The Sophos SG Series appliances are designed to provide the optimal balance between performance and protection – for diverse IT environments. Whether you need a solution for a small remote office, want to protect your school campus, or are a global organization requiring high-availability and enterprise-grade features, our SG Series appliances are an ideal fit. The Control center shows the features in use, and the health and security of the network. Configuring interfaces. Configuring Active Directory authentication. You can add existing Active Directory users to XG Firewall.Add an AD server, import groups, and set the primary authentication method. Thanks for choosing Sophos. Yes, our Free Home Use XG Firewall is a fully equipped software version of the Sophos XG firewall. Hence, it supports UTMS/dongles. We do not have a list of compatible USB modem, but mostly all of them are supported. Sachin Gurung Team Lead Sophos Technical Support. By synchronizing with Sophos Central, you can use Security Heartbeat to enable devices on your network to Synchronized Application Control lets you detect and manage applications in your network. Additionally, you can manage your XG Firewall devices centrally through Sophos Central. Optional VDSL Modem: Optional SFP Modem (not yet supported) Optional SFP Modem (not yet supported) Physical Specifications: Dimensions: 225 x 44 x 150 (w.h.d) mm 8.86 x 1.73 x 5.91 (w.h.d) inches: 225 x 44 x 150 (w.h.d) mm 8.86 x 1.73 x 5.91 (w.h.d) inches: Weight: 0.9 kg/1.8 kg (1.98 lbs/3.97 lbs) Unpacked/Packed.
Overview
- This article describe the steps to access the command interface of the Sophos XG firewall device with console cable
Prepare
- A console cable with one end is RJ45 and one end is a VGA port.
- Install PuTTy software on the computer.
Installation Instrictions
- First we will use the RJ45 end of the console wire attached to the COM port on the Sophos XG firewall device.
- The other VGA head attaches to the VGA port on the computer (If the computer does not have a VGA port, we can use a cord that converts from VGA to USB or HDMI).
- Then right-click on This PC and select Manage.
- The Computer Management panel pops up, click on Device then click on the “>” icon to the left of Ports (COM & LPT) the drop down list and we will see the Serial port name connecting.
- Next we turn on the PuTTy software, at the Connection type we select Serial, in the Serial line box we enter the name of the connecting Serial port we have seen above in this example is COM3 and in the box The speed we entered in 38400 is the default number.
- Click Open to connect, enter the firewall’s password and press Enter to log into the Command interface of the firewall.
YOU MAY ALSO INTEREST
A fortnight in to 2020 and we have the first security flaw considered important enough to be given its own name: Cable Haunt – complete with eye-catching logo.
First discovered by Danish company Lyrebirds some time ago, Cable Haunt is an unusual flaw which in Europe alone is said to affect up to 200 million cable modems based on the Broadcom platform.
Specifically, the flaw is in a normally hidden software layer called the spectrum analyser (SA) used by Internet Service Providers (ISPs) to troubleshoot a subscriber’s connection quality.
According to Lyrebirds, this analyser has several problems starting with the basic problem that the WebSocket interface used to control the tool from a web browser is unsecured.
Because parameters sent via this are not restricted by the modem, it accepts JavaScript running in the browser – which gives attackers a way in as long as they can reach the browser (although not in Firefox, apparently).
Using HTTPS instead of an exposed WebSockets would have dodged that bullet by implementing Cross-Origin Resource Sharing (CORS) security.
What might an attacker do?
- Change default DNS server
- Conduct remote man-in-the-middle attacks
- Hot-swap code or even the entire firmware
- Upload, flash, and upgrade firmware silently
- Disable ISP firmware upgrade
- Change every config file and settings
- Get and Set SNMP OID values
- Change all associated MAC Addresses
- Change serial numbers
- Be exploited in botnet.
Identified as CVE-2019-19494 (a second CVE, CVE-2019-19495, relates to the vulnerability on the Technicolor TC7230 modem), it’s clear from that list that this is a flaw users should not ignore.
Haunted
The researchers offer what looks like a valid reason for giving the issue a name – the desire to grab attention to a flaw they hint that some modem makers and ISPs have been ignoring since the company reported it to them in early 2019. The risk:
At this rate it would eventually leak out of our hands and into organizations with time and resources to take advantage of the vulnerability.
Lyrebirds thinks it knows why things have been moving so slowly too:
We are a small unknown crew with no reputation and could therefore not establish connection with any manufacturers directly, even though we tried.
What to do
Sophos Router With Fiber Interface
The vulnerability affects cable modems using Broadcom’s reference software as part of their firmware, so the first thing is to work out whether your broadband connection is served using that technology combination (ones advertised as being fibre or ADSL are not affected).
Beyond that, because modem makers integrate the firmware for Broadcom modems to suit their own needs, the degree to which specific models using the software are affected is hard to predict.
The researchers list several models and firmware versions known to be at risk from Sagemcom, Technicolor, Netgear, and Compal, but they caution that this isn’t exhaustive.
The researchers have also made available a test script that more technical users can use to work out whether a modem is vulnerable. It’s a not a guarantee, however – even if it comes up negative, a modem might still be vulnerable, they caution.
The first piece of good news is that because cable modems are remotely managed, ISPs will apply a fix automatically when it becomes available.
The second piece of good news is that there’s no evidence attackers have exploited the flaw – yet.
Sophos Xg 4g Modem
When your ISP gets around to applying the fix will be up to them. Some might have quietly done so already but expect others to take longer. If the researchers couldn’t get modem makers and ISPs to talk to them, customers may not get much further.