UNOLS Satellite Network Advisory Group

User Tools

Site Tools

Trace:
public:sophos

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
sophos [2020/04/29 16:37] rhudakpublic:sophos [2024/01/25 03:31] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Sophos Basics====== ====== Sophos Basics======
 +<color #ed1c24>DO NOT USE GOOGLE CHROME</color> until the certs have been fixed.
  
 +==== Sophos Cheat Sheet for the GUI ====
 +[[Sophos XG Cheat Sheet]]
  
 +==== Sophos Extras ====
 +[[Turning off Captcha]]
  
-==== Sophos Cheat Sheet for the GUI ====+[[Generating a Certificate]] 
 + 
 +[[Sophos Central will NOT connect]]
  
 +[[Importing User csv file via XML API]]
 ==== Configure Your Sophos ==== ==== Configure Your Sophos ====
  
Line 19: Line 27:
 ==== To Configure Bridge Mode ==== ==== To Configure Bridge Mode ====
  
-Unlike the cyberoam, the Sophos has a little more hands configuration. When first configuring your Sophos the wizard will ask how you want to configure the ports (bridge or gateway). If you are unsure, you can skip this step and configure later in the Web GUI. +Unlike the cyberoam, the Sophos has a little more hands on configuration. When first configuring your Sophos the wizard will ask how you want to configure the ports (bridge or gateway). If you are unsure, you can skip this step and configure later in the Web GUI. 
  
  
Line 43: Line 51:
  
 ==== Configure Time and NTP ==== ==== Configure Time and NTP ====
-To keep the reports sent to satnag-reports synchronizable, please use UTC or Atlantic/Reykjavik time. If Atlantic/Reykjavik is not an option, the Abidjan, Africa option comes up up as GMT UTC +000.+To keep the reports sent to satnag-reports synchronizable, please use UTC or Atlantic/Reykjavik time.
 If the ship has an NTP server, it can be added as a ‘Use Custom NTP Server’. If the ship has an NTP server, it can be added as a ‘Use Custom NTP Server’.
  
Line 63: Line 71:
  
 {{ :sophos_firewallrule.png?600 |}} {{ :sophos_firewallrule.png?600 |}}
 +
 +==== Add Web & Application Policies ====
 +Web -> Policies 
 +
 +Applications -> Application Filter
 +
 +===∗Turn Exceptions OFF∗===
 +Web -> Exceptions
 +
 +Ensure 'Apple Update' and 'Microsoft Windows Update' are **OFF**
 +
 +{{ :public:screen_shot_2020-07-20_at_17.26.18.png?600 |}}
 +
 +===To Add Web and Application Policies to a Firewall Rule===
 +
 +Once you have created your web and application policies you can add them to your firewall rule. 
 +
 +Firewall -> 'rule' -> Advanced 
 +
 +Make sure you click the 'check box' for the policies to be accepted into the firewall rule.
 +
 +{{ :sophos_addpoliciestofirewall.png?600 |}} 
 +
 +==== User Group ====
 +Authentication -> Groups -> Add
 +  create offshipUsers 
 +{{ :sophos_offshipusers.png?600 |}}  
 +
 +=== Add a Network Traffic Policy ===
 +Authentication -> Groups -> Add/Edit -> Network Traffic -> Create New
 +  create satNAG_policy
 +{{ :sophos_satnagpolicy.png?600 |}}
 +
 +Add a couple of users;
 +Authentication ->Users ->Add
 +
 +It is helpful to use the same syntax you would use for adding users to the ship email system or LDAP or RADIUS server, when adding the users assign them to the group //offshipUsers// created above.
 +
 +==== Enable Captive Portal ==== 
 +In order to enable the captive portal your device will need two rule groups: //WAN to LAN IPV4 traffic// and //LAN to WAN IPV4 traffic//
 +
 +Change LAN_WAN_AnyTraffic Firewall rule to DROP 
 +
 +
public/sophos.1588178250.txt.gz · Last modified: 2024/01/25 03:32 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki