| Test Name | UI Location | Object | Expected | Actual | Result |
|---|---|---|---|---|---|
| Access ACL | System > Administration > Device Access > Local service ACL exception |
host groups | All EAA Hosts Sophos External ACL Sophos Internal ACL |
All EAA Hosts Sophos External ACL Sophos Internal ACL |
PASS |
| Access ACL | System > Administration > Device Access > Local service ACL exception |
services | HTTPS Ping SSH UserPortal VPNPortal |
HTTPS Ping SSH UserPortal VPNPortal |
PASS |
| Sophos Central Management | System > Sophos Central | central management | FWBackup: BackupEnable JoinMethod: Manual UseCentralReporting: Enable CMStatus: Enable |
FWBackup: BackupEnable JoinMethod: Manual UseCentralReporting: Enable CMStatus: Enable |
PASS |
| Device Access Profiles | System > Profiles > Device Access | profiles | Administrator Audit Admin Crypto Admin HAProfile HelpdeskAdmin HelpdeskLimited ReadOnly Security Admin |
Administrator Audit Admin Crypto Admin HAProfile -HelpdeskAdmin -HelpdeskLimited ReadOnly Security Admin |
FAIL |
| WAN Zone Admin Services | Configure > Network > Zones > WAN | admin services | No services enabled | No services enabled | PASS |
| Authentication Servers | Configure > Authentication > Servers | servers | SophosFirewallSSO | SophosFirewallSSO | PASS |
| Malware Protection | Configure > System services > Malware Protection | antivirus engine | Sophos | Sophos | PASS |
| Active Threat Response Settings | Protect > Active threat response > Sophos X-Ops threat feeds | enabled/disabled | Enable | Enable | PASS |
| Active Threat Response Settings | Protect > Active threat response > Sophos X-Ops threat feeds | action | Log and Drop | Log and Drop | PASS |
| IPS Status | (Protect > Intrusion prevention > IPS policies | enabled/disabled | Enable | Enable | PASS |
| IPS Policies | (Protect > Intrusion prevention > IPS policies | ips policies | DMZ TO LAN DMZ TO WAN General Policy LAN TO DMZ LAN TO WAN WAN TO DMZ WAN TO LAN dmzpolicy generalpolicy lantowan_general lantowan_strict |
DMZ TO LAN DMZ TO WAN -General Policy LAN TO DMZ LAN TO WAN WAN TO DMZ WAN TO LAN dmzpolicy generalpolicy lantowan_general lantowan_strict |
FAIL |
| IP Host Group | System > Hosts and services > IP host group | IP Host Group: Isolated Subnets | BOS 192.168.192.0/24 Test Network-1 BOS 192.168.193.0/24 Test Network-2 BOS 192.168.194.0/24 Test Network-3 BOS 192.168.195.0/24 Test Network-4 BOS 192.168.196.0/24 Test Network-5 |
BOS 192.168.192.0/24 Test Network-1 BOS 192.168.193.0/24 Test Network-2 BOS 192.168.194.0/24 Test Network-3 BOS 192.168.195.0/24 Test Network-4 BOS 192.168.196.0/24 Test Network-5 +BOS 192.168.200.0 /21 Test Network-6 |
FAIL |
| Syslog | Configure > System services > Log settings | Local_Server ATP |
ATPEvents: Enable | ATPEvents: Enable | PASS |
| Syslog | Configure > System services > Log settings | Local_Server AntiSpam |
IMAP: Enable IMAPS: Enable POP3: Enable POPS: Enable SMTP: Enable SMTPS: Enable |
IMAP: Enable IMAPS: Enable POP3: Enable POPS: Enable SMTP: Enable SMTPS: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Local_Server AntiVirus |
FTP: Enable HTTP: Enable HTTPS: Enable IMAP: Enable IMAPS: Enable POP3: Enable POPS: Enable SMTP: Enable SMTPS: Enable |
FTP: Enable HTTP: Enable HTTPS: Enable IMAP: Enable IMAPS: Enable POP3: Enable POPS: Enable SMTP: Enable SMTPS: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Local_Server ContentFiltering |
ApplicationFilter: Enable SSLTLS: Enable WebContentPolicy: Enable WebFilter: Enable |
ApplicationFilter: Enable SSLTLS: Enable WebContentPolicy: Enable WebFilter: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Local_Server Events |
AdminEvents: Enable AuthenticationEvents: Enable SystemEvents: Enable |
AdminEvents: Enable AuthenticationEvents: Enable SystemEvents: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Local_Server Heartbeat |
EndpointStatus: Enable | EndpointStatus: Enable | PASS |
| Syslog | Configure > System services > Log settings | Local_Server IPS |
Anomaly: Enable Signatures: Enable |
Anomaly: Enable Signatures: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Local_Server SDWAN |
Profile: Enable Route: Enable |
Profile: Enable Route: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Local_Server SecurityPolicy |
BridgeACLs: Disable DoSAttack: Disable DroppedFragmentedTraffic: Disable DroppedICMPRedirectedPacket: Disable DroppedSourceRoutedPacket: Disable Heartbeat: Enable ICMPErrorMessage: Disable IP-MACPairFiltering: Disable IPSpoofPrevention: Disable InvalidTraffic: Disable LocalACLs: Disable MACFiltering: Disable PolicyRules: Enable ProtectedApplicationServer: Disable SSLVPNTunnel: Disable |
BridgeACLs: Disable DoSAttack: Disable DroppedFragmentedTraffic: Disable DroppedICMPRedirectedPacket: Disable DroppedSourceRoutedPacket: Disable Heartbeat: Enable ICMPErrorMessage: Disable IP-MACPairFiltering: Disable IPSpoofPrevention: Disable InvalidTraffic: Enable LocalACLs: Disable MACFiltering: Disable PolicyRules: Enable ProtectedApplicationServer: Disable SSLVPNTunnel: Disable |
FAIL |
| Syslog | Configure > System services > Log settings | Local_Server WebServerProtection |
WAFEvents: Enable | WAFEvents: Enable | PASS |
| Syslog | Configure > System services > Log settings | Local_Server ZeroDayProtection |
ZeroDayProtectionEvents: Enable | ZeroDayProtectionEvents: Enable | PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting ATP |
ATPEvents: Enable | ATPEvents: Enable | PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting AntiSpam |
IMAP: Enable IMAPS: Enable POP3: Enable POPS: Enable SMTP: Enable SMTPS: Enable |
IMAP: Enable IMAPS: Enable POP3: Enable POPS: Enable SMTP: Enable SMTPS: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting AntiVirus |
FTP: Enable HTTP: Enable HTTPS: Enable IMAP: Enable IMAPS: Enable POP3: Enable POPS: Enable SMTP: Enable SMTPS: Enable |
FTP: Enable HTTP: Enable HTTPS: Enable IMAP: Enable IMAPS: Enable POP3: Enable POPS: Enable SMTP: Enable SMTPS: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting ContentFiltering |
ApplicationFilter: Enable SSLTLS: Enable WebContentPolicy: Enable WebFilter: Enable |
ApplicationFilter: Enable SSLTLS: Enable WebContentPolicy: Enable WebFilter: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting Events |
AdminEvents: Enable AuthenticationEvents: Enable SystemEvents: Enable |
AdminEvents: Enable AuthenticationEvents: Enable SystemEvents: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting Heartbeat |
EndpointStatus: Enable | EndpointStatus: Enable | PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting IPS |
Anomaly: Enable Signatures: Enable |
Anomaly: Enable Signatures: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting SDWAN |
Profile: Enable Route: Enable SLA: Enable |
Profile: Enable Route: Enable SLA: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting SecurityPolicy |
BridgeACLs: Enable DoSAttack: Enable DroppedFragmentedTraffic: Enable DroppedICMPRedirectedPacket: Enable DroppedSourceRoutedPacket: Enable Heartbeat: Enable ICMPErrorMessage: Enable IP-MACPairFiltering: Enable IPSpoofPrevention: Enable InvalidTraffic: Disable LocalACLs: Enable MACFiltering: Enable PolicyRules: Enable ProtectedApplicationServer: Enable SSLVPNTunnel: Enable |
BridgeACLs: Enable DoSAttack: Enable DroppedFragmentedTraffic: Enable DroppedICMPRedirectedPacket: Enable DroppedSourceRoutedPacket: Enable Heartbeat: Enable ICMPErrorMessage: Enable IP-MACPairFiltering: Enable IPSpoofPrevention: Enable InvalidTraffic: Disable LocalACLs: Enable MACFiltering: Enable PolicyRules: Enable ProtectedApplicationServer: Enable SSLVPNTunnel: Enable |
PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting SystemHealth |
Usage: Enable | Usage: Enable | PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting WebServerProtection |
WAFEvents: Enable | WAFEvents: Enable | PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting Wireless |
AccessPoints_SSID: Enable | AccessPoints_SSID: Enable | PASS |
| Syslog | Configure > System services > Log settings | Central_Reporting ZeroDayProtection |
ZeroDayProtectionEvents: Enable | ZeroDayProtectionEvents: Enable | PASS |
| Notification Settings | System > Administration > Notification settings | notification settings | SenderAddress: firewall@example.com AuthenticationRequired: Enable Port: 587 ConnectionSecurity: STARTTLS MailServer: smtp.example.com Recepient: support@example.com Username: smtp-user ManagementInterface: None |
SenderAddress: firewall@example.com AuthenticationRequired: Enable Port: 587 ConnectionSecurity: STARTTLS MailServer: smtp.example.com Recepient: support@example.com Username: smtp-user ManagementInterface: None |
PASS |
| Notification List Settings | Configure > System services > Notification List settings | notification list | SendEmail: Enable SendSnmp: Enable SignInEmail: Disable SignInSnmp: Disable TooManyLoginEmail: Disable TooManyLoginSnmp: Disable InterfaceEmail: Enable InterfaceSnmp: Enable ApplianceUnpluggedEmail: Enable ApplianceUnpluggedSnmp: Enable CriticalEmail: Disable CriticalSnmp: Disable MajorEmail: Disable MajorSnmp: Disable ModerateEmail: Disable ModerateSnmp: Disable MinorEmail: Disable MinorSnmp: Disable WarningEmail: Disable WarningSnmp: Disable AlertATPEmail: Disable AlertATPSnmp: Disable DropATPEmail: Disable DropATPSnmp: Disable ConfDiskExdEmail: Enable ConfDiskExdSnmp: Disable SigDiskExdEmail: Enable SigDiskExdSnmp: Disable ReportDiskExdEmail: Enable ReportDiskExdSnmp: Disable FirmwareReadyEmail: Enable FirmwareReadySnmp: Disable FirmwareInstalledEmail: Enable FirmwareInstalledSnmp: Disable FirmwareInstalledFailedEmail: Enable FirmwareInstalledFailedSnmp: Enable WebCatFailEmail: Disable WebCatFailSnmp: Disable IPSSigFailEmail: Enable IPSSigFailSnmp: Disable AVFailEmail: Enable AVFailSnmp: Disable SystemStartEmail: Disable SystemStartSnmp: Disable RedDownEmail: Enable RedDownSnmp: Disable RedUpgradeFailEmail: Disable RedUpgradeFailSnmp: Disable APOfflineEmail: Disable APOfflineSnmp: Disable APUpgradeFailEmail: Disable APUpgradeFailSnmp: Disable IPsecUPEmail: Disable IPsecUPSnmp: Disable IPsecDownEmail: Disable IPsecDownSnmp: Disable HighCpuEmail: Disable HighCpuSnmp: Enable GwUnrcblEmail: Disable GwUnrcblSnmp: Disable HttpVirusAlertEmail: Disable HttpVirusAlertSnmp: Disable FtpVirusAlertEmail: Disable FtpVirusAlertSnmp: Disable SmtpVirusAlertEmail: Disable SmtpVirusAlertSnmp: Disable Pop3VirusAlertEmail: Disable Pop3VirusAlertSnmp: Disable Imap4VirusAlertEmail: Disable Imap4VirusAlertSnmp: Disable IPSecFailoverFailbackEmail: Disable IPSecFailoverFailbackSnmp: Disable SSLVPNUPEmail: Disable SSLVPNUPSnmp: Disable SSLVPNDownEmail: Disable SSLVPNDownSnmp: Disable RedDeauthorizeEmail: Enable RedDeauthorizeSnmp: Disable RedUnlockCodeEmail: Enable RedUnlockCodeSnmp: Disable |
SendEmail: Enable SendSnmp: Enable SignInEmail: Disable SignInSnmp: Disable TooManyLoginEmail: Disable TooManyLoginSnmp: Disable InterfaceEmail: Enable InterfaceSnmp: Enable ApplianceUnpluggedEmail: Enable ApplianceUnpluggedSnmp: Enable CriticalEmail: Disable CriticalSnmp: Disable MajorEmail: Disable MajorSnmp: Disable ModerateEmail: Disable ModerateSnmp: Disable MinorEmail: Disable MinorSnmp: Disable WarningEmail: Disable WarningSnmp: Disable AlertATPEmail: Disable AlertATPSnmp: Disable DropATPEmail: Disable DropATPSnmp: Disable ConfDiskExdEmail: Enable ConfDiskExdSnmp: Disable SigDiskExdEmail: Enable SigDiskExdSnmp: Disable ReportDiskExdEmail: Enable ReportDiskExdSnmp: Disable FirmwareReadyEmail: Enable FirmwareReadySnmp: Disable FirmwareInstalledEmail: Enable FirmwareInstalledSnmp: Disable FirmwareInstalledFailedEmail: Enable FirmwareInstalledFailedSnmp: Enable WebCatFailEmail: Disable WebCatFailSnmp: Disable IPSSigFailEmail: Enable IPSSigFailSnmp: Disable AVFailEmail: Enable AVFailSnmp: Disable SystemStartEmail: Disable SystemStartSnmp: Disable RedDownEmail: Enable RedDownSnmp: Disable RedUpgradeFailEmail: Disable RedUpgradeFailSnmp: Disable APOfflineEmail: Disable APOfflineSnmp: Disable APUpgradeFailEmail: Disable APUpgradeFailSnmp: Disable IPsecUPEmail: Disable IPsecUPSnmp: Disable IPsecDownEmail: Disable IPsecDownSnmp: Disable HighCpuEmail: Disable HighCpuSnmp: Enable GwUnrcblEmail: Disable GwUnrcblSnmp: Disable HttpVirusAlertEmail: Disable HttpVirusAlertSnmp: Disable FtpVirusAlertEmail: Disable FtpVirusAlertSnmp: Disable SmtpVirusAlertEmail: Disable SmtpVirusAlertSnmp: Disable Pop3VirusAlertEmail: Disable Pop3VirusAlertSnmp: Disable Imap4VirusAlertEmail: Disable Imap4VirusAlertSnmp: Disable IPSecFailoverFailbackEmail: Disable IPSecFailoverFailbackSnmp: Disable SSLVPNUPEmail: Disable SSLVPNUPSnmp: Disable SSLVPNDownEmail: Disable SSLVPNDownSnmp: Disable RedDeauthorizeEmail: Enable RedDeauthorizeSnmp: Disable RedUnlockCodeEmail: Enable RedUnlockCodeSnmp: Disable |
PASS |
| Scheduled Backup | System > Backup & firmware > Backup & restore | backup | BackupMode: Mail FtpPath: None Username: None FTPServer: None EmailAddress: networkalerts@sophos.com BackupFrequency: Weekly Date: None Day: Sunday Hour: 23 Minute: 00 |
BackupMode: FTP FtpPath: test/backup Username: test123 FTPServer: 1.1.1.1 EmailAddress: None BackupFrequency: Daily Date: None Day: None Hour: 10 Minute: 00 |
FAIL |
| Certificate | System > Administration > Admin and user settings | Admin console and end-user interaction | Certificate: Webadmin-CA HTTPSport: 4444 UserPortalHTTPSPort: 4443 VPNPortalHTTPSPort: 443 PortalRedirectMode: ip PortalCustomHostname: None |
Certificate: Webadmin-CA HTTPSport: 4444 UserPortalHTTPSPort: 4443 VPNPortalHTTPSPort: 443 PortalRedirectMode: ip PortalCustomHostname: None |
PASS |
| Admin and user settings | System > Administration > Admin and user settings | LoginSecurity | LogoutSession: Disable | LogoutSession: Disable | PASS |
| Admin and user settings | System > Administration > Admin and user settings | LoginSecurity | BlockLogin: Enable | BlockLogin: Enable | PASS |
| Admin and user settings | System > Administration > Admin and user settings | LoginSecurity BlockLoginSettings |
UnsucccessfulAttempt: 3 | UnsucccessfulAttempt: 3 | PASS |
| Admin and user settings | System > Administration > Admin and user settings | LoginSecurity BlockLoginSettings |
Duration: 30 | Duration: 30 | PASS |
| Admin and user settings | System > Administration > Admin and user settings | LoginSecurity BlockLoginSettings |
ForMinutes: 3 | ForMinutes: 3 | PASS |
| Admin and user settings | System > Administration > Admin and user settings | PasswordComplexitySettings | PasswordComplexityCheck: Disable | PasswordComplexityCheck: Disable | PASS |
| Admin and user settings | System > Administration > Admin and user settings | PasswordComplexitySettings PasswordComplexity |
MinimumPasswordLength: Disable | MinimumPasswordLength: Disable | PASS |
| Admin and user settings | System > Administration > Admin and user settings | PasswordComplexitySettings PasswordComplexity |
IncludeSpecialCharacter: Disable | IncludeSpecialCharacter: Disable | PASS |
| Admin and user settings | System > Administration > Admin and user settings | Login disclaimer settings | LoginDisclaimer: Disable | LoginDisclaimer: Disable | PASS |
| Admin and user settings | System > Administration > Admin and user settings | Login disclaimer settings | DefaultConfigurationLanguage: English | DefaultConfigurationLanguage: English | PASS |
| DNS Servers | Configure > Network > DNS | Static DNS | 192.168.64.2 192.168.65.2 192.168.1.1 |
-192.168.64.2 -192.168.65.2 +192.168.65.10 +192.168.65.126 168.95.1.1 |
FAIL |
| SMTP Protection | Protect > Email > General Settings | MTA deployment mode | ON | ON | PASS |
| SNMPv3 | System > Administration > SNMP | Username | snmpv3_user | snmpv3_user | PASS |
| SNMPv3 | System > Administration > SNMP | AcceptQueries | Enable | Enable | PASS |
| SNMPv3 | System > Administration > SNMP | SendTraps | Enable | Enable | PASS |
| SNMPv3 | System > Administration > SNMP | AuthorizedHosts | 192.168.69.44 192.168.69.104 192.168.67.12 192.168.79.40 192.168.67.40 192.168.69.5 |
-192.168.67.12 -192.168.79.40 -192.168.67.40 -192.168.69.5 +192.168.67.14 +192.168.79.31 192.168.69.104 192.168.69.44 |
FAIL |
| Timezone | System > Administration > Time | timezone | Europe/Dublin | Europe/Dublin | PASS |