This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Assistant - Feedback and Experiences

Hello Community,

The team working the Sophos Assistant (whatfix) would like to know your experience with the Sophos Assistant tool.

  • Have you use it?
  • Were you aware of it?
  • What flow have you tried?
  • What flow would you like to see?
  • What changes/improvements would you make?
  • Anything you would like to report (Flow no working, flow stop working, flow no intituive) 

The Sophos Assitant was launched in Sophos Firewall 18.5 MR2, this new tool was created to provide interactive guides (flows) on configuring modules (simple and complex). 

Some of the current and most popular flows are:

  • DNAT and Firewall Rules for Internal Web Server
  • Remote Access SSL VPN
  • site-to-site IPsec VPN

Understanding the icons in the Sophos Assistant

You'll encounter three different icons in the Sophos Assistant.

Icon Description

Group of configuration flows
Click it to expand its content

 Configuration flow
 External link (mainly to online documentation)



This thread was automatically locked due to age.

Top Replies

  • I have never used it because my opinion is such 3rd Party data collections directly on the user front end must not be in a security product. As it tracks many things you do while doing your job on the firewall, I find it most suspicious. Especially when you notice, it sends data to non-Sophos URL - here whatfix and usersnap.

    When ou launched it, it was just there, no information about it, nothing could be adjusted nor could it be disabled.

    So one of the first things was to block it on our firewalls.

    Now with some of the later versions, it can be disabled but I do not trust it. As written, I don't want hard coded 3rd party integrations in a firewall. Sophos now sometimes communicates to do your feature requests with that widget to some anonymous data bucket. Hm, no.

    One of the older threads about it.

    community.sophos.com/.../xg-is-contacting-whatfix-com-when-i-change-firewall-rules

    Jump to answer
Parents
  • Hi,

    I have never used the Assistant, so I cannot comment on its functionality or use. What I can comment on is its annoying presence in the DUI windows. Secondly it does not appear to be part of the back/restore process. I rebuilt my XG115W, performed a restore only to find the Assistant was still functional, it was enabled in the backup.

    There appears to have been considerable effort put into developing what appears to be security risk to your XG/S installation. The development effort would have been more value in building IPv6 functionality or fixing the failure to automatically renew IP addressing after a wan link failure, but marketing obviously had a big say in the development of the Assistant that adds nothing to the security functionality of the XG/S.

    My 10c worth.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • Ian i would disagree about this one. What do you mean by security risk? Do you see whatfix (external partner) as a vulnerable vendor? Can you backup this theory? 

    And this external integration is something, which is not provided or maintained by the firewall development team. So it actually did not extract development effort what so ever. 

    __________________________________________________________________________________________________________________

Reply
  • Ian i would disagree about this one. What do you mean by security risk? Do you see whatfix (external partner) as a vulnerable vendor? Can you backup this theory? 

    And this external integration is something, which is not provided or maintained by the firewall development team. So it actually did not extract development effort what so ever. 

    __________________________________________________________________________________________________________________

Children
  • LuCar,

    you are allowing an external third party source which you have no control over their security policies access to your Network security device, doesn't sound to secure to me. 

    If the firewall development team were not involved how was the functionality imported and QA tested in the XG? Sort of leaves the Dev team support not having a full underetasting of the security risks involved and how to investigate any issues arising?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • Whatfix offers a Webbased Addon on the firewall webadmin. It is not integrated nor build by Sophos. Whatfix will simply create workflows within the html page. So the tool and the way, this tool works, is not build by Sophos. 

    All Vendors are approved and revisit by several teams within Sophos. See: assets.sophos.com/.../sophos-data-processing-terms-for-suppliers.pdf

    __________________________________________________________________________________________________________________

  • With the recent backdoor that was found on Juniper networks, it makes sense why users do not trust anything that could be exploited from the outside. A few years ago there was also an SQL injection vulnerability that was used to gain access to the XG firewalls webadmin and user portal. Do we really need another reason?

  • Which backdoor are you referring? 

    __________________________________________________________________________________________________________________

  • The code that was used to gain backdoor access to Juniper firewalls.

    The code, which appeared in numerous versions of ScreenOS since mid-2012, is said to "gain administrative access" and "decrypt VPN connections" by using secure shell (SSH), according to the advisory. That would allow a highly-skilled attacker to decrypt data that's flowing through the virtual private network (VPN) connection on the firewall.

    ...

    Researchers believe that even if the National Security Agency wasn't directly to blame for inserting the backdoor code, it was at least helped along by creating a weakness in a cryptographic algorithm used in part by Juniper that allowed the attackers to strike.