed concepts and considerations for Two Factor Authentication, and why One-time Password (OTP) with soft tokens make a lot of sense. In the second [...]
In our introductory article, Two Factor Authentication with Sophos UTM - Concepts and Considerations, we discussed some of the options for choosing a Two Factor Authentication solution for your environment. We came [...]
Username and password has been with us for a long time, and has served us well. It is however no longer a guarantee of security or confidentiality. It is too [...]
The Sophos Remote Ethernet Devices (REDs) are a great way of securely expanding your network by connecting remote offices over the public Internet. The REDs come in two sizes: the [...]
At first look, Sophos UTM's DHCP server capabilities look very simple. However, you can unlock a more robust DHCP feature set if you know where to look and what to set. This [...]
In a previous article we showed how easily you could expand your network out to remote sites using the Sophos RED devices. These little guys are great and they really [...]
In a previous article, I took you through how to connect remote networks with Sophos RED Devices. In this article, I will take you on a deep dive of the three [...]
Sophos UTM (Unified Threat Management) is a complete security product that scales from home and small office all the way up to enterprise, supporting features such as Dynamic DNS Registration, [...]
This is an updated version of our previous article on the same topic, as the UI changed between Sophos UTM 9.2 and Sophos UTM 9.3. One of the biggest hurdles [...]
One of the great things about the Fastvue Reporter platform is that the entire application is web-based. After the initial installation, there is no need to connect directly to the [...]
The proceeds from Internet advertising fund the Internet, providing us with some fantastic free services. Because ad revenue essentially pays for these services, you may conclude that web ads are [...]
Once you start using Fastvue Sophos Reporter with Site Clean, one of the first things you may notice is the bulk of your traffic typically comes from YouTube. The Site [...]
Sophos has done a fantastic job keeping the full management of Sophos UTM confined to the web UI. In fact, you have to explicitly enable shell access. Compared to some [...]
One of the great benefits deploying Sophos UTM in your home network is the ability to configure a VPN with incredible ease. For those that are unfamiliar, a VPN (stands [...]
We are excited to announce our latest reporting application, Fastvue Sophos Reporter for Web Appliance. Now Sophos Web Appliance customers can also enjoy web reports that 'make sense' for HR [...]
SSL certificates are used for two purposes, encryption and validation. The encryption portion ensures the traffic is not readable by anyone other than the correct sender and receiver. The validation portion [...]
One of the very first features of Sophos UTM that grabbed me as a seriously cool feature is the Sophos RED device integration. The RED or Remote Ethernet Device is [...]
Sophos UTM is a fantastic web gateway, but it also has many features that involve securing your environment from inbound traffic originating from the Internet. When you have a way to [...]
When I was working my way through college about 6 months ago, my wife and I had a guest staying with us for a few months. He lived separately but [...]
Over the past few years more websites have been adopting HTTPS over HTTP. Traditionally, HTTPS was used only for sites where sensitive information such as credentials and credit card details were [...]
Finally! Fastvue Sophos Reporter v2.0 is now available! Thank you to all beta testers that helped iron out all the issues over the past few months! New Features: Fastvue Site [...]
The video above illustrates how useful the Fastvue Site Clean feature is when it comes to reporting on website usage within an organization. Before Fastvue Site Clean, reporting on a [...]
Installing Sophos UTM from a boot CD is straightforward and works well. The only problem with this old school method is that Sophos UTM appliances do not ship with optic [...]
I'm excited to announce that Fastvue Sophos Reporter 2.0 Beta is now available to test out! New Features in Fastvue Sophos Reporter 2.0 Fastvue Site Clean (works best with Sophos [...]
Using your Sophos UTM in Standard proxy mode has a few advantages over using it in Transparent mode. One of these is the ability to use a proxy configuration script, [...]
UPDATE! This article refers to Sophos UTM 9.2. The UI for configuring Sophos UTM as a Transparent proxy has since changed slightly in UTM 9.3. For the latest information, please [...]
Sophos UTM can be configured to act in different operation modes, each with its own potential advantages and drawbacks. In this article we’ll investigate how they work to help you [...]
Today, Sophos announced the roll out of next version of Sophos UTM (9.3). The new release includes some significant improvements to email protection, wireless and web protection, including features such as [...]
As mentioned in my previous article, configuring Sophos UTM's Remote Log Archive feature not only gives you access to historical data for reporting on previous incidents, but it can also be [...]
Many log file analysis applications, including Fastvue Sophos Reporter, consume Syslog messages from the device being monitored. This is great for seeing a live view of network traffic, but if the [...]
This week, Apple released its new iOS 8 Operating System for iPhones, iPads and iPods. If you are responsible for running your organization's network, you may have noticed the effects [...]
Upgrading to the latest version of Sophos UTM is always a worthwhile exercise, however you may want to first perform this upgrade in a sandboxed lab environment. There is the [...]
Fastvue invited Sophos to present to Forefront TMG administrators on why they should choose Sophos UTM as their Forefront TMG replacement. Many TMG administrators are looking at replacing Forefront TMG soon, [...]
Publishing an internal website securely to the Internet goes by a number of names such as Reverse Proxy, Web Application Proxy (WAP) and Web Application Firewall (WAF). Sophos UTM refers [...]
Deploying Sophos UTM in a High Availability pair allows for continuous uptime of the Sophos UTM services in the event that one of the UTM nodes fails. Failures can occur [...]
Almost all enterprises use Windows Active Directory as their authentication store. Any non-Windows system that would like to Integrate into such an environment needs to be configured to interact with [...]
I came across this questions on the Sophos UTM (Astaro) forums today: "Can anybody tell me how can I use profiles to configure access to sites and categories by time [...]
Sophos UTM provides some on-box reporting which, by industry standards, is not too bad. So why do you need Sophos Reporter over Sophos UTM's Reporting? Here is a challenge. Try [...]
Sophos UTM is very versatile when it comes to the deployment options available to you. You can purchase a physical hardware appliance, or deploy a virtual appliance on your own [...]
I thought I’d show you a simple way people can potentially access blocked sites using Google’s Web Cache, and how you can use Sophos UTM to prevent it. Google crawls, [...]
Yes. Fastvue's second product, Sophos Reporter is now available! Since the first beta was released on the 25th of November 2013, we have received an overwhelming amount of positive feedback [...]
So you can't login to the Sophos UTM WebAdmin interface anymore. It happens. Perhaps you've made a configuration change and locked yourself out, or perhaps you've just forgotten your password. I [...]