Sophos Firewall Device Access Configuration

Questions and Answers

Which baud rate is specified for console connection parameters?

• 57,600
• 115,200
• 38,400 (correct)
• 19,200

What is the maximum key length supported for SSH Public Key Authentication on Sophos Firewall?

• 1024 bits
• 2048 bits
• 4096 bits (correct)
• 512 bits

In which log file is the thumbprint of the SSH key recorded after a successful public key authentication?

• /log/sshd.log (correct)
• /log/key.log
• /log/auth.log
• /log/ssh.log

What is required for an administrator to access the CLI after configuring SSH Public Key Authentication?

The corresponding private key must be used. (A)

What is the default behavior of device access regarding services in the WAN zone?

Allow minimal services only. (A)

What is the default IP address for accessing the Sophos Firewall WebAdmin?

172.16.16.16 (C)

Which port does the WebAdmin interface of the Sophos Firewall run on?

4444 (C)

What is the purpose of configuring CAPTCHA for login on the Sophos Firewall?

To prevent unauthorized access (A)

What protocol is used to access the User Portal on the Sophos Firewall?

HTTPS (B)

Which port is used to access the User Portal on the Sophos Firewall?

443 (C)

What is the initial configuration requirement for the default administrator password on the Sophos Firewall?

It is defined during the first setup process (C)

Which aspect of device access management is highlighted in the configuration considerations for Sophos Firewall?

Managing access to Admin services through the Device Access page (C)

What is the default username for accessing the command line interface (CLI) on the Sophos Firewall?

admin (C)

Why might a user need to change the IP address of the management port on the Sophos Firewall?

To connect to the WebAdmin for the initial setup (A)

What should be done with the default password after the initial setup wizard on the Sophos Firewall?

It should be changed to enhance security (D)

Flashcards

Sophos Firewall Default IP

The default IP address of the Sophos Firewall.

WebAdmin

Sophos Firewall's web interface for administrative tasks.

WebAdmin Port

The port used to access the WebAdmin interface of the Sophos Firewall.

WebAdmin URL

The URL used to access the WebAdmin interface of the Sophos Firewall.

Default WebAdmin Username

The default username for accessing the Sophos Firewall's WebAdmin.

Command Line Interface (CLI)

A text-based interface for managing the firewall, accessible via SSH or Console.

SSH

A secure protocol used for remote access to the firewall's CLI.

Console Connection

A physical connection to the firewall, allowing direct access to the CLI.

Default Credentials

The default username and password used for initial access to the firewall.

Baud Rate

A configuration setting that determines the communication speed between a device and a console, often measured in bits per second (bps).

Data Bits

The number of data bits transmitted in each character or byte. A common value is 8 bits.

Stop Bits

A signal that indicates the end of a data transmission unit. A common value is 1.

Parity

A technique used to ensure data integrity during transmission. Common types include 'odd' and 'even.'

Flow Control

A method of controlling the flow of data between devices to prevent data overflow or loss.

Study Notes

Sophos Firewall Device Access Configuration

• Sophos Firewall access is configurable via multiple methods, primarily WebAdmin
• Default IP address is 172.16.16.16 (/24)
• Default port is 4444
• Connection URL: https://<DeviceIP>:4444
• Firewall default administrator username is admin
• Firewall default administrator password is set during initial setup

Administrative Access Security

• Default settings allow LAN zone users to access WebAdmin and SSH logins
• To secure, disable zone-based access to admin services; implement ACLs (Access Control Lists) to allow access to specific network segments via local service ACL exception rules
• Disable unnecessary services in zones to improve security

CAPTCHA Configuration

• CAPTCHA is used on login pages for additional security (especially for WAN and VPN zones)
• Disabling CAPTCHA in the WAN zone is discouraged, as it reduces security against automated attacks
• CAPTCHA functionality can be enabled/disabled globally or for individual zones (WAN, VPN).
• Configuration is managed via console commands (e.g., system captcha-authentication-global [show|enable|disable])

Command Line Interface (CLI) Access

• Sophos Firewall also has a CLI (command-line interface) accessible via SSH or console
• Default credentials: username: admin, password: admin (can be changed on initial setup)
• Console parameters include baud rate (38,400), data bits (8), stop bits (1), and no parity/flow control
• CLI is useful for modifying the device’s IP
• SSH access can be configured using public key authentication

Zone-Based Access Control Lists (ACLs)

• Device access allows defining services permitted within specific zones

• Admin services (administrative access to the Sophos firewall)

• Authentication services (client authentication)

• Networking services (client to firewall, DNS)

• Other services: wireless, VPN, user portal, routing, proxy, mail, SNMP.

Local Service ACL Exceptions

• Device access permits rules for local service ACL exceptions (allowing/blocking services for specified hosts)
• Rules are ordered, with later rules overriding previous ones
• Rules can be applied to either IPv4 or IPv6 (separate rules needed for both if required).

Additional notes about the documents

• Documentation is part of a larger set of guidelines for configuring Sophos Firewall device access.
• Version numbers and copyright details are provided.
• Sophos and related trademarks are clearly identified.
• Duration for topic coverage is included.