Hello All, I'm new to the forum and to Sophos. Do any of you grizzled veterans have any advice for housekeeping tasks I should be doing on my Sophos UTM firewall? If so, should I do them daily, weekly or monthly? I'd like to keep it in top notch shape and be aware of what's going on with it at all times.
Thanks
Aside from the executive report, I don't mess with my UTM (and it really should be that way) unless I need to if/when internet drops (which is 99.9% of the time my ISP).
Your setup when done correctly should be just a matter of testing to make sure it checks out after you have things in place (checklists, i.e., SSH turned off, bad rules removed, NAT, etc.) and then for the most part should be maintenance-free other than perhaps a monthly reboot if needed. I could see you needing to check if you were not the only administrator of the UTM, and you may have others playing in something they either don't understand or could be malicious.
I have a weekly report generated by my UTM that gets sent to me via e-mail you can set up to give you a recap of what has been going on with your traffic. It is general information with graphs similar to your UTM dashboard. You can set up the report to be generated other than weekly if you wish. Watching it "at all times" is going to drive you paranoid with connectivity.
Bob's sticky post is also very helpful to check out: DNS best practice - Recommended Reads - UTM Firewall - Sophos Community
It's not a SQL type driven database that has to be maintained all the time. 
Some checks on the dashboard or generated reports should be sufficient, and log into the dashboard as you wish to do. Updated through patterns are downloaded similar to AV, and the system can send you an e-mail/notification when there is an update to the version to be applied.
OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Aside from the executive report, I don't mess with my UTM (and it really should be that way) unless I need to if/when internet drops (which is 99.9% of the time my ISP).
Your setup when done correctly should be just a matter of testing to make sure it checks out after you have things in place (checklists, i.e., SSH turned off, bad rules removed, NAT, etc.) and then for the most part should be maintenance-free other than perhaps a monthly reboot if needed. I could see you needing to check if you were not the only administrator of the UTM, and you may have others playing in something they either don't understand or could be malicious.
I have a weekly report generated by my UTM that gets sent to me via e-mail you can set up to give you a recap of what has been going on with your traffic. It is general information with graphs similar to your UTM dashboard. You can set up the report to be generated other than weekly if you wish. Watching it "at all times" is going to drive you paranoid with connectivity.
Bob's sticky post is also very helpful to check out: DNS best practice - Recommended Reads - UTM Firewall - Sophos Community
It's not a SQL type driven database that has to be maintained all the time. Some checks on the dashboard or generated reports should be sufficient, and log into the dashboard as you wish to do. Updated through patterns are downloaded similar to AV, and the system can send you an e-mail/notification when there is an update to the version to be applied.
OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
