UPDATE: Part 5 – SSL VPN is now available.
In the first and second posts in this series, we stepped through the installation of the Sophos UTM. Two weeks ago, we finished up the setup process. Now, we’re going to start exploring the meat and potatoes of Sophos’ free UTM solution. This week, I’m going to cover establishing definitions and rules.
It is possible to define a variety of objects within the UTM. In this post, we are going to focus in on Network and Service Definitions. For convenience and ease-of-use, Sophos UTM comes with a myriad of pre-defined Network and Service objects, but you will inevitably want to add your own. The first step is to click on “Definitions & Users” from the vertical menu on the left-hand side of the Dashboard as seen in the figure on the left.
The Definitions Overview screen provides totals for existing Network and Service definitions and gives a breakdown of the subcategories for both.
Clicking on “Network Definitions” on the left-hand side will drop you onto a page which lists all Network definitions including Networks, Hosts, DNS Hosts/Groups, and Groups. It is possible to search for specific definitions or filter out unwanted results using the provided drop down menu and search box at the top of the screen. By default, the page only lists ten definitions at a time, but there is a separate drop down box that can increase the results by factors of ten up to “All.”
Clicking on the “+ New Network Definitions” button will open up a new frame in which parameters can be set for a new Network object. First, set a name for your new object. Use the “Type” drop down box to select the subcategory under which your object will fall. In this case, we’ll step through a “Host” object.
The various fields for a Host definition can be seen in the figure on the right. I find Hosts to be particularly useful. If you choose to use your Sophos UTM as a DHCP server, you will use Host objects to define static IP addresses for the various devices and systems on your network.
The IPv4 Address field is for establishing an IP address for your object; obviously, make sure it matches the schema of the network segment in which it will sit. Add a MAC address by pushing the ‘+’ symbol. Be sure to include colons between the octets (and click “Apply” when you are finished). Feel free to add wireless and wired MAC addresses for your object if your wired and wireless networks share the same IP range and you would like to set one IP per object regardless of connection type.
If you would like to use DNS internally, set your Hostname appropriately (and check “Reverse DNS” if you so desire). I tend to use the Comment field to mark the physical location of the device (who doesn’t need a computer in the bathroom?).
Finally, Under “Advanced,” a specific Interface on the UTM can be set. For instance, if you have installed multiple NICs in your UTM and have separate networks for each, this might be a useful option for you.
Other Network definitions can be set in a similar fashion.
Creating a new Service definition is slightly more straightforward, as there are no differences between the TCP, UDP, and TCP/UDP subcategories. Clicking on “Service Definitions” on the left-hand menu will place you on a page with a list of Service definitions similar to the Network Definitions overview page.
There will be many pre-defined services, so always thoroughly check the list before creating a new service. It can be sorted and searched just as the Network definition list could be. Additionally, there are Groups of services on the list (represented by a network folder icon as seen in “File Transfer” in the figure above). These are particularly useful when creating Firewall Rules (see the next section).
To create a new Service object, click on the “+ New Service Definition” button above the list. A new frame will expand on the left. Fill in the categories as you wish. Make sure that you name the service appropriately so that you do not forget what it was for at a later time. I have been guilty of this myself and ended up with two or three of the same services defined differently. The comment field can also be helpful in this regard, particularly if multiple services make use of the same ports (ie: FaceTime and the PSN have some commonalities which I occasionally mark in the Comment field).
Once all of your definitions are put into place, you can move onto creating a Firewall Rule to accommodate them.
One of the most appealing and useful features of the Sophos UTM is it’s firewall functionality. To access the firewall setup, click on “Network Protection” on the left-hand side of the Dashboard. You will be presented with an Overview screen that summarizes the most dropped packets and destinations for the day.
To access the list of current firewall rules (in a manner similar to the Network and Service definition sections), click on “Firewall” under “Network Protection” on the left. The rules can be sorted and filtered using the techniques discussed in the previous sections.
The process of adding a rule is very straightforward. Following the pattern established earlier, click on the “+ New Rule” button. There are really only three main parts to a firewall rule: source, service, and destination. While it is possible to create new objects for each of these items on the fly by clicking the ‘+’ button, if you click the folder icon instead, a list of previously-created objects will appear on the left-hand side of the screen. Simply drag-and-drop your desired objects into place.
For instance, if you want to be able to get to a specific FTP server internally from another internal workstation (and only that host), drop the host name of the FTP server in the Destination box, FTP service in the Services box, and your workstation Host in the Sources box.
Rules can be grouped together for convenience which I highly recommend.
The next Sophos UTM Home Edition post will cover the setup for an SSL VPN. Super easy, super useful.