This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Sophos Install & Updates From DMZ

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Sophos Install & Updates From DMZ

Doug_Hogue
L1 Bithead

‎05-31-2017 09:01 AM

Anyone create a policy allowing a Sophos AV install and then Updates form a DMZ? I have created such a policy but still seems to be an issue.

 

The security policy has all the source and destination zones and the destination host are any.

 

I am then allowing the following applications (not using ports at all)

dns

ms-ds-smb

msrpc

netbios-cc

sophos-live-p...

sophos-rms

sophos-update

netbios-ss

ssl

web-browsing

tcp-over-tcp

 

If anyone is doing this please update me on how you are doing this securly. 

 

Thanks

0 Likes Likes
4 REPLIES 4

TranceforLife
L6 Presenter

‎05-31-2017 09:13 AM

So what do you see in the monitoring tab when forcing the Sophos AV from the DMZ zone to get and install updates? What policy your traffic is hitting? 

0 Likes Likes

BPry
Cyber Elite
Cyber Elite

‎05-31-2017 10:09 AM

@Doug_Hogue,

You'll need to actually monitor the traffic and see why it isn't being allowed. My guess would be that either one of the app-ids are using a non-standard port, you don't have an application listed that Sophos is trying to use, or something with your routing from your DMZ zone is not correct.

I would start with the basics and just verify that you can talk to the server serving up the updates, then look at the monitor tab and see what is getting blocked. You may want to turn on logging for your interzone-default policy for the time being just to make sure that if it's hitting that rule you'll actually get logging for it. 

0 Likes Likes

Doug_Hogue
L1 Bithead
In response to BPry

‎05-31-2017 10:45 AM

Yes I have already monitored the traffic and that is how I came up with the policy I have. I was looking for the experience of others and if their poloicy was different. Their may be some other restrictions such as url filtering and such going on here that is preventing the traffic through. Thanks for your thoughts.

0 Likes Likes

TranceforLife
L6 Presenter
In response to Doug_Hogue

‎06-01-2017 02:51 AM - edited ‎06-01-2017 04:47 AM

Create test policy with any any in the app and services and test with one of the source machine ip (restrict the policy for the source ip of your test machine). Do not attach any security profiles yet! Then monitor the traffic to confirm if everything is allowed etc and if it even works with the plain policy. Then start adding additional futures (e.g security profiles). Still, works? Good. Then start restricting policy based on app and services. 

0 Likes Likes
  • 2237 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks