Difference between revisions of "Information Systems:Sophos UTM Appliance"
(Created page with "[[Category: Firewall] Category: Network Security") |
|||
| (9 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | =Hardware Appliances Purchased In April Of 2018= |
||
| ⚫ | |||
| + | Got new SG210 appliances |
||
| − | [[Category: Network Security]] |
||
| + | |||
| + | =Licensing For Appliances= |
||
| + | Link to https://myutm.sophos.com/ |
||
| + | * Username is darrenf@unipharm.com |
||
| + | * Password is #@$Devil505 |
||
| + | |||
| + | =Technical Support= |
||
| + | The number is 1-888-767-4679. We have 24x7 phone support entitled from the Premium subscription that was purchased along with the SG210s. |
||
| + | |||
| + | =How To Do A Firmware Update On The Sophos Firewalls= |
||
| + | The SG210 appliance calls home to Sophos on a regular basis and it will email I.S. staff that there is a firmware update available. So we should be clear on what firmware is really referring to here. In Sophos speak, firmware is the highly customized Linux OS install on the firewall appliance that gets a bundled package of RPM files that can be installed from the UTM web administration page. It is a best practice to not install new firmware revisions right after they have been released by Sophos, but rather to wait a week or two or three. The Sophos community forums are a good place to see if the most recent update has some sort of show stopping bug that would affect our network and its security. Sometimes there are bugs but they may be confined to features on the UTM they we don't use and therefore are lest worrisome. If it looks like a firmware update is safe to install, the first step is to log into the web admin GUI and go Management/Uptodate and schedule the firmware update. Because we have two physical appliances working in an active passive high availability pair, a firmware update can safely happen in the middle of a week day. If the firmware update is scheduled for say, 10AM, the install will begin on the slave passive node and when complete that node will reboot and come back up and do a graceful role swap from slave to master. After the active and passive nodes have swapped, the new slave, which was the master, begins its firmware update/reboot/resync cycle. The firmware update only makes changes to the underlying Linux OS, it does not actually change any of the UTM appliance hardware such as the motherboard or NICs. The entire update cycle and role swap back to square can take 20-30 minutes depending on how big the update is. Make sure that you do have a copy of daily firewall configuration backup and a copy of the licensing text file before doing any firmware update to mitigate any scenario where one or both appliances get bricked. Having the configuration backup file and the licensing file and an ISO of the latest OS means you can recover from any disaster quickly without needing to call support. |
||
| + | |||
| + | =QOS= |
||
| + | Below is a link to instructions on how to setup QOS for SIP and VOIP. |
||
| + | |||
| + | https://community.sophos.com/products/unified-threat-management/f/network-protection-firewall-nat-qos-ips/41320/understanding-qos-for-sip-voip-on-the-astaro-sophos-utm |
||
| + | |||
| + | [[Category: Pages with Contact Information]] |
||
| ⚫ | |||
Latest revision as of 11:22, 8 May 2019
Hardware Appliances Purchased In April Of 2018
Got new SG210 appliances
Licensing For Appliances
Link to https://myutm.sophos.com/
- Username is darrenf@unipharm.com
- Password is #@$Devil505
Technical Support
The number is 1-888-767-4679. We have 24x7 phone support entitled from the Premium subscription that was purchased along with the SG210s.
How To Do A Firmware Update On The Sophos Firewalls
The SG210 appliance calls home to Sophos on a regular basis and it will email I.S. staff that there is a firmware update available. So we should be clear on what firmware is really referring to here. In Sophos speak, firmware is the highly customized Linux OS install on the firewall appliance that gets a bundled package of RPM files that can be installed from the UTM web administration page. It is a best practice to not install new firmware revisions right after they have been released by Sophos, but rather to wait a week or two or three. The Sophos community forums are a good place to see if the most recent update has some sort of show stopping bug that would affect our network and its security. Sometimes there are bugs but they may be confined to features on the UTM they we don't use and therefore are lest worrisome. If it looks like a firmware update is safe to install, the first step is to log into the web admin GUI and go Management/Uptodate and schedule the firmware update. Because we have two physical appliances working in an active passive high availability pair, a firmware update can safely happen in the middle of a week day. If the firmware update is scheduled for say, 10AM, the install will begin on the slave passive node and when complete that node will reboot and come back up and do a graceful role swap from slave to master. After the active and passive nodes have swapped, the new slave, which was the master, begins its firmware update/reboot/resync cycle. The firmware update only makes changes to the underlying Linux OS, it does not actually change any of the UTM appliance hardware such as the motherboard or NICs. The entire update cycle and role swap back to square can take 20-30 minutes depending on how big the update is. Make sure that you do have a copy of daily firewall configuration backup and a copy of the licensing text file before doing any firmware update to mitigate any scenario where one or both appliances get bricked. Having the configuration backup file and the licensing file and an ISO of the latest OS means you can recover from any disaster quickly without needing to call support.
QOS
Below is a link to instructions on how to setup QOS for SIP and VOIP.