Table of Contents
DO NOT USE GOOGLE CHROME until the certs have been fixed.
Sophos Cheat Sheet for the GUI
Configure Your Sophos
Prior to configuring the Sophos you need to decide if you would like to use the Sophos in BRIDGE mode or GATEWAY mode.
In BRIDGE mode the Sophos can be transparent except when using the Captive Portal.
- Traffic will pass through the Sophos depending on firewalls rules used.
- Network Address Translation (NAT) is not needed
In GATEWAY mode
- The Sophos will do the routing between networks
- The Sophos will need to NAT traffic
To Configure Bridge Mode
Unlike the cyberoam, the Sophos has a little more hands on configuration. When first configuring your Sophos the wizard will ask how you want to configure the ports (bridge or gateway). If you are unsure, you can skip this step and configure later in the Web GUI.
Network → Interfaces → Add Interface → Add Bridge
Added br0 Added port2 WAN Added port1 LAN
Activate Your Subscription
To use your new Sophos product to its fullest capacity, it requires a subscription. Your license key can be found in an email or a paper that came with the product.
Once activated you will not see any immediate changes. You must also synchronize your subscription to your device.
Configure Time and NTP
To keep the reports sent to satnag-reports synchronizable, please use UTC or Atlantic/Reykjavik time. If the ship has an NTP server, it can be added as a ‘Use Custom NTP Server’.
Hosts and Services → IP host → Add
Added offship_network 192.168.2.0/24 Added data_network 192.168.1.0/24
Configure Firewall Rules
Firewall→ IPv4 → Add Firewall Rule
create Rule to allow all DNS
Depending on where your DNS and/or DHCP server reside, you will probably want to allow all DNS and DHCP traffic to pass through the device
Add Web & Application Policies
Web → Policies
Applications → Application Filter
∗Turn Exceptions OFF∗
To Add Web and Application Policies to a Firewall Rule
Once you have created your web and application policies you can add them to your firewall rule.
Firewall → 'rule' → Advanced
Make sure you click the 'check box' for the policies to be accepted into the firewall rule.
Add a Network Traffic Policy
Authentication → Groups → Add/Edit → Network Traffic → Create New
Add a couple of users; Authentication →Users →Add
It is helpful to use the same syntax you would use for adding users to the ship email system or LDAP or RADIUS server, when adding the users assign them to the group offshipUsers created above.
Enable Captive Portal
In order to enable the captive portal your device will need two rule groups: WAN to LAN IPV4 traffic and LAN to WAN IPV4 traffic.
Change LAN_WAN_AnyTraffic Firewall rule to DROP