Prtg Sophos Xg

Posted on  by admin
Sophos

You can set the time and date to the device’s clock or synchronize the device with a Network Time Protocol (NTP) server.

Having had mixed results with the Sophos XG, and having hardware that just can't keep up with the latest updates for it, I've reverted back to the Sophos UTM9. This still plays nicely with my PIA VPN setup whereby a pfSense router is placed in front of a UTM interface to anonomise traffic however I. Sophos Firewall Manager (SFM), Sophos Central Firewall Manager(CFM) or Sophos Central centrally manages your Sophos XG Firewall (device). Central management allows you to configure keep-alive requests and to enable configuration and signature updates of the device through the firewall manager.

  1. Go to Administration > Time.
  2. Current time displays the device time and date.
  3. Select the Time zone based on the location in which the device is deployed.
  4. Select from the following options to choose how you set the time and date:
    • Use pre-defined NTP server (pool.ntp.org). The device uses NTP version 3 (RFC 1305). Click to Sync now.
    • Use custom NTP server. Enter the IPv4 address or IPv6 address or domain name. You can configure up to 10 NTP servers. At the time of synchronization, the device queries the configured NTP servers sequentially until it receives a valid reply from a server. Click to Sync now.
    • Select Do not use NTP server to configure the date and time based on the device’s clock. Set the date and time.
Prtg sophos utm 9

So I was playing with certificates on the Sophos XG the other night in the hopes to publish a PRTG server through the firewall and test out the authentication and other features but in my stupidity I decided to apply a certificate to the UTM appliance itself which was invalid. I had somehow managed to import and select the wrong certificate from my machine, which was used to authenticate me as a person against StartCom where I’d got a free SSL certificate from, and completely locked myself out of the firewall admin portal *sadface*

Certificate I’d imported into the XG

When trying to access the portal on port 4444 I was greeted with errors in Chrome, IE and Firefox relating to an invalid certificate. I tried lowering all possible security settings on the browsers to no avail and ended up conceding that I’d have to bin the XG and start from a fresh build unless I found a way back in by some miracle.

Prtg sophos utm

“172.16.0.2 normally uses encryption to protect your information. When Google Chrome tried to connect to 172.16.0.2 this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be 172.16.0.2, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

Sophos

Prtg Sophos Utm Monitoring

You cannot visit 172.16.0.2 at the moment because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.”

Errors in IE and Chrome

Prtg Sophos Xg Snmp

As a last ditch hope I popped a message on the Sophos community forums and within the hour I’d had a suggestion: SSH into the XG and follow the on screen prompts using options 2 and 4. This regenerated an admin portal certificate and voila, I was back in!

Prtg Sophos Utm

Prtg sophos xg template

SSH access to the XG firewall

Prtg Sophos Utm Vpn

So, if you’re completely stuck with your Sophos XG, try using SSH to access it and explore the options there.