We are using cloud sophos utm ver 9.506-1 on AWS. We have setup the sophos vpn as the gateway to our AWS VPCs. We configured SSL VPN to allow users access to specific resources in specific VPCs. Whenever we add or remove AWS VPCs we need to log into the sophos web admin and manually configure the VPN<--->VPC connection on the sophos utm. For adding a VPC it would involve setting up the following configuration on the sophos:
- Definitions & Users -> Network Definitions
- Define the VPC (i.e bridge-dev-172.15)
- Network protection -> NAT -> NAT
- Add SNAT rule to the VPC (i.e. bridge-dev-172.15)
- (Optional) Definitions & Users -> Service Definitions
- Define the custom service (i.e. mysql port 3360). You may skip this step since most services have already been defined.
- Definitions & Users -> Users & Groups
- Define user groups (i.e. Bridge-Developers group) and add appropriate users to the group.
- Network Protection -> Firewall
- Setup user access to networks and services (i.e. "Bridge-Developers" has access to "any" services on "bridge-dev-172.15" VPC and "bridge-prod-172.31" VPC)
- Remote Access -> SSL -> Profiles
- Setup remote access profiles. (i.e. "bridge" profile allows "Bridge-developers" access to "bridge-dev-172.15" and "bridge-prod-172.31" VPC)
Needless to say this is pretty painful. Rather than having to do this manually we want a way to automate these configurations. Is there a way to do all of this using the sophos REST API or some CLI?
This thread was automatically locked due to age.
