In this post I will be going over how to configure the Sophos UTM software appliance that we install here
– We created two virtual switches, one for our internal Lab network, and one for the WAN.
– We created a new VM and installed Sophos UTM.
Feel free to read along below, or follow my YouTube video here.
Thinking logically, we actually do not currently have a way to configure the Sophos UTM, since we have no other devices on that “Sophos – Private” network! Not to worry though, we are about to start now.
In this lab we will be using software and Operating Systems provided by Microsoft. You can find links to the free trials on my blog posting here
Our lab will consist of multiple Windows Server installations and because of this it will be easier to have a centralized place to manage them from – instead of having to individually log into each server directly.
Let’s create the management VM!
1) Create a new Hyper-V VM with Windows Server 2012 R2
Here are my VM settings:
- VM Name: Lab1-Mgmt1 – Easy name to remember this is a management PC
- Generation 2, SecureBoot Off
- 3GB of RAM, not Dynamic
- Connected to “Sophos – Private” Network adapter
- 30 GB Disk – We won’t be storing much on this disk, so I won’t allocate much. We can get away with 20, but I’ll stick with 30 to be safe.
- Windows Server 2012 R2 setup ISO to boot
Begin by clicking through the Windows Setup process, and install the Standard non Core version of Windows Server.
Continue through the steps until you are able to create your local password, and login to the machine.
Once you are logged into the server, let’s go ahead and
2) Configure our network adapter with a static IP
- Right click the network icon & select “Networking and Sharing Center”
- Click on the blue “Ethernet” text
- Click on “Properties”
- Select Internet Protocol Version 4 (TCP/IPv4) and click on “Properties”
We will be assigning the following values:
- IP Address: 192.168.2.2
- Subnet Mask: 255.255.255.0
- Default Gateway: 192.168.2.1
- Preferred DNS Server: 220.127.116.11
- Alternate DNS Server: 18.104.22.168
Remember that our Sophos is set to 192.168.2.1, and we currently don’t have any local DNS servers so we will stick with Google’s Public DNS Servers for now.
Click OK through the dialogs to save, and open up a web browser and browse to http://192.168.2.1:4444 to access the Sophos configuration UI
3) Configure the Sophos UTM Network Router & Firewall
As you can see, I was able to pull up the Sophos Web UI and begin the initial configuration process.
Type in your own information for the first page, click the “I accept the license agreement” checkbox, and click on “Perform Basic System Setup”.
You will a message in green text saying “Please wait, this will take 40 seconds”. Be patient during this process!
Next, we will be at the login screen. Provide the information you created in the previous page. The username is ‘admin’.
– We will be prompted to either perform a new setup, or restore from a backup. In this case, press on “Continue” to setup as new.
– We don’t have a license file, so leave this blank. This will allow us a 30 day trial period. If you end up liking Sophos UTM, you can create a Sophos account and generate a personal license for free.
– Leave the Internal (LAN) firewall IP as 192.168.2.1, since we don’t want to change this. Leave the Netmask default as well.
– I will be leaving the “Enable DHCP server on internal interface” unchecked since I will have Windows Server give out DHCP.
– On the “Internet Uplink (WAN) Settings” page select the only interface available in the dropdown box, and for “Internet uplink type” select “Standard Ethernet interface” with “Address Type” set to “Dynamic (DHCP)”.
Setting the WAN settings here automatically create the interface, and the corresponding NAT masquerading rules.
– On the “Allowed Services” page, go ahead and select the boxes that you think you will need. For me I selected Web, Terminal Services, DNS. Since the Sophos UTM is an advanced firewall, we can easily configure these later. These are just the barebones basics.
– On the “Advanced Threat Protection Settings” page, I left everything unchecked. Since this is a lab environment, I don’t see a reason to use resources for this function.
– Under “Web Protection Settings” I will also leave everything blank – but we will be revisiting this in a future blog post.
– Under “Email Protection Settings” leave everything unchecked.
– Click on “Finish” and you will be taken to the home page. You’ll see a bunch of red X’s but this is OK.
4) Create a “Firewall Off” rule
Since we will be spending a lot of time playing around with these devices, let’s go ahead and disable the firewall so we aren’t running into any strange networking issues.
Sophos does not provide a global ‘Firewall off’ button, but it should be pretty straight forward to accomplish with just one rule.
– Click on “Network Protection”
– Click on “Firewall”
– Click on “New Rule…”
– Do the following:
- Position: Top
- Sources: Any
- Services: Any
- Destination: Any
- Action: Allow
- Comment: Firewall Off
5) Confirm that you are able to reach the web!
In the Sophos WebAdmin, go to the search on the top left and type in ‘ping’ & click on the “Tools” under “Support”.
Type in 22.214.171.124 into the Hostname/IP Address box, and click Apply. You should be seeing a response.
If you get a response, try sending a Ping command from our Management server. Everything should be working now.
In this blog post we went over:
- How to create a basic Windows Server 2012 R2 VM for management of our lab
- Configure the network adapter in the management VM
- Configure the Sophos using the built in Wizard
- Create a firewall rule to disable the firewall
In the next blog post, we will begin to play around with Windows Server roles.