Required to proceed:

• Completed Upload and Create a Sophos UTM ProfitBricks Data Center
• Using Firefox

Instructions:

Sophos Utm Docker Free

1. In the Primary Data Center you deployed for the Sophos UTM, click on the arrow in the top right corner of Sophos UTM server Box then the “Remote Console” button.

   To do the install you have to use the Remote Console. You will not be able to SSH into the server until a operating system has been installed.

2. A new window will popup with the Remote console session. It will have the Sophos Introduction box Hit the “Enter” button on your keyboard to select <Start>

   NOTE- You can only use the keyboard for the console sessions during the install

3. The Detected Hardware window will appear. Hit “Enter” on your keyboard to select <OK>

4. Use the up and down arrows on your keyboard to select the Keyboard layout. Then hit the “Tab” button on your keyboard to highlight the <OK> button and hit the “Enter” to select.

5. Use the up and down arrows on your keyboard to select your area. Then hit the “Tab” button twice on your keyboard to highlight the “<next>” button and hit the “Enter” to select.

6. Use the up and down arrows on your keyboard to select your Timezone. Then hit the “Tab” button twice on your keyboard to highlight the “<next>” button and hit the “Enter” to select.

7. Check and make sure the date and time are correct. If they are hit the “Enter” key on your keyboard.

8. Highlight “eth0” and hit the “Tab” key twice to highlight “<next>”, the hit the “Enter” key on your keyboard.

9. For the network configuration options we need to look at the Data Center Designer and click on the Networking tab of the Sophos UTM Server. We are going to use the static IP you assigned to eth0 for the network configuration of the Sophos install.

   Back in the Remote Console window change the “Address:” to your static IP address. Leave the “Netmask:” as “255.255.255.0” and the “Gateway:” your static ip but the last set at “.1”

   Hit “Tab” twice to highlight <Next> and hit “Enter” to select it.

10. It is going to ask you if you want to install the 64-Bit Kernel of Sophos. Hit “Enter” to select <No>.

    DO NOT INSTALL THE 64-Bit Version. There are issues with KVM.

11. Hit “Enter” to select <Yes> for do you want to install all capabilities.

12. Hit “Enter” to select <Yes> to erase all existing data on ‘/dev/vda’ (Disk).

13. You will see the installation configure the disks and run the install. Once it is completes you will see the installation Finished Message appear. Right down the URL to access the Sophos UTM and hit “Enter” to select <Reboot>. The server will start the reboot process.

14. Go back to the Data Center Designer and click on the Sophos UTM server, then the Storages Tab in the Inspect Element Box to the right. Go to the Virtual CD-ROM drive and click on the image menu and select “Remove Image”. Then set the Storage as the “Boot Device”. Last click the “Unapplied Changes” Button.

15. Hit the “Provision” button in the window that pops up and wait for the changes to provision and the server to restart one more time.

    When the “Saved Successfully” window appears, click the “OK” button

16. Open a new tab in Firefox and go to the UTM address you wrote down in Step 13. It will be https://<your_static_ip>:4444 a security exception message will appear. Click “I understand the risks” and then “Add Exception”

    Then click the “Confirm Security Exception” button

17. Fill out the hostname, Company Name, City, and Country Fields. Create a Admin password and enter the Admins email address (this is where you will get status notifications. Check the “I accept the license agreement” box and click on the “Perform Basic System Setup” button.

    Be patient once you click the “Perform Basic System Setup” button, it can take up to a minute to respond. You will notice a little green message in the bottom of the window.

18. The page will refresh and you will have to Click “I understand the risks” and then “Add Exception” again and the “Confirm Security Exception” button again.

19. Login with the Username: admin (all lowercase) the password you created in Step 17.

20. Select “Continue” and then “Next”

21. Click on the File icon next to the License FIle Field

    Click the Browse button

    Select the Sophos License File you downloaded in Part One and select “Open”

    Click the “Start Upload” button

    Then the “Next” button

22. Make sure the Internal (LAN) IP is your public Static IP and the Netmask: is “/24 (255.255.255.0)” we are going to change this connection to be the External (WAN) later. Leave “Enable DHCP server on internal interface” unchecked.

23. Check “Setup Internet connect later” then click “Next”

24. You can check the Allowed services you would like to be allowed for devices on the internal LAN. Then click “Next”

25. Check “Intrusion Prevention Engine” and “Command & Control/Botnet Detection Engine” and click “Next”

26. Check “Scan sites for viruses” and click “Next”

27. You can Select Scan email fetched over POP3 or Configure internal mail server. For this tutorial, we are going to leave both unchecked and click “Next”

28. The summary page will appear click the “Finish” button

29. The Sophos Dashboard will come up. Click on the “Interfaces & Routing” Menu then the “Interfaces” option.

30. Click the Edit Button next to the “Internal” network adapter

    Change the Name: from “Internal” to “External (WAN)” and Click “Save”

31. Click on the “New Interface...” button

    Go to the Data Center Manager and look at what IP has been assigned to NIC2

    Back in the Sophos UTM Configuration Tab name the new interface “Internal (LAN)”.- Set the Type: “Ethernet Static” and for Hardware: Select “eth1 Virtio network device”.- For IPv4 address: type in the IP that was assigned to NIC2 in the Data Center Manager.- Make sure the Netmask: is “/24 (255.255.255.0)”- leave “IPv4 Default Gateway” unchecked.- Click “Save”

    Clock the Status Switch next to “Internal (LAN)’ to enable it.

32. Click on the “Management” Menu, then “Systems Settings” menu and the “Shell Access” Tab >

    Turn on SSH Shell Access by clicking the switch in the top right corner so it turns Green.

    Create a password for the root and loginuser ssh accounts and click the “Set specified passwords” button.

33. Now we are going to create Firewall rules to allow servers behind Sophos to talk to each other and to access the Internet so that they can run updates and other servers. Click on the “Network Protection” menu, then “Firewall” and then the “New rule...” button

    NOTE - The firewall rules and setting we will do in the following steps are very basic. We HIGHLY recommend that you create custom firewall rules that best fit your network environment for best security practices.

34. Configuring rule to allow servers behind Sophos UTM to talk to eachother.

    • Leave Group as “No Group”
    • Set Position as “Top”

    Click the folder icon in the “Sources:” box and drag “Internal (LAN) (Network)” into the Sources: box

    Click the folder icon in the “Services:” box and drag the “Any” icon into the “Services:” box

    Click the folder icon in the “Destinations:” box and drag the “Internal (LAN) (Network)” into the Destinations: box

    • Action: is “Allow”
    • Click “Save”
    • Check the “Switch” next to the new rule so it turns green to enable it

35. Configuring general rule to allow servers behind Sophos UTM to be able to access the internet.

    • Leave Group as “No Group”
    • Set Position as “Top”

    Click the folder icon in the “Sources:” box and drag “Internal (LAN) (Network)” into the Sources: box

    Click the folder icon in the “Services:” box and drag the “Any” icon into the “Services:” box

    Click the folder icon in the “Destinations:” box and drag the “Any” into the Destinations: box- Action: is “Allow”- Click “Save”- Check the “Switch” next to the new rule so it turns green to enable it

36. Now we are going to configure Masquerading to allow the servers behind Sophos UTM to be able to access the internet.

    Click on “NAT” under the “Network Protection” menu and then click the “New masquerading rule...” button.

    Click the folder icon next to Network: and drag drag “Internal (LAN) (Network)” into the Network: box- Set Position: as “Top”- Interface: “External (WAN)”- Use Address: <<Primary address>>- Click “Save”

    Click the switch next to the new masquerading rule to enable it.

37. Your base Sophos UTM configuration is complete and you now have a Sophos Firewall protecting the servers in your Data Center. In the next Parts of this tutorial we will configure Site-to-Site VPN’s and Configure the Sophos UTM to direct traffic request to the proper servers behind the Sophos UTM.

Sophos Utm Dockery

Overview The Sophos UTM's Web Proxy can transparently filter HTTPS traffic. When this is activated, and set to Decrypt & Scan, secure sites will be prompted with a security warning in the client browser unless the UTM Proxy CA certificate is installed on the client browser.

Sophos Utm Docker Download

• On my Sophos UTM setup everything worked fine with the shown nextcloud/nginx config. I have a Bitwarden and a Plex Docker running, which are accessible from outside via HAProxy perfectly fine. I have spend quite a lot of time now with screening threads, manuals and troubleshooting but cannot find a mistake.
• Sophos AV for Docker. Simple dockerfile to allow running Sophos AV on practically any Docker supported system. Sample Usage: bash$ docker pull maxpowa/sophos-av bash$ docker run -it -v /home/max:/scan maxpowa/sophos-av savscan -all /scan.
• By synchronizing with Sophos Central, you can use Security Heartbeat to enable devices on your network to share health information. Synchronized Application Control lets you detect and manage applications in your network. Additionally, you can manage your XG Firewall devices centrally through Sophos Central.
• Recovery Instructions: Your options. In the Application Control policy, applications are allowed by default. System administrators choose applications that they wish to block.