Sophos Assistant - Feedback and Experiences

Hello Community,

The team working the Sophos Assistant (whatfix) would like to know your experience with the Sophos Assistant tool.

  • Have you use it?
  • Were you aware of it?
  • What flow have you tried?
  • What flow would you like to see?
  • What changes/improvements would you make?
  • Anything you would like to report (Flow no working, flow stop working, flow no intituive) 

The Sophos Assitant was launched in Sophos Firewall 18.5 MR2, this new tool was created to provide interactive guides (flows) on configuring modules (simple and complex). 

Some of the current and most popular flows are:

  • DNAT and Firewall Rules for Internal Web Server
  • Remote Access SSL VPN
  • site-to-site IPsec VPN

Understanding the icons in the Sophos Assistant

You'll encounter three different icons in the Sophos Assistant.

Icon Description

Group of configuration flows
Click it to expand its content

 Configuration flow
 External link (mainly to online documentation)



Title
[edited by: emmosophos at 3:36 PM (GMT -8) on 11 Jan 2023]
  • Hi,

    I have never used the Assistant, so I cannot comment on its functionality or use. What I can comment on is its annoying presence in the DUI windows. Secondly it does not appear to be part of the back/restore process. I rebuilt my XG115W, performed a restore only to find the Assistant was still functional, it was enabled in the backup.

    There appears to have been considerable effort put into developing what appears to be security risk to your XG/S installation. The development effort would have been more value in building IPv6 functionality or fixing the failure to automatically renew IP addressing after a wan link failure, but marketing obviously had a big say in the development of the Assistant that adds nothing to the security functionality of the XG/S.

    My 10c worth.

    Ian

    XG115W - v19.5 GA - Home

    Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Ian i would disagree about this one. What do you mean by security risk? Do you see whatfix (external partner) as a vulnerable vendor? Can you backup this theory? 

    And this external integration is something, which is not provided or maintained by the firewall development team. So it actually did not extract development effort what so ever. 

    __________________________________________________________________________________________________________________

  • LuCar,

    you are allowing an external third party source which you have no control over their security policies access to your Network security device, doesn't sound to secure to me. 

    If the firewall development team were not involved how was the functionality imported and QA tested in the XG? Sort of leaves the Dev team support not having a full underetasting of the security risks involved and how to investigate any issues arising?

    Ian

    XG115W - v19.5 GA - Home

    Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Whatfix offers a Webbased Addon on the firewall webadmin. It is not integrated nor build by Sophos. Whatfix will simply create workflows within the html page. So the tool and the way, this tool works, is not build by Sophos. 

    All Vendors are approved and revisit by several teams within Sophos. See: assets.sophos.com/.../sophos-data-processing-terms-for-suppliers.pdf

    __________________________________________________________________________________________________________________

  • I have never used it because my opinion is such 3rd Party data collections directly on the user front end must not be in a security product. As it tracks many things you do while doing your job on the firewall, I find it most suspicious. Especially when you notice, it sends data to non-Sophos URL - here whatfix and usersnap.

    When ou launched it, it was just there, no information about it, nothing could be adjusted nor could it be disabled.

    So one of the first things was to block it on our firewalls.

    Now with some of the later versions, it can be disabled but I do not trust it. As written, I don't want hard coded 3rd party integrations in a firewall. Sophos now sometimes communicates to do your feature requests with that widget to some anonymous data bucket. Hm, no.

    One of the older threads about it.

    community.sophos.com/.../xg-is-contacting-whatfix-com-when-i-change-firewall-rules

  • didn't used it.
    Security-problem: Every code loaded into a webpage/tab has additional rights ... like recognizing/collecting keyboard activity and others.

    you are allowing an external third party source which you have no control over their security policies access to your Network security device, doesn't sound to secure to me. 

    The answer "... Webbased Addon on the firewall webadmin. It is not integrated nor build by Sophos..." may be correct, ...

    but .... "you are allowing an external third party source which you have no control over to access the configuration page of your Network security device while admin is logged on ...

    I can't find the "option to opt-out of the Sophos Assistant" (from 19MR1 release notes). 


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hi,

    the feature does not appear to be part of the backup/restore process, because mine was enabled after a rebuild and a restore.

    Ian

    XG115W - v19.5 GA - Home

    Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I have never used it. Bit the same as the other answers, why would I trust something like this. Besides that I assume most admins should know how to setup basic things like remote access and site-to-site VPN pretty well.
    When a more sophisticated question arises, then I have always relied on the community forum which usually provides me with very rapid and knowledgeable answers.

    I didn't learn before how to turn it off, but now thanks to the the screenshot by   I have immediately turned it off.

    The assistant is a bit of of solution to a non-existing problem IMHO.


    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • With the recent backdoor that was found on Juniper networks, it makes sense why users do not trust anything that could be exploited from the outside. A few years ago there was also an SQL injection vulnerability that was used to gain access to the XG firewalls webadmin and user portal. Do we really need another reason?

  • Do not forget: You(the person commenting) are actually/most likely not the target group of this tool. 

    I learned this by talking to several admins and partners. Because i could not understand, why somebody use a wizard, if you can gradually setup it yourself. But most people use this tool simply due the fact, they have to do a job and do not have the time to read something. 

    So "most admins should know..." is a not valid statement, if you have one firewall and a partner, which setup your box and you want to do something at your own after one year of runtime. 

    __________________________________________________________________________________________________________________