Welcome.Setup and Deployment.Automation.How To.Best Practices.Concepts and Usage.Event Source Configuration.Administration. Configure Syslog ForwardingYou can configure your Sophos XG to forward its logs to a syslog server. Follow the instructions provided by Sophos here:For best results, use the system with the InsightIDR Collector as your syslog server location for:. Port (where 514 is the default).
I added a IPsec VPN connection between two Sophos XG Firewalls. I tried it with different XG Models and on all I get the same error message.
IP AddressAdditionally, choose the following options during configuration:. Facility: DAEMON. Severity Level: Debug.
Format: Device Standard Formatis the tool that allows for central management of firewall configuration. You can use the Sophos Central API to configuring log forwarding to a SIEM, or InsightIDR.
Follow the directions here.
What’s NewCheck out all the enhancements in XG Firewall v17.1 including the new Cloud Application Visibility feature in our. Cloud App Visibility – brings the visibility pillar of CASB to XG Firewall, providing quick and easy Shadow IT discovery and visibility into data that may be at risk in cloud applications with great reporting on users and volume of data being uploaded and downloaded from cloud services. Synchronized App Control – gets further enhancements in managing newly discovered applications, including options to search, filter, and delete applications. You’ll also see the category assigned to the discovered app in the list for easy reference.
Email Security – adds user management over individual SMTP block and allow lists via the User Portal. Domains or email addresses added to the Allow list will bypass policies (except for malware or sandboxing enforcement) and adding domains or addresses to the block list will automatically quarantine emails from those senders. In addition, more flexible SMTP policy exceptions are supported to provide parity with Sophos SG UTM. SSL VPN Port Option – one of the most requested features on XG Firewall is the option to customize the SSL VPN listening port. Firewall Enhancements – Enhancements have been made to the firewall and rule management to improve flexibility and streamline management even further. You can now double-click a firewall rule in the list to open it for editing.
There’s a new option to block Google QUIC’s HTTPS over UDP forcing a fallback to TCP enabling full SSL inspection of the traffic.