Sophos XG Firewall : How to packet filter using Packet Capturr

Overview

  • Packet Capture is the process of capturing and recording traffic. The Packet Capture utility packages of Sophos XG Firewall conform to the specified criteria and display the package values ​​in different fields. These fields include connection details and details of policies applied to the package in sections such as Rule ID, User / Group Name (User Name / Group), Web filter ID (Web filter ID), Application filter ID (application filter ID), etc.

Scenario

  • Get the packet of inbound and outbound packets on port 80. Only filter TCP packets from the source (172.16.16.100 is the user’s address in the LAN area) in the capture.

Configuring

  • You must log into the admin page of the Sophos XG firewall device with an admin account.
  • Packets of incoming and outgoing traffic can be recorded in Sophos Firewall by pressing Diagnostics> Packet Capture.
  • Under the Packet Capture section, press On on the switch to turn on Packet Capture.
  • Under the Capture Packet section, click Display Filter and enter the filter criteria as shown in the table below.
  • Click Apply. The following image will be displayed. The captured packages are the system default and will vary depending on the source IP.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.