Perform a basic configuration Sophos UTM in 12 simple steps

Configuration the Sophos UTM is easy in 12 steps. This perform basic setup for a computer in LAN go out internet through UTM.

Important Step noted:

  • Setup WAN interface and Default Gateway (step 6)
  • Setup DNS forwarder (step 7)
  • Setup Firewall Rule (step 8)
  • Setup NAT Masquerading (step 9)
  • Option for setup DHCP server

STEP 1: Go to Webadmin by default IP address:

Sophos UTM hardware default IP: https://192.168.0.1:4444

Sophos UTM Software default IP: https://192.168.2.100:4444

In this example: https://192.168.88.254:4444

See more in Sophos UTM Software/hardware Appliance Quick Start Guide

http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sophosutmsoftwarewebadminqsgen.pdf?la=en

STEP 2: Enter Administrator Contact and Password

Click APPLY and waiting for some second

clip_image002

STEP 3: Go to again Webadmin with new certificate

You will be noticed the Certificate error, and Add Exception for this.

clip_image004

clip_image005

STEP 4: Login to Webadmin with new password

clip_image007

STEP 5: Cancel the Wizard

Click “Cancel” button in bottom of Wizard

clip_image009

You will see the dashboard of Sophos UTM

clip_image011

STEP 6: Add WAN Interface

Go to “Interfaces & Routing” -> “Interfaces” -> click “New Interface”

· Name: WAN

· Type: Ethernet

· Hardware: choose the hardware interface connect to Router/Modem of ISP

· IPv4 Default Gateway: Checked

clip_image013

Click “SAVE” and you will see the new interface which is disabled

clip_image015

Click enable button to enable the WAN Interface

clip_image017

STEP 7: Setup DNS

Add Google or Public DNS to DNS forwarders

clip_image019

STEP 8: Setup Firewall Rule

Go to Network Protection -> Firewall

Default No rule and all traffic is blocked.

clip_image021

Click New Rule Button

· Sources: Internal Network

· Services: ANY (or Some Services)

· Destinations: ANY

· Action: Allow

· Advanced: Log Traffic checked

clip_image023

clip_image024

Enable the new firewall Rule

clip_image026

STEP 9: NAT

Go to Network Protection -> NAT -> Masquerading

· Network: Internal (Network)

· Interface: WAN

· Use address: Primary address

Enable the new Masquerading Rule

clip_image028

STEP 10: Enable Advanced Threat Protection

Go to Network Protection -> Advanced Threat Protection -> Click Enable button (Grey to Green)

clip_image030

STEP 11: Enable Intrusion Prevention System

Go to Network Protection -> Intrusion Prevention -> Click Enable button (Grey button in the right).

Add the Internal (Network) to Local Network box -> Click Apply.

clip_image032

Enable Anti-Portscan

clip_image034

STEP 12: Check the Firewall Live Log

Go to Network Protection -> Firewall

Click “Open Live Log” button

clip_image036

· Green line: traffic allow through firewall

· Red line: traffic deny through firewall

Option STEP: DHCP Server (if needed)

Go to Network Services -> DHCP -> Click “New DHCP Server” button.

· Interface: Internal

clip_image038

Done!

4 Comments

  1. Dude, You really rock thanks so much. I was thinking it was going to be harder to set up than PFSense, But Sophos UTM is easy to set up compared to PFSense. Keep up the good work.

1 Trackback / Pingback

  1. Unified Threat Management (UTM) for the home – lillerant wiki

Leave a Reply