We are using cloud sophos utm ver 9.506-1 on AWS. We have setup the sophos vpn as the gateway to our AWS VPCs. We configured SSL VPN to allow users access to specific resources in specific VPCs. Whenever we add or remove AWS VPCs we need to log into the sophos web admin and manually configure the VPN<--->VPC connection on the sophos utm. For adding a VPC it would involve setting up the following configuration on the sophos: Definitions & Users -> Network Definitions Define the VPC (i.e bridge-dev-172.15) Network protection -> NAT -> NAT Add SNAT rule to the VPC (i.e. bridge-dev-172.15) (Optional) Definitions & Users -> Service Definitions Define the custom service (i.e. mysql port 3360). You may skip this step since most services have already been defined. Definitions & Users -> Users & Groups Define user groups (i.e. Bridge-Developers group) and add appropriate users to the group. Network Protection -> Firewall Setup user access to networks and services (i.e. "Bridge-Developers" has access to "any" services on "bridge-dev-172.15" VPC and "bridge-prod-172.31" VPC) Remote Access -> SSL -> Profiles Setup remote access profiles. (i.e. "bridge" profile allows "Bridge-developers" access to "bridge-dev-172.15" and "bridge-prod-172.31" VPC) Needless to say this is pretty painful. Rather than having to do this manually we want a way to automate these configurations. Is there a way to do all of this using the sophos REST API or some CLI?

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to automate sophos configuration?

We are using cloud sophos utm ver 9.506-1 on AWS. We have setup the sophos vpn as the gateway to our AWS VPCs. We configured SSL VPN to allow users access to specific resources in specific VPCs. Whenever we add or remove AWS VPCs we need to log into the sophos web admin and manually configure the VPN<--->VPC connection on the sophos utm. For adding a VPC it would involve setting up the following configuration on the sophos:

Definitions & Users -> Network Definitions
- Define the VPC (i.e bridge-dev-172.15)
Network protection -> NAT -> NAT
- Add SNAT rule to the VPC (i.e. bridge-dev-172.15)
(Optional) Definitions & Users -> Service Definitions
- Define the custom service (i.e. mysql port 3360). You may skip this step since most services have already been defined.
Definitions & Users -> Users & Groups
- Define user groups (i.e. Bridge-Developers group) and add appropriate users to the group.
Network Protection -> Firewall
- Setup user access to networks and services (i.e. "Bridge-Developers" has access to "any" services on "bridge-dev-172.15" VPC and "bridge-prod-172.31" VPC)
Remote Access -> SSL -> Profiles
- Setup remote access profiles. (i.e. "bridge" profile allows "Bridge-developers" access to "bridge-dev-172.15" and "bridge-prod-172.31" VPC)

Needless to say this is pretty painful. Rather than having to do this manually we want a way to automate these configurations. Is there a way to do all of this using the sophos REST API or some CLI?

This thread was automatically locked due to age.

Parents

0 ByronWatson over 5 years ago

Hi Khai,

Thank you very much for posting this message about how to create various Sophos UTM objects using the ReST API. Please visit the following link where you will find the Sophos UTM ReST API reference guide. Sections 5.1 through 5.4 provide information about accessing the UI and seeing the format required to create objects such as SSL Profiles to support remote access as per your requirements, define a network space to support the addition of a new AWS VPC, and Firewall rules.

https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf

Sections 5.1 - 5.4 outline how to access the ReST API <https://<yourSophosUTMAddress>:4444/api. Login credentials will be required or an access token. Once you are logged in, the upper right side of the portal will list a drop down box to select the area you wish to create/modify/delete objects on your Sophos UTM.

Thanks again for posting your message about using the Sophos UTM ReST API.

Cheers,

Byron
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ByronWatson over 5 years ago

Hi Khai,

Thank you very much for posting this message about how to create various Sophos UTM objects using the ReST API. Please visit the following link where you will find the Sophos UTM ReST API reference guide. Sections 5.1 through 5.4 provide information about accessing the UI and seeing the format required to create objects such as SSL Profiles to support remote access as per your requirements, define a network space to support the addition of a new AWS VPC, and Firewall rules.

https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf

Sections 5.1 - 5.4 outline how to access the ReST API <https://<yourSophosUTMAddress>:4444/api. Login credentials will be required or an access token. Once you are logged in, the upper right side of the portal will list a drop down box to select the area you wish to create/modify/delete objects on your Sophos UTM.

Thanks again for posting your message about using the Sophos UTM ReST API.

Cheers,

Byron
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data