This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Assistant - Feedback and Experiences

Hello Community,

The team working the Sophos Assistant (whatfix) would like to know your experience with the Sophos Assistant tool.

  • Have you use it?
  • Were you aware of it?
  • What flow have you tried?
  • What flow would you like to see?
  • What changes/improvements would you make?
  • Anything you would like to report (Flow no working, flow stop working, flow no intituive) 

The Sophos Assitant was launched in Sophos Firewall 18.5 MR2, this new tool was created to provide interactive guides (flows) on configuring modules (simple and complex). 

Some of the current and most popular flows are:

  • DNAT and Firewall Rules for Internal Web Server
  • Remote Access SSL VPN
  • site-to-site IPsec VPN

Understanding the icons in the Sophos Assistant

You'll encounter three different icons in the Sophos Assistant.

Icon Description

Group of configuration flows
Click it to expand its content

 Configuration flow
 External link (mainly to online documentation)



This thread was automatically locked due to age.
Parents
  • Hi,

    I have never used the Assistant, so I cannot comment on its functionality or use. What I can comment on is its annoying presence in the DUI windows. Secondly it does not appear to be part of the back/restore process. I rebuilt my XG115W, performed a restore only to find the Assistant was still functional, it was enabled in the backup.

    There appears to have been considerable effort put into developing what appears to be security risk to your XG/S installation. The development effort would have been more value in building IPv6 functionality or fixing the failure to automatically renew IP addressing after a wan link failure, but marketing obviously had a big say in the development of the Assistant that adds nothing to the security functionality of the XG/S.

    My 10c worth.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Ian i would disagree about this one. What do you mean by security risk? Do you see whatfix (external partner) as a vulnerable vendor? Can you backup this theory? 

    And this external integration is something, which is not provided or maintained by the firewall development team. So it actually did not extract development effort what so ever. 

    __________________________________________________________________________________________________________________

  • LuCar,

    you are allowing an external third party source which you have no control over their security policies access to your Network security device, doesn't sound to secure to me. 

    If the firewall development team were not involved how was the functionality imported and QA tested in the XG? Sort of leaves the Dev team support not having a full underetasting of the security risks involved and how to investigate any issues arising?

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Whatfix offers a Webbased Addon on the firewall webadmin. It is not integrated nor build by Sophos. Whatfix will simply create workflows within the html page. So the tool and the way, this tool works, is not build by Sophos. 

    All Vendors are approved and revisit by several teams within Sophos. See: assets.sophos.com/.../sophos-data-processing-terms-for-suppliers.pdf

    __________________________________________________________________________________________________________________

  • With the recent backdoor that was found on Juniper networks, it makes sense why users do not trust anything that could be exploited from the outside. A few years ago there was also an SQL injection vulnerability that was used to gain access to the XG firewalls webadmin and user portal. Do we really need another reason?

Reply
  • With the recent backdoor that was found on Juniper networks, it makes sense why users do not trust anything that could be exploited from the outside. A few years ago there was also an SQL injection vulnerability that was used to gain access to the XG firewalls webadmin and user portal. Do we really need another reason?

Children
  • Which backdoor are you referring? 

    __________________________________________________________________________________________________________________

  • The code that was used to gain backdoor access to Juniper firewalls.

    The code, which appeared in numerous versions of ScreenOS since mid-2012, is said to "gain administrative access" and "decrypt VPN connections" by using secure shell (SSH), according to the advisory. That would allow a highly-skilled attacker to decrypt data that's flowing through the virtual private network (VPN) connection on the firewall.

    ...

    Researchers believe that even if the National Security Agency wasn't directly to blame for inserting the backdoor code, it was at least helped along by creating a weakness in a cryptographic algorithm used in part by Juniper that allowed the attackers to strike.