Requirements

1. Only Sophos XG Firewall is supported in this document.

2. Must activate the Access SN for Third party Correlated Application.

   

3. The zip file application must be imported into the CC to support.

Configuration on Sophos XG Firewall

It is required to enable the API configuration on the Sophos XG firewall, as shown below.

Add the CC IP address into the API’s Allowed IP address. Below is an example of the CC’s IP.

Configuration on Cyber Command

Navigate to System > Devices > Response Apps > Sophos Firewall to configure the Sophos firewall.

Below is an example. The Device IP is the Sophos firewall IP address; the Device port is Sophos’s web console listening port (by default 4444), and the username and password of the Sophos firewall.

Function Supported in Sophos Response Apps

The supported response apps are as below:

1. Add IP Host Group. Insert the format requirement, as shown below (support IPv4 and IPv6):

   

2. Add MAC Group.

   
   

3. Add FQDN Group.

   

4. Delete Address Groups. Type (support IPHost, MACHost, and FQDNHost) and Name also need to insert correctly.

   

5. Create or update User rule (Firewall Rule).

   

6. Create or update Network rule (Firewall Rule). The rule name is identical.

   

7. Delete Rule (Firewall Rule).