Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 29 subscribers
  • Views 859 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Emergency access to remote Sophos Firewall if tunnel is down

Thomas Schachtner1

Hi there,

I am new to the Sophos Firewall product, and so my question might sound stupid for all the wizards here...

I like the security hints and warnings the firewall shows when configuring insecure settings, such as the access to the configuration frontend from the WAN zone.

In my usage scenario, there are several Sophos Firewall devices in the branch offices (BO) and another device in the head office (HO).

In the BOs, there are no IT personnel and the people there depend on a working connection to the HO. The connections to the offices are established using site-to-site IPSec VPN tunnels.

If - for whichever reason - the tunnel goes down, there is no way to connect to the remote firewall and see what is going on there or to try to re-establish the tunnels.

With our old Sophos UTM devices, the animated interface was enabled on WAN interface, but access was limited only to the HO's IP address.

This is now regarded insecure with Sophos Firewall (which is definitely true), but nevertheless we need another way of connection to the device and check the settings.

What's the recommended configuration for this scenario now?

Thanks,

Tom



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

    I would suggest you setup a CM account. There are two types, the free one stores 7 days data and does not mail reports, where as the paid one hs many more features. You start iwith a trial and decide on whether you are going down the paid path or the free path.

    The CM will allow access to an XG assuming it is still on-line.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    CM stands for Central Management, right?

  • +1 in reply to Thomas Schachtner1

    Yes, exactly.

    You setup a "trial" to get an account, then you register from your firewall to that account with your device's serialnumber.

    Depending on your license(s) you have several options to turn on, then.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • +1 in reply to Thomas Schachtner1

    Yes, exactly.

    You setup a "trial" to get an account, then you register from your firewall to that account with your device's serialnumber.

    Depending on your license(s) you have several options to turn on, then.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML