Well, I apparently missed doing this. And there are some important steps here, because the installation for Sophos UTM isn’t as turn key as it could be. There are some specific things you have to do before it’s up and running 95%.
So we are going to cover that here.
Previously, I’ve covered a lot about Sophos and why I love it. The last post was about the firewall, and how to let services through to the outside world. Being able to access these services is a pretty important aspect, and is why I covered that first.
However, this time, I’m going to be covering Port Forwarding, also known as NAT (Network Address Translation). This is just as important, especially for us “home server” guys, as this is how you configure the router to allow you to access internal resources (such as a website) from external sources (aka, the outside world, and how you’re reading this).
Previously I talked about, well how awesome the firewall and intrusion countermeasures in Sophos are. And I didn’t get to how to actually configure them because of the shear amount of content I covered.
This time, we’re going to walk through how to add services to the firewall, and how to lock down or allow traffic through Sophos (your firewall). This includes how to enable Sophos to do the normal “Consumer Router firewall” stuff, as some people are “too lazy*” to set this up properly.
As I said previously, I am going to talk more about Sophos and my adventures with it.
The first part that I need to address is Sophos’ firewall. It’s beyond awesome. But the phrase “draconian” is an absolutely accurate description. During the initial setup wizard, Sophos ask you what services you want to allow by default. The default services it configures Remote Access (RDP, VNC, etc), Instant Messaging, VoIP, Email and Web Surfing. You can select any combination of these services.