Sophos UTM

Since these guides have become fairly popular, created a dedicated index page for all of the guides seemed like a very good idea.

So, from start to finish, here are the guides:

  1. Installing Sophos UTM
  2. My Adventures with Sophos
  3. Sophos and a Draconian Firewall
  4. Learning to use Sophos’ Firewall
  5. Port Forwarding (NAT) With Sophos
  6. An exercise in frustration: Setting up Web Filtering on Sophos UTM
  7. An Exercise in Frustration: Setting up Web Filter Certificates in Sophos UTM
  8. An Exercise in Frustration: Fine Tuning the Web Filter in Sophos UTM
  9. Sophos UTM and Wireless Access Points

24 thoughts on “Sophos UTM”

  1. Awesome work! I’m in the process of setting up several UTM’s in an enterprise environment, and your posts have helped me immensely.

          1. Thank you so much really i appreciate, i will grateful too if you told me a method to block software proxy such as psiphon 3 , ultrasurf, i tried to block Ultrasurf using app control but actually users they can pass to blocked websites

  2. Drashna, I just downloaded the UTM Home Edition also. I wanted to see if you had enabled the EMAIL part. I use GMAIL and Outlook on my local PC. Have you setup the Mail Security section yet? Just wanted to see your experience.

    1. I’ve just used the default settings. Though, I’ve had issues with them. But I do want to look into setting up the email stuff, as it would be nice to filter out spam mail on my home network!

  3. Drashna, Thank you for putting this together. I just got the parts needed to put together my new router for the UTM Home Edition (actually duplicate hardware that currently have for my pfSense router). Want to get UTM running and working before I tear down pfSense. At the same time I will be tearing down the network rack and putting it in a structured enclosure. Look forward to following these guidelines. 🙂

    1. You are very welcome.

      And, well I have a decent track record for writing guides. Been doing it for a while. And it not only helps out others (which I enjoy), but I use my own guides frequently, as they’re easy to reference (I’ve installed Sophos for 2-3 friends, actually).

      1. Do you still maintain that for us using Windows Essentials 2012 R2 that we maintain DHCP and DNS on the server and not enable it on Sophos?

        1. For DNS, absolutely. Since Windows Server Essentials requires a properly configured DNS server, it’s better to use it’s built in one.

          As for DHCP, it doesn’t really matter. As long as you configure it to hand out the WSE server as the primary DNS, it simplifies the network setup (you don’t have to worry about the DNS auto updater thing in the Connector software).

  4. Got UTM Home Edition installed – needed to run Kevin Fonda’s tip and also it is posted over on Network Guy Blog (http://networkguy.de/?p=728). Took a while to get it installed though because I was trying to use a Corsair 128GB SSD and kept getting a failed to install error. Looked at the log (Alt-F4) and saw that the /dev/sda1 device was being used by the system. Could not figure out why, so I swapped out the drive for another (OCZ 60GB SSD) and then I was able to install.

    Now to setup the DNS portion to point to S2012R2E, this is a bit different than pfSense, so I hope I am in the right area. I go to Network Services -> DNS. From reading the text in the settings “I will be removing “Internal (Network)” from Global -> Allowed Networks and then add my S2012R2E server in the Forwarders tab, setting Name, Type = Host, IP address of the server, leave DHCP Settings and DNS Settings blank and under Advanced set Interface to Internal. Also I believe that I would uncheck “User forwarders assigned by ISP”.

    Is this correct?

    1. Okay, something screwy here. I seem to have the DNS settings messed up – need some help here to figure out what to set. I am using S2012R2E – It would seem that I lost my internet for about 20 minutes – so I want make sure that have it set correctly.

  5. Check both the server’s settings and the DHCP server on Sophos.

    For the server, check the IP address information. Set a static IP address for the server. Set the DNS setting to itself (127.0.0.1, and the static IP, you’ve set).

    Then open the Administrative tools, and open the DNS settings. Right click on the server’s name and select properties.
    There should be a “Forwarder” tab. Delete all the entries and set this to your Sophos box’s IP address.

    Then on Sophos, open the “Network Services” section and select “DHCP”.
    Set the DHCP options to use the server’s IP address as the primary server, and then set the secondary DNS server info to be the Sophos box’s IP address.

    What this will do is tell the clients to look at your server for DNS info. This will ensure that the domain stuff will work properly.
    Then the server looks at Sophos for that information (which looks at your ISP’s DNS info).
    However, if the server is down… instead of breaking the internet for you … it will fail over to Sophos directly.
    This is probably want failed here.

    Additionally, by doing this, this should prevent the DNS Autoconfig stuff from Essentials from messing with your internet, as well.

    1. I followed these instructions for setting the DNS entries on the Sophos box – https://www.sophos.com/en-us/support/knowledgebase/120283.aspx

      For the server I followed your recommendations – the one thing I did notice when I switched to Sophos for my router the original entries (OpenDNS) that I used for my forwarders no longer resolved.

      Everything is working – but I am confused about nslookup – if I do a lookup for http://www.google.com it comes back from my server as

      Name: http://www.google.com.
      Address: 5.22.149.135

      The IP address turns out to be a moniker.com address. But I can ping http://www.google.com and get the correct address.

      Is there something wrong here?

  6. I like the read. I have had a UTM installed for over a year now and seem to be getting the hang of it now. I have one question that I may put to you. I keep getting these type of errors in my web protection log:

    2016:04:29-14:33:05 salkeldfam httpproxy[5603]: id=”0003″ severity=”info” sys=”SecureWeb” sub=”http” request=”(nil)” function=”http_parser_context_execute” file=”http_parser_context.c” line=”97″ message=”Unable to parse a http message of 291 bytes (HPE_INVALID_METHOD: invalid HTTP method)”

    Not sure if you have seen these before but I can now seem to fine where the rule is that is causing this. Is there a way to edit the http_parser_context.c file and find line 97 to see what is happening and resolve it?

    Any help would be greatly appreicated.

    thanks

    1. Unfortunately, I suspect that this is an issue with the web filter code, and that you may need to open a ticket with Sophos to get this resolved.

      The “http_parser_context.c” refers to the source code, specifically. And yeah, I’ve seen this issue before, but am not sure what it is aside from an internal handling error.

Leave a Reply