Sophos Firewall Maintenance

1. Firewalls

1.1. Real Environment

10.10.1.170 SMRU-SFW-MRM
10.20.1.170 SMRU-SFW-MRH
10.30.1.170 SMRU-SFW-TST
192.168.25.170 SMRU-SFW-MKT
192.168.26.170 SMRU-SFW-MLA
192.168.27.170 SMRU-SFW-WPA
192.168.28.170 SMRU-SFW-MSL
192.168.29.170 SMRU-SFW-HPH
192.168.30.170 SMRU-SFW-SKK
192.168.31.170 SMRU-SFW-MKU

2. Inventory

Log in as admin using PuTTY.
Select Device Management.
Select Advanced Shell.

Enter the following commands at a Command Line with root privileges.

DELTA_LINUX_TOOLS="/media/Windows/Software/_Delta/Delta-Linux-Tools-#.#.#"
scp -p smru@10.10.1.2:$DELTA_LINUX_TOOLS/sbin/show-inventory .
sh ./show-inventory
scp -p smru-* smru@10.10.1.2:/home/Other/Inventory/_Servers
exit

3. Settings

3.1. Linux

Enter the following commands at a Command Line.

sudo apt-get install curl xsltproc
mkdir -p /home/Other/Sophos/YYYY-MM-DD
cd /home/Other/Sophos/YYYY-MM-DD
get-sophos-api

Enter the following commands at a Command Line.

sudo apt-get install curl xsltproc
cd /media/sf_D_DRIVE/Tmp
get-sophos-api

3.2. Windows

Log on as Administrator on the TBHF-SYS-MRM server.

Enter the following commands at a Command Prompt.

Get-SophosApi smru-sfw-mrm FirewallRule       | Out-Unix C:\Tmp\smru-sfw-mrm-FirewallRule.xml
Get-SophosApi smru-sfw-mrm FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-mrm-FirewallRuleGroup.xml
Get-SophosApi smru-sfw-mrm NATRule            | Out-Unix C:\Tmp\smru-sfw-mrm-NATRule.xml
Get-SophosApi smru-sfw-mrm SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-mrm-SSLVPNPolicy.xml
Get-SophosApi smru-sfw-mrm VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-mrm-VPNIPSecConnection.xml

Get-SophosApi smru-sfw-mrh FirewallRule       | Out-Unix C:\Tmp\smru-sfw-mrh-FirewallRule.xml
Get-SophosApi smru-sfw-mrh FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-mrh-FirewallRuleGroup.xml
Get-SophosApi smru-sfw-mrh NATRule            | Out-Unix C:\Tmp\smru-sfw-mrh-NATRule.xml
Get-SophosApi smru-sfw-mrh SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-mrh-SSLVPNPolicy.xml
Get-SophosApi smru-sfw-mrh VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-mrh-VPNIPSecConnection.xml

Get-SophosApi smru-sfw-mkt FirewallRule       | Out-Unix C:\Tmp\smru-sfw-mkt-FirewallRule.xml
Get-SophosApi smru-sfw-mkt FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-mkt-FirewallRuleGroup.xml
Get-SophosApi smru-sfw-mkt NATRule            | Out-Unix C:\Tmp\smru-sfw-mkt-NATRule.xml
Get-SophosApi smru-sfw-mkt SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-mkt-SSLVPNPolicy.xml
Get-SophosApi smru-sfw-mkt VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-mkt-VPNIPSecConnection.xml

Get-SophosApi smru-sfw-mla FirewallRule       | Out-Unix C:\Tmp\smru-sfw-mla-FirewallRule.xml
Get-SophosApi smru-sfw-mla FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-mla-FirewallRuleGroup.xml
Get-SophosApi smru-sfw-mla NATRule            | Out-Unix C:\Tmp\smru-sfw-mla-NATRule.xml
Get-SophosApi smru-sfw-mla SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-mla-SSLVPNPolicy.xml
Get-SophosApi smru-sfw-mla VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-mla-VPNIPSecConnection.xml

Get-SophosApi smru-sfw-wpa FirewallRule       | Out-Unix C:\Tmp\smru-sfw-wpa-FirewallRule.xml
Get-SophosApi smru-sfw-wpa FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-wpa-FirewallRuleGroup.xml
Get-SophosApi smru-sfw-wpa NATRule            | Out-Unix C:\Tmp\smru-sfw-wpa-NATRule.xml
Get-SophosApi smru-sfw-wpa SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-wpa-SSLVPNPolicy.xml
Get-SophosApi smru-sfw-wpa VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-wpa-VPNIPSecConnection.xml

Get-SophosApi smru-sfw-msl FirewallRule       | Out-Unix C:\Tmp\smru-sfw-msl-FirewallRule.xml
Get-SophosApi smru-sfw-msl FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-msl-FirewallRuleGroup.xml
Get-SophosApi smru-sfw-msl NATRule            | Out-Unix C:\Tmp\smru-sfw-msl-NATRule.xml
Get-SophosApi smru-sfw-msl SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-msl-SSLVPNPolicy.xml
Get-SophosApi smru-sfw-msl VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-msl-VPNIPSecConnection.xml

Get-SophosApi smru-sfw-hph FirewallRule       | Out-Unix C:\Tmp\smru-sfw-hph-FirewallRule.xml
Get-SophosApi smru-sfw-hph FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-hph-FirewallRuleGroup.xml
Get-SophosApi smru-sfw-hph NATRule            | Out-Unix C:\Tmp\smru-sfw-hph-NATRule.xml
Get-SophosApi smru-sfw-hph SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-hph-SSLVPNPolicy.xml
Get-SophosApi smru-sfw-hph VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-hph-VPNIPSecConnection.xml

Get-SophosApi smru-sfw-skk FirewallRule       | Out-Unix C:\Tmp\smru-sfw-skk-FirewallRule.xml
Get-SophosApi smru-sfw-skk FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-skk-FirewallRuleGroup.xml
Get-SophosApi smru-sfw-skk NATRule            | Out-Unix C:\Tmp\smru-sfw-skk-NATRule.xml
Get-SophosApi smru-sfw-skk SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-skk-SSLVPNPolicy.xml
Get-SophosApi smru-sfw-skk VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-skk-VPNIPSecConnection.xml

Get-SophosApi smru-sfw-mku FirewallRule       | Out-Unix C:\Tmp\smru-sfw-mku-FirewallRule.xml
Get-SophosApi smru-sfw-mku FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-mku-FirewallRuleGroup.xml
Get-SophosApi smru-sfw-mku NATRule            | Out-Unix C:\Tmp\smru-sfw-mku-NATRule.xml
Get-SophosApi smru-sfw-mku SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-mku-SSLVPNPolicy.xml
Get-SophosApi smru-sfw-mku VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-mku-VPNIPSecConnection.xml

Log in as Administrator on the SMRUNB-AD12 notebook.
Make sure the IP address is 10.30.1.2.

Enter the following commands at a Command Prompt.

Get-SophosApi 10.30.1.170 FirewallRule       | Out-Unix C:\Tmp\smru-sfw-dev-FirewallRule.xml
Get-SophosApi 10.30.1.170 FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-dev-FirewallRuleGroup.xml
Get-SophosApi 10.30.1.170 NATRule            | Out-Unix C:\Tmp\smru-sfw-dev-NATRule.xml
Get-SophosApi 10.30.1.170 SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-dev-SSLVPNPolicy.xml
Get-SophosApi 10.30.1.170 VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-dev-VPNIPSecConnection.xml

Get-SophosApi 192.168.32.170 FirewallRule       | Out-Unix C:\Tmp\smru-sfw-mku-FirewallRule.xml
Get-SophosApi 192.168.32.170 FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-mku-FirewallRuleGroup.xml
Get-SophosApi 192.168.32.170 NATRule            | Out-Unix C:\Tmp\smru-sfw-mku-NATRule.xml
Get-SophosApi 192.168.32.170 SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-mku-SSLVPNPolicy.xml
Get-SophosApi 192.168.32.170 VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-mku-VPNIPSecConnection.xml

Get-SophosApi 192.168.33.170 FirewallRule       | Out-Unix C:\Tmp\smru-sfw-msb-FirewallRule.xml
Get-SophosApi 192.168.33.170 FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-msb-FirewallRuleGroup.xml
Get-SophosApi 192.168.33.170 NATRule            | Out-Unix C:\Tmp\smru-sfw-msb-NATRule.xml
Get-SophosApi 192.168.33.170 SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-msb-SSLVPNPolicy.xml
Get-SophosApi 192.168.33.170 VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-msb-VPNIPSecConnection.xml

Get-SophosApi 192.168.34.170 FirewallRule       | Out-Unix C:\Tmp\smru-sfw-tst-FirewallRule.xml
Get-SophosApi 192.168.34.170 FirewallRuleGroup  | Out-Unix C:\Tmp\smru-sfw-tst-FirewallRuleGroup.xml
Get-SophosApi 192.168.34.170 NATRule            | Out-Unix C:\Tmp\smru-sfw-tst-NATRule.xml
Get-SophosApi 192.168.34.170 SSLVPNPolicy       | Out-Unix C:\Tmp\smru-sfw-tst-SSLVPNPolicy.xml
Get-SophosApi 192.168.34.170 VPNIPSecConnection | Out-Unix C:\Tmp\smru-sfw-tst-VPNIPSecConnection.xml

4. Update

Log in as admin using PuTTY.
Enter the following commands at a Command Line with root privileges.
```
exit
```

Sophos Firewall Maintenance

Home

1. Firewalls

1.1. Real Environment

2. Inventory

3. Settings

3.1. Linux

3.2. Windows

4. Update