Monitoring syslog data from Sophos UTM is great, until the syslog stream is interrupted or when you need to reboot the syslog receiver. When that occurs, you end up with gaps in your reporting data!
Sophos is retiring this product on 20 July 2023. For product retirement details, see our retirement calendar. Information about behavior monitoring and the run-time detection methods being used can be found on the Enterprise Console Help HTML online documentation. Sophos Home Premium Security Delivers Advanced, Real-Time Antivirus Protection from the Latest Ransomware, Hacking Attempts and More. Get Sophos Home Today.
You can monitor and configure Windows Firewall (and monitor other registered firewalls) on your computers and servers using a Windows Firewall policy.
You can apply a Windows Firewall policy to individual devices (computers or servers) or to groups of devices.Warning Other firewalls or your Windows Group Policy settings may affect how the policy is applied on individual computers and servers.
We advise that you test any firewall rules you create (locally or via Group Policy) to make sure that communication with Sophos is allowed.
Go to Endpoint Protection > Policies to manage Windows Firewall.
To set up a policy, do as follows:
- Create a Windows Firewall policy.
- Open the policy's Settings tab and configure it as described below. Make sure the policy is turned on.
Sophos Monitoring System
In Monitor Type, select the level of monitoring you want:
Sophos Managed Threat Response
File Integrity Monitoring Sophos
- Monitor Only. Devices will report their firewall status to Sophos Central. This is the default option.
- Monitor & Configure Network Profiles. Devices will report their firewall status to Sophos Central. You can also choose whether to block or allow inbound connections on Domain Networks, Private Networks, and Public Networks.
- Block All
- Block (with exceptions). You must set up the exceptions locally on the computer or server. If you don't set up exceptions all inbound connections are blocked.
- Allow All