Sophos

Sophos

Cyfin is designed to work with Sophos UTM. It integrates easily into your current system configuration.

Company Overview

Founded in 1985, Sophos is a global provider of cloud-enabled end-user and network security solutions, offering organizations integrated end-to-end protection against known and unknown IT security threats through products that are easy to install, configure, and maintain. The company offers network protection products such as Unified Threat Management/Next-Generation Firewall (UTM/NGFW), Web and e-mail security, and secure Wi-Fi, as well as end-user protection products such as endpoint protection, encryption, mobile security, and server protection.


Cyfin - Sophos Configuration


Log File Setup

Log File Type:  Sophos


Sophos UTM Configuration Steps

In order for Cyfin to analyze the Sophos UTM firewall data, you must perform the following steps to produce the proper syslog data:

  1. Set up the Web filtering option.
    • To set up the Web filtering functionality on the Web server, go to Web Protection – Web Filtering – Global and click the enable button.
  2. Syslog settings are configured in WebAdmin on the Logging & Reporting – Log Settings – Remote Syslog Server tab.
    • On this tab, multiple target syslog servers may be added, and logs may be sent to any TCP or UDP port. (Most systems will default to UDP port 514.)
    • If syslog messages cannot be delivered, they will be buffered and re-sent when possible.
    • By default, up to 1000 logs will be buffered. This feature is most reliable when using TCP as it will detect when message deliveries fail more accurately.
    • When using UDP, a failure will only be detected if the target IP is online and able to respond with an ICMP (Internet Control Message Protocol) service unavailable message.
  3. Once syslog targets have been configured, the logs to send via syslog must also be selected on the same screen. By default, none are selected. Select the Web Filter log file type, and click Apply.

Now you can proceed to configure Cyfin to receive these syslog data records.


Cyfin Configuration Steps

Cyfin Syslog Server listens for syslog messages from your Sophos device. Both UDP-based and TCP-based messages are supported.

  1. Select the Sophos log file configuration in Cyfin for your Sophos device.
  2. Specify the Directory in which the log files will be created. The default directory is [InstallPath]\wc\cf\log.
  3. Select Enable Syslog Server.
  4. For Port Type, select UDP or TCP for the Internet protocol you want to use.
  5. In the Listening Port field, the default port number is 1455. The listening port will be used by your Sophos device to transfer the data. You may change this number if necessary.
  6. At your Sophos device, specify the IP address of the Cyfin server and the listening port, and submit the syslog messages.
  7. Your log files will be created and displayed in the Log File Viewer in Cyfin.
  8. If you have many of the same Sophos devices, use one log file configuration with one listening port, and point each Sophos device to the same listening port.
© Copyright 1996-2018 Wavecrest Computing. All Rights Reserved.

Trusted Worldwide

Free Trial
Price Quote
"We discovered that Cyfin was flexible, providing us with the details needed to make adjustments to our Policies and Bandwidth, as well as increasing employee’s productivity."

-Allen Lochamy, Atlanta Bonded Warehouse
LEGAL PRIVACY | © Copyright 1996-2018 Wavecrest Computing. All Rights Reserved.
Facebook Twitter Linkedin Blog Google+ YouTube Knowledge Base