4.1 Understanding Firewall Objects to Create Firewall Rules and Policies {Theory and Hands-on LAB }
Вставка
- Опубліковано 19 вер 2024
- In this Tutorial we will understand Firewall Objects such IP Host, IP Host Group, MAC host, FQDN (Fully Qualified Domain Name), FQDN Group, Country Object, Service Objects and Service Groups.
Firewall Objects are helpful to create Firewall Rules and NAT policies. Customize Policies as per the requirement.
Sophos XG Firewall Series: • Sophos XG Firewall || ...
#SophosFirewallObject
#CreateFirewallRulesandPolicies
#IPHost
#IPHostGroup
#MACHost
#FQDN
#FullyQualifiedDomainName
#CountryObjects
#Services
#ServiceGroups
#FirewallRules
#NATPolicies
#MASQ
#Interface
#FirewallZones
Love you, thanks for your work
My pleasure!
If you are interested in VMware vSphere and AWS, please feel to write on noornetworks.training@gmail.com
Thank you for sharing this playlist. God bless you.
Salute sir explaination is good 💜
Thanks
Just to be clear: two interfaces int he same zone does not mean intra-zone traffic flows between them without restrictions yes? We still need security policies / ACLs that define what traffic can pass between those interfaces?
Yes, by default two interfaces won't communicate to each other. You need to configure Rule to achieve this
Very Nice Explations
Thank you so much 🙂
If you are interested in VMware vSphere and AWS, please feel to write on noornetworks.training@gmail.com
Nice presentation sir…i want to learn this
Keep watching. If you have any doubts feel free to ask :)
If you are interested in VMware vSphere and AWS, please feel to write on noornetworks.training@gmail.com
Thank you very much for such wonderful video. learning through your guidance. Have got stuck in one step. as i am not able to ping or access internet on virtual machine client pc-1 but i can ping firewall ip. my internet connected to Mobile data. do here i need to change something. Please help.
Check if you are able to ping 8.8.8.8 from your Sophos XG Firewall and let me know
@@NoorNetworks Bro, thank you so much.. have figure it out as there was an auto bridging issue so manually added WiFi interface and its worked. 🙏.. keep loading more. GBU
@NoorNetworks Bro, can you please guide on how to access Internal firewall to outside network.
think we can use directly without vpn through Https please correct if wrong.
It is not advisable to do so and it is not a good practice. Doing so will add a high security risk.
However, if you just want to see for learning purpose, you can do it by opening https access of your firewall over a wan port. In coming tutorials I have shown you how to manage these settings for LAN Ports (Similarly, you can do it for WAN Port)
Nice explanation..pls without all this configuration does it mean it will not move traffic from lan to wan.. because I have been following all your previous tutorial and am using it for my sophos deployment for a client..
By default traffic from any zone to any zone is drop in firewall. If you want to allow traffic from specific zone to specific zone, you must create a firewall rule as per the requirement.
What if the client does not have on premises AD I have done the configuration up to DHCP ND DNS level..I am to test live tomorrow on the client environment..
But I have not on onboard the AD on the sophos firewall.. will it push traffic once a cable is connected to the wan interface?
Your AD must be reachable from your Sophos Firewall for integration... that's it!!!
Hi Mr. Noor, I am unable ping 1from the sophos firewall dashboard using diagnostic and FQDN host , I had followed your video and having this issue( Video 4.1)
Please re-check your network configuration in vmware workstation
I can ping Port A IP Address from PC1 and PC2 just find. But I am not able to ping Google DNS. What am I missing?
check you WAN Interface Configuration and I believe you have configured your DNS settings properly. Additionally, check your VM Network Adapter settings.
Very nice videos! how can i set it up on my physical PC? i would like to make a home-lab that doesn't require a virtual management station. Your prompt response will be appreciated
From your comment I understand that you want to deploy firewall on you hardware and not as a virtual machine, is it right?
@@NoorNetworks yes thats correct, id like to deploy xg firewall on my hardware
Follow this steps as the question you are asking is different from the topic.
docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/VirtualAndSoftwareAppliancesHelp/SoftwareAppliance/SoftAppWindowsInstall/index.html
@@NoorNetworks great, thank you for your assitance
When I move from another place to another Internet network, and when I open a window that is associated with VMware, the Internet does not appear. Why?
Because IP Scheme may change to another place. You have bridge your WAN Interface and assign static IP to your Sophos Firewall which belongs to the network where you did this configuration
If you have any further questions please feel free to ask
@@NoorNetworks So I can't change the ip address in port B static in sophos depending on where in the network. Should I install a firewall again if I change location?
Yes you can change the IP Address of WAN interface as per IP Scheme and changes in the Rules and Policies as required.
No, need to install firewall again
@@NoorNetworks ok thank you so much
Ur the best 🌹🌹🌹
Glad to hear that your issue is resolved :)