SOPHOS FIREWALL RESPONSE INTEGRATION

Overview

Sophos Firewall enables you to extend your network anywhere, anyhow, easily and affordably, with a full portfolio of SD-WAN, cloud, and VPN secure access solutions that will integrate your distributed network together.

Prerequisites

  • Logsign 6.3.+ versions support this integration.

Configure On Sophos

Forwarding settings are completed as follows:

To make configuration changes using the API, do as follows:

  • Create an administrator profile with read-write permission for the modules you want to update.
  • Attach the administrator profile to an administrator record.
  • Allow the following activities:
  • API configuration.
  • API access from the IP address of the administrator's endpoint device.
  • Access to the administrative services of Sophos Firewall from the administrator's zone.
  • Submit the XML string. In this example, we enter the string in the address bar of a browser.

Create an administrator profile for making configuration changes

You create an administrator profile with read-write permission for objects and network.

  1. Go to Profiles > Device access and create an administrator profile with specific rights.
  2. Click Save.
  3. The following image shows an example of how to configure the settings:

 

 

Create an administrator

You create a user and add the administrator profile.

When you add a user with the API administrator profile, you can limit the administrator's rights based on the profile. Alternatively, you can use an existing administrator account.

  1. Go to Authentication > Users and click Add.
  2. Set User type to Administrator.
  3. Select the API administrator profile you created.
  4. To allow access for a specific time, select the Access time.
  5. To allow access only from specific IP addresses, select an option for Login restriction for device access.
  6. Click Save.

The following image shows an example of how to configure the settings:

 

 

Allow API Access

You allow API access for the administrator you created.

You turn on API configuration and allow API access from the administrator's IP address. You also allow access to the administrative services of Sophos Firewall.

 

  1. Specify the API configuration settings:
  • Go to Backup and firmware > API.
  • Select API configuration.
  • For Allowed IP address, enter the IP address from which you'll make the API request and click the add button.
  • Click Apply.

The following image shows an example of how to configure the settings:

 

 

  1. To allow access to administrative services from the zone containing the administrator's IP address, do as follows:
  • Go to Administration > Device access. Under Admin services, select the administrator's zone for HTTPS and SSH.
  • If you want to allow access from the WAN zone, we recommend that you create an exception rule limiting the access for specific services.
  • Scroll down to Local service ACL exception rule. Click Add, and create an exception for the zone.
  • In this example, we specify the following settings:



Settings Description
Source Zone LAN
Source Network / Host API administrator
Destination Host Port2
Services HTTPS
SSH
Action Accept

 

  • Click Save. The following image shows an example of how to configure the settings:

 




Configure On Logsign 

 

Forwarding settings are completed as follows:

 

  1. Click Settings > Integrations > Responses.
  2. In the ‘Search’ part, write Sophos.
  3. Click ‘Configure’ and then click ‘+Device’.

 

  1. Define the settings as follows:
  • Device Name: Define the Device Name.
  • Username: Specify the username.
  • Password: Specify the password.
  • Host: Define the host information which you created.
  1. Click Create to save the changes.

 

Methods

BLOCK-IP



  • Device: Select the configuration you have configured.
  • IP Address: Specify the block IP address. 
  • Host Group: You can add whatever object you want to include in the group.
  • Expire Time: The duration of how long the object that we add to the group will stay in that group is specified.

 

UNBLOCK-IP

 

  • IP Address: Specify the unblock IP address. 
  • Host Group: You can add whatever object you want to include in the group.

 

BLOCK-FQDN

  • Device: Select the configuration you have configured.
  • Fqdn: Specify the name of the FQDN address you want to block.
  • Fqdn Host Group: You can add whatever object you want to include in the group.



UNBLOCK-FQDN

  • Device: Select the configuration you have configured.
  • Fqdn: Specify the name of the FQDN address you want to unblock.
  • Fqdn Host Group: You can add whatever object you want to include in the group.

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.