This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Noob on utm

Hello.

I am new on Sophos utm and I need a bit of help from you guys.

I managed to make it run with a few rules.

I have a lan for my pc, server and a few small nas, IP …,...,23,...

I have another lan for my wifi IP …,...,0,... for some gadgets (xiaomi vaccum,xiaomi sensors,xiaomi gateway,HUE,mobile phones,smart tv )

My mobile talk with the hue bridge but with xiaomi don't.

My Sophos is on a pc and I use an separate ethernet port to give ip to hp 8 port switch(4 for locals and 4 for wifi) with 2 vlans for the 2 ip ranges.

The wifi is spread by a tp link AP.

Hope my message is not to messed up and you guys can help me a bit.

Thx in advance

Raz

This thread was automatically locked due to age.

Parents

0 PhilippRusch over 4 years ago

Hello Raz,

welcome! What you can do is simply try things out and watch the Firewall "Live Log" under "Network protection". You can learn from there, which traffic is caused by your internal devices und what you should do to allow some of the traffic it blocks. The next important thing is DNS and DNS-forwarding, follwed by NAT-rules ("Masquerading") for your internal clients to be abel to reach the internet.

I highly recommend the "Rulz" BAlfson has put together over the years, see this link: https://community.sophos.com/products/unified-threat-management/f/general-discussion/22065/rulz

Even if you don't understand all that is described there, you can just pick them one after the other to get things going.

Good luck!

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Turloiu Razvan over 4 years ago in reply to PhilippRusch

Thank you.

I will try to understand the rules :)

And BTW Sophos rules even for a newb it look like is having huge potentials as soon as u get to understand it
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 4 years ago in reply to Turloiu Razvan

Geiasou Raz and welcome to the UTM Community!

You will also want to consider the general approach of DNS best practice.

Cheers - Bob
PS Thanks, Philipp, for the vote of confidence!

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Turloiu Razvan over 4 years ago in reply to BAlfson

Iv read the rules but still not able to do what I want :(

From web filtering logs I get

url="https://de.api.io.mi.com/" referer="" error="" authtime="0" dnstime="8" aptptime="207" cattime="0" avscantime="0" fullreqtime="172408"

and I'm totally lost :(
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Turloiu Razvan over 4 years ago in reply to BAlfson

Iv read the rules but still not able to do what I want :(

From web filtering logs I get

url="https://de.api.io.mi.com/" referer="" error="" authtime="0" dnstime="8" aptptime="207" cattime="0" avscantime="0" fullreqtime="172408"

and I'm totally lost :(
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 PatrickLee over 4 years ago in reply to Turloiu Razvan

I have a bunch of Xiaomi IoT in my network environment. Its a bit tricky to get it to work. The way I do it to initially assigned an IP address based on the MAC address and setup a FW rule for outbound traffic and open FW live log to see what port needs to open. After your IoT is connected, then locked it down to that specific port. Takes some time to get use to.

I have all my Xiaomi IoT in a separate network from my Internal LAN

BTW, I have Xiaomi (gateway, door/window sensor, smart light, universal remote, air filter, etc..)

Good Luck
Cancel
Vote Up 0 Vote Down

Cancel
0 Turloiu Razvan over 4 years ago in reply to PatrickLee

Dear Patrick

First of all thank you so much for taking the time to answer to my post.

Each IOT in my network is having an static IP but still no luck.

I start thinking that my tplink is against xiaomi :)

Will you be so kind and give me a live example (cuz I got my ears stuck on the xiaomi )

P.S. I have the same

QUOTE

"BTW, I have Xiaomi (gateway, door/window sensor, smart light, universal remote, air filter, etc..)

and since utm they are off :(

Best

Raz
Cancel
Vote Up 0 Vote Down

Cancel
0 PatrickLee over 4 years ago in reply to Turloiu Razvan

all my Xiaomi is going out on UDP port 8053. Noticed I don't have all my sensors included in the FW rule, because they communicate directly with the gateway.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 4 years ago in reply to Turloiu Razvan

Raz, please post the entire Web Filtering log line corresponding to what you posted about 3-1/2 hours ago. If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51. That lets us see immediately which IPs are local and which are identical.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Turloiu Razvan over 4 years ago in reply to BAlfson

2019:12:13-19:08:26 sophos httpproxy[12276]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.x.x" dstip="35.157.42.148" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5652" request="0xd061ce00" url="https://de.api.io.mi.com/" referer="" error="" authtime="0" dnstime="51135" aptptime="166" cattime="229" avscantime="0" fullreqtime="250497" device="0" auth="0" ua="" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" country="Germany"
Cancel
Vote Up 0 Vote Down

Cancel
0 Turloiu Razvan over 4 years ago in reply to PatrickLee

Thank you for your time.

Looks like i'm under noob level cuz I can't manage to make it work.

I made a group for my xiaomi devices and with UDP allow I'm still not able to reach them.
Cancel
Vote Up 0 Vote Down

Cancel
0 PatrickLee over 4 years ago in reply to Turloiu Razvan

Post your FW live log and narrow to the IP address of your gateway similar to example below
Cancel
Vote Up 0 Vote Down

Cancel
0 Turloiu Razvan over 4 years ago in reply to PatrickLee

Right now is not even showing any FW activities on the gateway ip.

Only the ip of the phone that is trying to add the gateway to the mihome app.

:(
Cancel
Vote Up 0 Vote Down

Cancel
0 PatrickLee over 4 years ago in reply to Turloiu Razvan

Temporary create a top FW rule allowing your mobile phone and Mi Gateway IPs for outbound traffic as in example below

phone / gateway ----> any ----> any

reset your gateway and connect to your phone

once your gateway is added to your phone via Mi Home app, then apply the previous mentioned FW rule.
Cancel
Vote Up 0 Vote Down

Cancel