Policy to allow Sophos Central - New firewall setup

Hello,

I am new to the Sophos world and have a new SX135W that I am working to get setup. We migrated policies from and older SG230 and now seem to have broken the connection to Sophos Central. I added a rule to permit any traffic to Sophos LiveCentral and it is back to "Connected" but am still unable to select and modify the new firewall. I am not even sure that is the proper way to write the rule and wanted to see about what should be there to allow traffic between the SX and Sophos Central. Also are there any other basic policies I should make sure are added as part of the new config to make sure other services like this work properly?

Thanks in advance ....

Brent

Parents Reply Children
  • It was integrating fine with Sophos Central until we imported the config from the old unit. I will go through the policy config. It would not even show connected until I added the policy to allow traffic to Sophos Live Central. I will be going back through the rules this morning and see what I can find. This is a unit that I inherited so not sure what all the rules are at the moment.

    It did upgrade to the latest firmware so is running V18

    Thanks ,,,

  • In looking at the rules on the firewall, I do have a drop all at the very bottom that is grayed out and so far unable to change or delete. Thoughts on how to remove this if that is the issue?

    Brent

  • Hi,

    the bottom rule is a default drop all, you cannot delete it. The rule was displayed after e number of posts complained that the drop all default rule was not visible and causing people to create extra rules.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hello Brent, 

    Thank you for the follow-up.

    Please provide the output of the following 3 commands:

    # central-register --status

    # openssl s_client -connect utm.cloud.sophos.com:443

    (For this one, just copy the lines until before --BEGIN CERTIFICATE--

    # wget -O /dev/null utm.cloud.sophos.com

    And if the XG is showing in Central, and if you are able to click to access to it, please run the following command in the XG while you are tying to access 

    # tcpdump -nei any host utm-cloudstation-us-east-2.prod.hydra.sophos.com

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • XG135w_XN02_SFOS 18.0.1 MR-1-Build396# central-register –status

     

    This SFOS instance is currently registered with Sophos Central

     

      access_token        : ee0c658713627d65c0fd6e0253ef798283b8a0b7

      device_uuid         : c341194b-c0dc-4c87-ad7c-6c6747ba6b47

      pic_uri             : utm-cloudstation-us-east-2.prod.hydra.sophos.com

      refresh_token       : ALWad8ogMxKzKbTS5jViDNcQ2mqGR00vn4BmJpHn9_00bsBJeE3cqMrk7AO7mrpb16OsQ1dg5JcxWqvPnp4MXg9hoK9YBC8nucHpPgRSpRngIUREVey2DabLUiQOWVbRdV_O7nSXrkSpAvhU3bdM_CA

     

    XG135w_XN02_SFOS 18.0.1 MR-1-Build396# openssl s_client -connect utm.cloud.sophos.com:443

     

    CONNECTED(00000003)

    depth=4 C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority

    verify return:1

    depth=3 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2

    verify return:1

    depth=2 C = US, O = Amazon, CN = Amazon Root CA 1

    verify return:1

    depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon

    verify return:1

    depth=0 CN = central.sophos.com

    verify return:1

    ---

    Certificate chain

     0 s:/CN=central.sophos.com

       i:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon

     1 s:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon

       i:/C=US/O=Amazon/CN=Amazon Root CA 1

     2 s:/C=US/O=Amazon/CN=Amazon Root CA 1

       i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2

     3 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2

       i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority

    ---

    Server certificate

     

     

    wget -O /dev/null utm.cloud.sophos.com

     

    HTTP/1.1 400 Bad Request

    Server: awselb/2.0

    Date: Tue, 20 Oct 2020 13:36:00 GMT

    Content-Type: text/html

    Content-Length: 122

    Connection: close

     

    <html>

    <head><title>400 Bad Request</title></head>

    <body>

    <center><h1>400 Bad Request</h1></center>

    </body>

    </html>

    read:errno=0

    XG135w_XN02_SFOS 18.0.1 MR-1-Build396# wget -O /dev/null utm.cloud.sophos.com

    --2020-10-20 09:36:47--  http://utm.cloud.sophos.com/

    Resolving utm.cloud.sophos.com... 54.77.40.69, 52.214.208.237, 63.35.127.231

    Connecting to utm.cloud.sophos.com|54.77.40.69|:80... connected.

    HTTP request sent, awaiting response... 301 Moved Permanently

    Location: utm.cloud.sophos.com:443/ [following]

    --2020-10-20 09:36:51--  https://utm.cloud.sophos.com/

    Connecting to utm.cloud.sophos.com|54.77.40.69|:443... connected.

    HTTP request sent, awaiting response... 302

    Location: /login [following]

    --2020-10-20 09:36:51--  utm.cloud.sophos.com/login

    Reusing existing connection to utm.cloud.sophos.com:443.

    HTTP request sent, awaiting response... 302

    Location: /manage/login [following]

    --2020-10-20 09:36:52--  utm.cloud.sophos.com/.../login

    Reusing existing connection to utm.cloud.sophos.com:443.

    HTTP request sent, awaiting response... 200

    Length: unspecified [text/html]

    Saving to: '/dev/null'

     

    /dev/null                            [ <=>                                                       ]  14.29K  --.-KB/s    in 0.1s   

     

    2020-10-20 09:36:52 (110 KB/s) - '/dev/null' saved [14637]

  • Hello Brent,

    Thank you for the output of the commands. They seem correct.

    Could you please Deregister Central Sync from the XG itself and then remove the XG from Sophos Central, and then re-register Sophos Central in the XG first and then in Sophos Central. Make sure you have access to the email used in the XG to register Sophos Central.

    If after this the issue remains let me know.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.