02-05-2021

Sophos Xg Prtg



So I was playing with certificates on the Sophos XG the other night in the hopes to publish a PRTG server through the firewall and test out the authentication and other features but in my stupidity I decided to apply a certificate to the UTM appliance itself which was invalid. I had somehow managed to import and select the wrong certificate from my machine, which was used to authenticate me as a person against StartCom where I’d got a free SSL certificate from, and completely locked myself out of the firewall admin portal *sadface*

  1. Sophos Xg Firewall Prtg
  2. Sophos Xg Netflow Prtg
  3. Prtg Sophos Xg Template

XG + Sophos connect VPN client: some users are having frequent drops to RDP sessions. I had my boss (who is having issues) and myself both open connections to the same rdp server while using this client. Switch to PRTG: PRTG network monitor supports Sophos UTM firewalls and provides constant updates about the status of your firewall. Find out how PRTG’s Firewall Monitoring can help you get rid of Sophos Firewall Timeout Errors.

Port

Sophos Xg Firewall Prtg

Certificate I’d imported into the XG

  1. Overview The Sophos XG Firewall offers Netflow, a network protocol, to monitor network bandwidth usage and traffic flow. Netflow records of source, destination and volume of traffic are exported to the Netflow server. The records help you identify the protocols, policies, interfaces and users consuming high bandwidth.
  2. Sophos XG: configure a Netflow server. Netflow is Cisco’s network-developed networking protocol, which collects information about IP flows. It is possible under Sophos XG to configure a Netflow server. PRTG has a Netflow sensor. From the administration interface, go to Administration 1 / Netflow 2 and configure the server 3. Validate by clicking Apply 4.

When trying to access the portal on port 4444 I was greeted with errors in Chrome, IE and Firefox relating to an invalid certificate. I tried lowering all possible security settings on the browsers to no avail and ended up conceding that I’d have to bin the XG and start from a fresh build unless I found a way back in by some miracle.

“172.16.0.2 normally uses encryption to protect your information. When Google Chrome tried to connect to 172.16.0.2 this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be 172.16.0.2, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit 172.16.0.2 at the moment because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.”

Sophos Xg Netflow Prtg

Errors in IE and Chrome

As a last ditch hope I popped a message on the Sophos community forums and within the hour I’d had a suggestion: SSH into the XG and follow the on screen prompts using options 2 and 4. This regenerated an admin portal certificate and voila, I was back in!

Prtg Sophos Xg Template

SSH access to the XG firewall

So, if you’re completely stuck with your Sophos XG, try using SSH to access it and explore the options there.