Copyright © 2024 Sophos Ltd

Navigating and
Managing Sophos
Firewall
Sophos Firewall
Version: 21.0v1

[Additional Information]

Sophos Firewall
FW1505: Navigating and Managing Sophos Firewall

November 2024
Version: 21.0v1

© 2024 Sophos Limited. All rights reserved. No part of this document may be used or reproduced in any
form or by any means without the prior written consent of Sophos.

Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and marks
mentioned in this document may be the trademarks or registered trademarks of Sophos Limited or their
respective owners.

While reasonable care has been taken in the preparation of this document, Sophos makes no warranties,
conditions or representations (whether express or implied) as to its completeness or accuracy. This
document is subject to change at any time without notice.

Sophos Limited is a company registered in England number 2096520, whose registered office is at The
Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP.

Navigating and Managing Sophos Firewall 1

Copyright © 2024 Sophos Ltd

Navigating and Managing Sophos Firewall

In this chapter you will learn what the RECOMMENDED KNOWLEDGE AND EXPERIENCE
Sophos Firewall web admin console is and
✓ Sophos Firewall configuration using the initial
understand how it uses objects as the
setup wizard
building blocks for the configuration of rules
and policies.

DURATION 11 minutes

In this chapter you will learn what the Sophos Firewall web admin console is and understand how it uses
objects as the building blocks for the configuration of rules and policies.

Navigating and Managing Sophos Firewall 2

Copyright © 2024 Sophos Ltd

Web Admin Console: Control Center

When you first login to the web admin console you are presented with the Control Center, which
provides a live view of what is happening on the Sophos Firewall and allows you to quickly identify
anything that requires your attention.

The Control Center is broken down into six main areas.

• System, which shows the health of the firewall and services. Each item can be clicked to get more
detailed information.
• Traffic insight, which provides an at a glance overview of what is happening on the network and the
traffic being processed.
• User and device insight, for the status of users and devices being protected by Sophos Firewall. This
section includes the User Threat quotient, which is a risk assessment of users based on their
behaviour.
• Active threat response, shows the status of your threat feeds and the number of items blocked.

Navigating and Managing Sophos Firewall 3

Copyright © 2024 Sophos Ltd

Web Admin Console: Control Center

• Active firewall rules displays the usage of firewall rules by type. Below the graph you can see the
state of firewall rules over the last 24 hours. Clicking these will take you to the firewall rules filtering
for the selected type of rule.
• Reports provides access to commonly used reports. These can either be opened by clicking on the
name of the report or downloaded using the icon to the right of each. It shows when the report was
last updated and the size of the file.
• And Messages, which displays alerts or information for the administrator, including security warnings
and new firmware updates. Messages are clickable to access the relevant configuration.

Navigating and Managing Sophos Firewall 4

Copyright © 2024 Sophos Ltd

Web Admin Console: Main Menu

Information on current activity,
reports and diagnostic tools

Down the left-hand side is the main menu for navigating the Sophos Firewall. This is divided into four
sections:

‘MONITOR & ANALYZE’ provides access to information on the current activity on the Sophos Firewall,
reports, and diagnostic tools.

Navigating and Managing Sophos Firewall 5

Copyright © 2024 Sophos Ltd

Web Admin Console: Main Menu

Configure rules policies and settings

related to protection features

‘PROTECT’ is for configuring the rules, policies, and settings related to protection features.

Navigating and Managing Sophos Firewall 6

Copyright © 2024 Sophos Ltd

Web Admin Console: Main Menu

Setup connectivity, routing,

authentication and global settings

‘CONFIGURE’ where you setup connectivity, routing, authentication, and global settings.

Navigating and Managing Sophos Firewall 7

Copyright © 2024 Sophos Ltd

Web Admin Console: Main Menu

Device access settings, objects and

profiles that are used in rules and
policies

‘SYSTEM’ which houses the device access settings, as well as objects and profiles that are used within
rules and policies.

Navigating and Managing Sophos Firewall 8

Copyright © 2024 Sophos Ltd

Web Admin Console: Tabbed Navigation

Each section that is accessible from the main menu is further broken down into tabs for accessing each
area of configuration.

On some screens additional, less frequently used tabs, can be accessed using the ellipses on the right-
hand side of the tabs.

Navigating and Managing Sophos Firewall 9

Copyright © 2024 Sophos Ltd

Web Admin Console: Advanced Settings

Display additional
Settings for reports

On the Reports page there is an additional Show Reports settings option, that allows you to access
some of the less often used options.

When this setting is selected, additional options will be displayed. You can identify when you are on this
screen because the title bar at the top of the page will be yellow.

Navigating and Managing Sophos Firewall 10

Copyright © 2024 Sophos Ltd

Web Admin Console: Admin Drop-Down Menu

Found in the top-right is the admin menu. Here you can reboot, shutdown, and logout of the Sophos
Firewall. This menu also provides links to the support website, the Sophos Firewall licensing page, and
web-based access to the console.

Navigating and Managing Sophos Firewall 11

Copyright © 2024 Sophos Ltd

Web Admin Console: Help

Found on every screen on the Sophos firewall is a context sensitive link to the online help file.

When clicked, it opens a separate window. This online version of the help is fully interactive and can be
browsed by selecting the various menu items in the left-hand menu. It can also be searched using
keywords. When a search result is selected it will load the appropriate section within the help file.

[Additional Information]
https://doc.sophos.com/nsg/sophos-firewall/21.0/Help/en-
us/webhelp/onlinehelp/AdministratorHelp/GettingStarted/index.html

Navigating and Managing Sophos Firewall 12

Copyright © 2024 Sophos Ltd

Web Admin Console: Log Viewer

Next to the help link is the Log viewer, which opens in a new window to provide access to all log files.

In the ‘Log viewer’ you can filter the logs and perform context sensitive actions.

Navigating and Managing Sophos Firewall 13

Copyright © 2024 Sophos Ltd
Additional information in
the notes
How To Guides

Clicking the How-to guides link in web admin console takes you to the TechVids page where you can find
a library of videos that demonstrate how to perform common tasks on Sophos Firewall.

[Additional Information]
https://techvids.sophos.com

Navigating and Managing Sophos Firewall 14

Copyright © 2024 Sophos Ltd

Objects

Objects are the building blocks for rules and policies

Define hosts, networks, services, groups, and profiles

Can be created inline when configuring rules and policies

The Sophos Firewall uses objects as the building blocks for the configuration of rules and policies. By
defining reusable objects once for things such as hosts, services and networks, it can speed up
configuration, and simplify future changes by having a single place to make a change.

Objects can be created and edited ahead of time, but they can also be created inline when configuring
protection features. This means that you do not have to navigate away from what you are configuring to
create an object, because you will have the option to create it where you need it.

There are two categories of object; hosts and services, and profiles. These can be found in the ‘SYSTEM’
section on the Sophos Firewall.

Navigating and Managing Sophos Firewall 15

Copyright © 2024 Sophos Ltd

Host Objects
IP MAC FQDN

There are 3 types of host object on the Sophos Firewall: IP, MAC, and FQDN

There are three types of host object on the Sophos Firewall: IP, MAC, and FQDN.

Navigating and Managing Sophos Firewall 16

Copyright © 2024 Sophos Ltd

Host Objects
IP MAC FQDN

IP version and host type cannot be changed

after creation

IP host groups can be used to group IP host

objects for IP addresses, networks, and IP
ranges, but not for IP lists

IP host objects can represent a single IP address, a subnet, a range of IP addresses or a list of IP
addresses, for either IPv4 or IPv6.

The object has a name and then must be configured by IP version (IPv4 or IPv6) and a type. Please note
that the IP version and type cannot be modified after the object has been created.

You then provide the data for the type of object you selected. All IP address lists are comma separated.
IP host groups can be used to group IP host objects for IP addresses, networks and IP ranges, but not IP
lists.

Navigating and Managing Sophos Firewall 17

Copyright © 2024 Sophos Ltd

Host Objects
IP MAC FQDN

Type cannot be changed after it has been

Lists are comma separated
created

MAC host objects can be created for individual MAC addresses or MAC address lists. The MAC host
object has a name and then must be configured for a specific type, either MAC address or MAC list. This
cannot be changed once the object has been saved.

MAC address lists are comma separated.

Navigating and Managing Sophos Firewall 18

Copyright © 2024 Sophos Ltd

Host Objects
IP MAC FQDN

Supports wildcard prefix to resolve sub-domains

Can be grouped with FQDN host groups

FQDN hosts are used to define fully qualified domain names.

FQDN host objects can include a wildcard prefix to resolve sub-domains, for example, *.sophos.com.

FQDN host groups allow you to create a collection of FQDN host objects to further simplify the using of
objects in rules and policies.

Navigating and Managing Sophos Firewall 19

Copyright © 2024 Sophos Ltd

Services

Service based on
TCP and UDP ports

Service based on
IP protocol numbers

Service based on
ICMP types & codes

Service objects can be created for TCP and UDP based on protocol, source, and destination port. IP
based on protocol number, and ICMP and ICMPv6 based on the ICMP type and code.

Each service object is for a single type and can contain one or more definitions. You can also create
groups of service objects.

Navigating and Managing Sophos Firewall 20

Copyright © 2024 Sophos Ltd

Country Groups

Sophos Firewall maintains a geo IP database that maps IP addresses to countries, and this is
automatically updated with the pattern definitions.

There are several predefined country groups that ship with Sophos Firewall, which can be edited. You
can also create custom groups of countries.

Navigating and Managing Sophos Firewall 21

Copyright © 2024 Sophos Ltd

Object Reference Lookup

Host Objects Interfaces

Services Zones
Country Groups Gateways
SD-WAN Profiles

Objects have a reference lookup, which allows you to see daily but how many times it has been used in
the usage column. The usage count is calculated daily but can be manually refreshed using the icon next
to the column label.

You can see the usage for host objects, services, and country groups, as well as interfaces, zones,
gateways, and SD-WAN profiles.

Navigating and Managing Sophos Firewall 22

Copyright © 2024 Sophos Ltd

Object Reference Lookup

Go to configuration page

Open configuration here

By clicking on the number of references in the usage column you can see every place that object has
been used.

In the example here, we can see it has been used in the ‘London New York Traffic’ firewall rule, in the
‘London Networks to WAN’ TLS inspection rule, and in the ‘NY MPLS’ SD-WAN route.

Each reference shown is a link. Those with the icon will take you to that configuration page in Sophos
Firewall.

All other links allow you to directly edit or remove objects without having to navigate away from this
page.

Navigating and Managing Sophos Firewall 23

Copyright © 2024 Sophos Ltd
Additional information in
the notes
Object Usage Using the XML API
XML Request
<Request>
<Login>
<Username>admin</Username>
<Password>Sophos1985!</Password>
</Login>
<Get>
<GatewayStatistics></GatewayStatistics>
</Get>
</Request>

XML Request URL

https://firewall.trainingdemo.xyz:4444/webconsole/APIController?reqxml=<Requ
est><Login><Username>admin</Username><Password>Sophos1985!</Password></Login
><Get><GatewayStatistics></GatewayStatistics></Get></Request>

The object usage count is also available through the XML API using statistics XML tags for each of the
supported object types.

Here you can see an example of the XML request syntax used to request the usage count for gateway
objects. Within the request there are two sections, the ‘Login’ section where you need to provide a
username and password for authentication, and a ‘Get’ section, where you define the data you want to
retrieve through the API.

You can test this in a browser by including the XML in a request to the API controller URL like the
example shown here.

[Additional Information]
XML request tags documentation.
https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-
us/webhelp/onlinehelp/AdministratorHelp/BackupAndFirmware/API/APIXMLTags/index.html#xml-tags

Supported XML tags

Object XML Tag
Zones <ZoneStatistics></ZoneStatistics>
Interfaces <InterfaceStatistics></InterfaceStatistics>
Gateway <GatewayStatistics></GatewayStatistics>
SD-WAN Profle <SDWANProfileStatistics></SDWANProfileStatistics>
MAC Host <MACHostStatistics></MACHostStatistics>
IP Host Group <IPHostGroupStatistics></IPHostGroupStatistics>
IP Host <IPHostStatistics></IPHostStatistics>
Service Group <ServiceGroupStatistics></ServiceGroupStatistics>

Navigating and Managing Sophos Firewall 24

 Service <ServiceStatistics></ServiceStatistics>
FQDN Host Group
<FQDNHostGroupStatistics></FQDNHostGroupStatistics>
FQDN Host <FQDNHostStatistics></FQDNHostStatistics>
Country Group <CountryGroupStatistics></CountryGroupStatistics>

Navigating and Managing Sophos Firewall 24

Copyright © 2024 Sophos Ltd

Simulation: Create Objects on Sophos Firewall

In this simulation you will configure Sophos Firewall

using the initial setup wizard.

LAUNCH SIMULATION CONTINUE

https://training.sophos.com/fw/simulation/CreateObjects/2/start.html

Please complete this simulation.

Click Launch Simulation to start. Once you have finished, click Continue.

[Additional Information]
https://training.sophos.com/fw/simulation/CreateObjects/2/start.html

Navigating and Managing Sophos Firewall 25

Copyright © 2024 Sophos Ltd

Profiles
Schedule Access time
• Defines a time period • Allow or deny action for a schedule
• Recurring or one-off

Surfing quota Network traffic quota

• Browsing time restrictions • Bandwidth restrictions
• Recurring or one-off • Separate upload/download or combined

Decryption IPsec
• Settings for TLS decryption • IKE parameters for establishing tunnels
between two firewalls

Device access
• Roles for administrators

Profiles are a collection of settings that can be defined and used when configuring protection features.

There are profiles for:

• Schedule, which defines a time period, either recurring or one-off,
• Access time, that defines an allow or deny action for a schedule,
• Surfing quota, which defines either recurring or one-off restrictions for browsing time,
• Network traffic quota, for upload and download bandwidth quota restrictions,
• Decryption, for controlling the decryption of TLS traffic,
• IPsec, to specify the IKE (Internet Key Exchange) parameters for establishing tunnels between two
firewalls,
• And Device access, which defines access roles for admins logging into the web admin console

Navigating and Managing Sophos Firewall 26

Copyright © 2024 Sophos Ltd

Firmware Updates

Upload firmware

Boot firmware image

Boot with factory

default configuration

Sophos Firewall has two firmware slots, one for the current active firmware, and the other that can be
updated with a new version. This means that if an issue is encountered with the running firmware, the
previous version can be booted.

Firmware can be downloaded automatically or uploaded manually. When there is a new firmware
version you will be prompted to upgrade when you login.

As well as uploading new firmware, you can select which firmware version to boot or choose to boot
one of the firmware versions with the default factory settings.

Navigating and Managing Sophos Firewall 27

Copyright © 2024 Sophos Ltd

Firmware Updates

Three free firmware updates

Mandatory updates during initial setup wizard do not count

Pattern updates are not affected

Firmware updates require a valid support license. For devices that do not have a valid support license
applied, a banner is shown on the firmware page that shows the number of free firmware updates that
are left.

Three free firmware updates are provided, and mandatory updates that are installed as part of the initial
setup wizard are not counted towards this. Pattern updates are not affected.

Navigating and Managing Sophos Firewall 28

Copyright © 2024 Sophos Ltd

Backup and Restore

You can backup the configuration of Sophos Firewall on a regular basis, either daily, weekly, or monthly.
Backups can be created locally on the Sophos Firewall to be manually downloaded, or they can be
automatically uploaded via FTP, or sent via email.

Configuration backups need to be encrypted with a password, which can be set on this page.

Navigating and Managing Sophos Firewall 29

Copyright © 2024 Sophos Ltd

Backup and Restore

At the bottom of the page, you can select a backup configuration file to upload and restore.

You will need to enter the encryption password for the backup, and when prompted, the secure storage
master key that protects sensitive data such as passwords.

Navigating and Managing Sophos Firewall 30

Copyright © 2024 Sophos Ltd

Backup-Restore Assistant

As part of the restore process there is an interface mapping tool that allows you to select which port
configuration should be applied to. This allows you to backup and restore configuration between
different models of firewall.

Navigating and Managing Sophos Firewall 31

Copyright © 2024 Sophos Ltd
Additional information in
the notes
Backup and Restore Considerations
Compatible Devices
for Restoring Backups
The device you are restoring on must be able to support
✓ the number of gateways in the configuration

You can’t restore configuration from a wireless device on a

x non-wireless device if it contains any configuration for the
built-in wireless

Backup and Restore Documentation

1. There are some restrictions using backup and
restore between desktop models depending on the
wireless support and configuration

Note that there are some considerations for using backup and restore between devices.

This table shows the compatibility of backups between devices.

Some additional considerations when restoring backups between devices include:

• The device you are restoring on must be able to support the number of gateways in the configuration.
• You can’t restore configuration from a wireless device on a non-wireless device if it contains any
configuration for the built-in wireless.

For full details, please review the documentation.

[Additional Information]
https://doc.sophos.com/nsg/sophos-firewall/21.0/Help/en-
us/webhelp/onlinehelp/AdministratorHelp/BackupAndFirmware/BackupAndRestore/index.html#compat
ible-devices-for-restoring-configuration
https://docs.sophos.com/nsg/sophos-firewall/21.0/help/en-
us/webhelp/onlinehelp/AdministratorHelp/BackupAndFirmware/BackupAndRestore/BackupAndRestore
Wireless/index.html#restore-to-wireless-models

Navigating and Managing Sophos Firewall 32

Copyright © 2024 Sophos Ltd

Chapter Review

The main menu is the primary navigation tool and is divided into 4 sections. Pages are further broken
down into tabs for accessing each area of configuration.

Every page provides a link to context sensitive help.

Sophos Firewall uses two types of object; hosts and services, and profiles. These are the building blocks
for the configuration of rules and policies.

Here are the three main things you learned in this chapter.

The main menu is the primary navigation tool and is divided into four sections. Pages are further broken
down into tabs for accessing each area of configuration.

Every page provides a link to context sensitive help.

The Sophos Firewall uses two types of object; hosts and services, and profiles. These are the building
blocks for the configuration of rules and policies.

Navigating and Managing Sophos Firewall 38

Copyright © 2024 Sophos Ltd

Navigating and Managing Sophos Firewall 39