Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
______________________________________________________________________________________________________________________________________
Table Of Contents:
Note: Support would not be provided for this tool via Sophos Support
Overview:
The automated audit tool allows you to audit one or more Sophos firewalls for compliance with baseline security settings. The audit compares a defined set of expected settings (the baseline) with each firewall's actual running configuration and produces an HTML report indicating the audit Pass/Fail status.
Installation and Requirement:
The firewall audit can be installed using the Python pip installer. Python 3.9 is the minimum version required on your system prior to installation. We recommend installing it into a Python virtual environment so as not to interfere with any other Python packages installed on your system.
This Recommended Read scenario would use Python 3.12 as interpreter and Pycharm as IDE and will use a Windows environment.
Installation Steps:
Create Python Venv on IDE
python -m venv firewallaudit
Activate the venv on IDE - for Windows
firewallaudit\Scripts\activate.bat
Download the sophos-firewall-audit
pip install sophos-firewall-audit
Note: Windows users may see an error message ModuleNotFoundError: No module named 'pkg_resources' when running the sophosfirewallaudit command. To correct this, run pip install setuptools.
Install setuptools to address the error
pip install setuptools
--help should now run.
Update the firewall.yaml file of your firewall inventory
You may also down the example here: https://github.com/sophos/sophos-firewall-audit/blob/main/firewalls.yaml.example
In here, you may also put more than one firewall on the list using the format:
-hostname: 172.16.16.1
port: 4444
hostname: 34dtmxgsfw1.ddns.net
port: 4444
hostname: 10.153.189.23
port: 4444
Update the auditsettings.yaml file
Example download is available here: https://github.com/sophos/sophos-firewall-audit/blob/main/audit_settings.yaml.example
You may use the default settings, or you may tailor-fit it to your requirements.
Copy/Save the Yaml files into your working directory
Set Credentials on Windows CMD
set FW_USERNAME=<Your firewall username>
set FW_PASSWORD=<Your firewall password>
You may also allow API access to administrators with specific read-write permissions. Kindly refer here: https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/BackupAndFirmware/API/APIAllowAccess/index.html
Note: Kindly ensure you're configuring set on CMD and not in Powershell, When we use set in a powershell prompt, that is setting powershell variables rather than environment variables. The audit script is trying to pull the credentials from the system environment, so it can't find those.
Confirm that API is enabled on the Target Sophos Firewall/s, including the allowed IP Address
Under > Backup and firmware > API > API configuration
Run Audit: sophosfirewallaudit --inventory_file firewalls.yaml --settings_file audit_settings.yaml
After running the command above, the audit process should begin.
View Results locally > results_html_local > index HTML
Viewing Sophos Firewall Audit Report
Related Information:
Further Information—The firewall audit is published as an open-source project on Github and can be installed using the instructions in the repository.
https://github.com/sophos/sophos-firewall-audit
Sophos Firewall API - https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/BackupAndFirmware/API/index.html
______________________________________________________________________________________________________________________________________
Revamping
[edited by: Erick Jan at 7:27 AM (GMT -7) on 17 Oct 2024]
