This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Noob on utm

Hello.

I am new on Sophos utm and I need a bit of help from you guys.

I managed to make it run with a few rules.

I have a lan for my pc, server and a few small nas, IP …,...,23,...

I have another lan for my wifi IP …,...,0,... for some  gadgets (xiaomi vaccum,xiaomi sensors,xiaomi gateway,HUE,mobile phones,smart tv )

My mobile talk with the hue bridge but with xiaomi don't.

My Sophos is on a pc and I use an separate ethernet port to give ip to  hp 8 port switch(4 for locals and 4 for wifi) with 2 vlans for the 2 ip ranges.

The wifi is spread by a tp link AP.

Hope my message is not to messed up and you guys can help me a bit.

 

Thx in advance

Raz



This thread was automatically locked due to age.
Parents
  • Hello Raz,

    welcome! What you can do is simply try things out and watch the Firewall "Live Log" under "Network protection". You can learn from there, which traffic is caused by your internal devices und what you should do to allow some of the traffic it blocks. The next important thing is DNS and DNS-forwarding, follwed by NAT-rules ("Masquerading") for your internal clients to be abel to reach the internet.

    I highly recommend the "Rulz" BAlfson has put together over the years, see this link: https://community.sophos.com/products/unified-threat-management/f/general-discussion/22065/rulz

    Even if you don't understand all that is described there, you can just pick them one after the other to get things going.

    Good luck!

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello Raz,

    welcome! What you can do is simply try things out and watch the Firewall "Live Log" under "Network protection". You can learn from there, which traffic is caused by your internal devices und what you should do to allow some of the traffic it blocks. The next important thing is DNS and DNS-forwarding, follwed by NAT-rules ("Masquerading") for your internal clients to be abel to reach the internet.

    I highly recommend the "Rulz" BAlfson has put together over the years, see this link: https://community.sophos.com/products/unified-threat-management/f/general-discussion/22065/rulz

    Even if you don't understand all that is described there, you can just pick them one after the other to get things going.

    Good luck!

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
  • Thank you.

    I will try to understand the rules :)

    And BTW Sophos rules even for a newb it look like is having huge potentials as soon as u get to understand it

  • Geiasou Raz and welcome to the UTM Community!

    You will also want to consider the general approach of DNS best practice.

    Cheers - Bob
    PS Thanks, Philipp, for the vote of confidence!

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Iv read the rules but still not able to do what I want :(

    From web filtering logs I get 

    url="https://de.api.io.mi.com/" referer="" error="" authtime="0" dnstime="8" aptptime="207" cattime="0" avscantime="0" fullreqtime="172408" 

    and I'm totally lost :(

  • I have a bunch of Xiaomi IoT in my network environment.  Its a bit tricky to get it to work.  The way I do it to initially assigned an IP address based on the MAC address and setup a FW rule for outbound traffic and open FW live log to see what port needs to open.  After your IoT is connected, then locked it down to that specific port.  Takes some time to get use to. 

    I have all my Xiaomi IoT in a separate network from my Internal LAN

    BTW, I have Xiaomi (gateway, door/window sensor, smart light, universal remote, air filter, etc..)

    Good Luck

  • Dear Patrick

    First of all thank you so much for taking the time to answer to my post.

    Each IOT in my network is having an static IP but still no luck.

    I start thinking that my tplink is against xiaomi :)

    Will you be so kind and give me a live example (cuz I got my ears stuck on the xiaomi )

     

    P.S. I have the same

    QUOTE

    "BTW, I have Xiaomi (gateway, door/window sensor, smart light, universal remote, air filter, etc..)

    and since utm they are off :(

     

    Best

    Raz

  • all my Xiaomi is going out on UDP port 8053.  Noticed I don't have all my sensors included in the FW rule, because they communicate directly with the gateway.

  • Raz, please post the entire Web Filtering log line corresponding to what you posted about 3-1/2 hours ago.  If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51.  That lets us see immediately which IPs are local and which are identical.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 2019:12:13-19:08:26 sophos httpproxy[12276]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.x.x" dstip="35.157.42.148" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5652" request="0xd061ce00" url="https://de.api.io.mi.com/" referer="" error="" authtime="0" dnstime="51135" aptptime="166" cattime="229" avscantime="0" fullreqtime="250497" device="0" auth="0" ua="" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" country="Germany"

  • Thank you for your time.

    Looks like i'm under noob level cuz I can't manage to make it work.

    I made a group for my xiaomi devices and with UDP allow I'm still not able to reach them.

  • Post your FW live log and narrow to the IP address of your gateway similar to example below