SNMP (Simple Network Management Protocol) gives access to XG Firewall information, for example, status of the firewall, service availability, CPU, memory, and disk usage. XG Firewall supports SNMPv3, SNMPv1 and SNMPv2c protocols. To configure XG Firewall as an SNMP agent, select Enable SNMP agent and specify the settings. Right click the device, Edit, Settings. Scroll down to Credentials for SNMP. Uncheck inheritance and make sure your settings are SNMP v1, and the usual port 161, public or whatever string you're using. No matter what the Sophos is set to, if you allow your PRTG monitor to access it, it will spit out the info as long as PRTG is set to V1. Sophos XG, Netflow and PRTG Hello, i have netflow aktivated and send the data from the firewall to PRTG Netflow Sensor. I am now wondering why i not the the amound of traffic i expect. Sophos Community. Intercept X Endpoint; Sophos (XG) Firewall; Zero Trust Network Access (EAP) UTM Firewall; Sophos Partners; Product Documentation; Community Chat; Community Blogs & Events. Community Calendar; Sophos Community Blog; Community Security Blog; Getting Started; Sophos Partners; Member Recognition. Community Leaderboards; Support.
So I was playing with certificates on the Sophos XG the other night in the hopes to publish a PRTG server through the firewall and test out the authentication and other features but in my stupidity I decided to apply a certificate to the UTM appliance itself which was invalid. I had somehow managed to import and select the wrong certificate from my machine, which was used to authenticate me as a person against StartCom where I’d got a free SSL certificate from, and completely locked myself out of the firewall admin portal *sadface*
Certificate I’d imported into the XG
When trying to access the portal on port 4444 I was greeted with errors in Chrome, IE and Firefox relating to an invalid certificate. I tried lowering all possible security settings on the browsers to no avail and ended up conceding that I’d have to bin the XG and start from a fresh build unless I found a way back in by some miracle.
“172.16.0.2 normally uses encryption to protect your information. When Google Chrome tried to connect to 172.16.0.2 this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be 172.16.0.2, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
Sophos Xg Port
You cannot visit 172.16.0.2 at the moment because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.”
Errors in IE and Chrome
Sophos Xg Netflow Prtg
As a last ditch hope I popped a message on the Sophos community forums and within the hour I’d had a suggestion: SSH into the XG and follow the on screen prompts using options 2 and 4. This regenerated an admin portal certificate and voila, I was back in!
SSH access to the XG firewall
Sophos Xg Port 3400
So, if you’re completely stuck with your Sophos XG, try using SSH to access it and explore the options there.