Letsencrypt Sophos Xg



  • Also see: Linux Security Made Simple By now, most of you have heard about the “Let’s Encrypt” initiative. Provided by the Internet Security Research Group, the service uses open certificate authority.
  • Generate a CSR code on Sophos XG Firewall CSR stands for Certificate Signing Request, a block of encrypted text containing your contact details such as domain and company identity. When applying for an SSL certificate, you must submit the CSR to your CA for validation.

Sophos XG Setup. I am using Sophos XG v18 with a Home license, backed by AD running on a Dell Optiplex for this guide (dont worry it as a cool Intel Nic in it). To setup the IPsec server in Sophos XG first we need to make 2 certificates. Login to the admin portal, then on the bottom left select “Certificates”. I have recently migrated from Sophos XG to OPNSense for my home firewall - getting used to the interface and setup slowly! I am intending to replace the secondary Ubuntu server I had in place to run dnsmasq and letsencrypt deployment duties with the OPNsense unit. Apr 09, 2021 Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). 548 Market St, PMB 57274, San Francisco, CA, USA.

The Sophos XG310 appliance is designed to

provide the optimal balance between

performance and protection – for diverse

IT environments. These entry-level desktop

Cached

Why 3 Million Let’s Encrypt Certificates Are Being Killed Off ...

firewalls are the ideal choice for budget-

conscious small businesses, retail and small

or home offices. They are available with and without integrated wireless LAN, so you can have an all-in-one network security and hotspot solution without the need for additional hardware. The Intel dual-core technology makes them highly efficient and as they're fanless, they won't add unwanted noise to your office space.

We’ve engineered the XG Firewall to deliver outstanding performance. With 25 Gbps firewall throughput, 5.5 Gbps IPS throughput and 2.5 Gbps VPN throughput, the XG310 effortlessly handles multiple tasks simultaneously. And with an interface designed to eliminate unnecessary complexity, Sophos XG enables you to use the powerful features without needing to become an IT security expert.

The Sophos XG firewall is the ultimate security package. Our appliances are built using Intel multi-core technology, solid-state drives, and accelerated in-memory content scanning. In addition, Sophos FastPath packet optimization technology ensures you'll always get maximum throughput. You get all the next-gen features you need plus features you can’t get anywhere else - including our revolutionary Security Heartbeat™, full web application firewall, and complete email anti-spam, encryption and DLP. No extra hardware. No extra cost. Simply choose what you want to deploy.

Sophos XG Firewall takes an innovative approach across all areas of network security. From the way firewalls are managed, to the way they report information and how they work with other security systems around them, giving you an unprecedented level of simplicity, insight, and advanced threat protection. Sophos XG Firewall is also available as a software installer for Intel x86 and Virtual environments including VMware, Hyper-V, KVM, and Citrix.

sophosXgUpdateCert.sh
#!/bin/bash
# @Author Cyril Aknine <darylounet@gmail.com>
# Sophos XG Let's Encrypt certificate update script
# It uses huge workaround due to Sophos XG limitations :
# - can't update a certificate when it's used by WAF
# - can't update FirewallRule trough API to use another certificate
# - can't SCP a file trough SSH
# So ok it's ugly, but it's not the only one...
SOPHOS_IP='192.168.0.254'
SOPHOS_CERT_NAME='MyCertificate'
DOMAIN_NAME='example.com'
CERT_PEM=$(</etc/letsencrypt/live/$DOMAIN_NAME/fullchain.pem)
CERT_KEY=$(</etc/letsencrypt/live/$DOMAIN_NAME/privkey.pem)
(
sleep 2
echo'5'
sleep 2
echo'3'
echo'printf '%s''$CERT_PEM' > '/conf/certificate/$SOPHOS_CERT_NAME.pem''
echo'printf '%s''$CERT_KEY' > '/conf/certificate/private/$SOPHOS_CERT_NAME.key''
echo'service WAF:restart -ds nosync'
echo'service apache:restart -ds nosync'
echo'exit'
sleep 2
echo'0'
sleep 2
echo'0'
) | ssh -tt admin@$SOPHOS_IP

Letsencrypt Sophos Xg Firewall

Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment