Sophos Esxi

Posted on  by admin

While looking for some home firewall online to compare with PFSense, I found quite a lots of post mentioned Sophos UTM 9. For home user, 50 IP addresses limi. The Sophos XG is a next-generation firewall packed with enterprise-grade features. The team at Sophos have been kind enough to offer a FREE software version of this firewall for home users, which I. Note: Sophos XG Firewall Home Edition as name suggests only for home use and non-production environments. Since I am an IT consultant I prefer to do the most, if not all, of my network testing in my home lab prior deploying it to my customer's production network. So in order to do so I have setup myself a small WM ESXi and couple of VM computers. Now I need a firewall that would do more then. Applies to the following Sophos product(s) and version(s) Sophos For Virtual Environments. Customer are unable to deploy the SVM to local datastores when installing Sophos for Virtual Environments in a VMware ESXi environment. Development are investigating the cause of this issue as well as any potential solutions.

with Supremo Remote Desktop

Extract and save the image on the device that has the vSphere client installed. To deploy the OVF image, follow these steps: Use the vSphere client to sign in to the VMware host server using its IP address, username, and password.

VLANs are a great tool to manage business networks and VMware knows that very well. We’ll show you how you can configure ESX(i) to tag packets and how to create virtual switches for your VLANs.

Before reading the guide, it’s important to have VLANs configured in your network. More information on how to segment a LAN into VLANshere.

First of all, click F2 and access the ESX(i) console to enable VLAN architecture awareness. Select Configure Management Netowrk:

Sophos utm esxi setup

Enable VLAN tagging specifying 4095 as value:

Specify an IP address for the management network adapter:

Define DNS servers:

Press Esc and confirm:

Now your ESX(i) is VLAN architecture aware.

It’s time to launch the vSphere Client. Go to the Configuration tab and click Networking, you can see the management network with the 4095 tag:

Click Properties:

It’s time to remove the VM Network that will be replaced by the VLANs:

Create the VLANs with the IDs specified during the (physical) switch configuration clicking on Add:

Let’s assign the VLANs to the virtual machines:

The final step is to add a second virtual switch using another network adapter. You must specify the VLAN ID of the desired network:

If we try to change the network of the Srv1 virtual machine from SERVER ID 100 to VoIP ID 30, we will see the VM automatically assigned to the second vSwitch:

Share:

Sophos for Virtual Environments delivers central security for VMware or Hyper-V virtual machines. Sophos VE provides real-time protection at peak performance by off-loading threat detection to a centralized security virtual machine.

In this walk-through, we will be installing the Sophos Security VM in a VMware environment, deploy the Guest VM agent to protected machines, and test real-time protection.

Install Sophos Security VM

To begin, download the Sophos for Virtual Environments executable from Sophos Central. Run the SVE_ESXi_c_sfx.exe from a machine in your environment.

Read and Accept the Sophos EULA.

Select the destination for the installer and Install. This can be on your local machine.

Once the installer has completed, the Security VM installation wizard will begin. Click Next to continue.

Check the prerequisites for installation and ensure you have credentials to VMware and the ESXi host where the Security VM will reside. Click Next.

Sophos Esxi Install

Provide the vCenter address and credentials as well as the Security VM name.

A security warning will appear if an untrusted SSL is installed.

Choose the ESXi host where you want the Security VM installed.

Select the Management Console you will be using to configure security policies and respond to alerts. We are using Sophos Central.

Enter the Sophos Central Administrator credentials.

Provide a password for access to your Security VM. Note that this password can’t be changed after installation.

Next, create a password for access to the guest agent installer. The guest agent installer will reside in a Public share on the Security VM.

Select a Timezone the for the Security VM.

Choose the datastore where your Security VM will reside.

Set the network, IP address, subnet mask, and domain suffix for all the networks used by the protected VMs.

Enter the default gateway and DNS server(s) information.

Guest VMs can move between Security VMs. If you have already or are going to install additional Security VMs, enter their IP addresses here.

Review the summary and click Install when finished.

The Security VM will now be deployed to your ESXi host.

Once complete, select Finish.

After the Security VM installation, navigate back to Sophos Central and ensure the VM is populated under Server Protection.

Next, we will install the Sophos Guest VM agent on VMs we want to protect. The Guest VM agent communicates with the Security VM to protect workloads and scan accessed files.

Install Sophos Guest VM Agent on Guest VMs

From the Guest VM you would like to protect, browse to the Public folder on the Security VM.

Enter the sophospublic username and password setup during the Security VM installation.

Launch the SVE-Guest-Installer.

Launch the SVE-Guest-Installer.

The installation for the Guest Agent will begin.

Select Finish when completed.

Verify Sophos for Virtual Environments Protection

Lastly, we will check that our Guest VM is protected. The first way to check is from Windows Security and Maintenance Center on the Guest VM. If the guest VM does not have Windows Security Center, we will check the log folder and then test real-time protection.

Utilizing the Sophos credentials, you created during the SVE setup, you can access the logs folder. Browse to the Logs folder on the Sophos Security VM and open the ProtectedGVMs document.

The document should display information for your newly protected Guest VM.

Sophos Esxi

Test Sophos Real-time Scanning

Sophos Utm Esxi Install

Lastly, we will test real-time scanning. To test, follow the EICAR instructions here for creating an anti-malware test file. Paste the 68-character string into a text document and save the document with an obvious name. Once the file is saved, navigate to the Security VM in Sophos Central. You should see a recent event indicating that Malware has been detected.

Sophos Utm Esxi Setup

For more information read the Sophos for Virtual Environments Startup Guide