UTM

Question 1

What hostname is required to join the UTN to Active Directory?

Answer 1

A hostname with a DNS A record in the internal Active Directory DNS domain

Question 2

How can a user configure Google Authenticator to generate one-time passwords for the UTM?

Answer 2

Scan the QR code in the User Portal

Question 3

What are the requirements for Active Directory in SSO transparent mode?

Answer 3

• AD authentication service configured and working
• UTM joined to the domain
• Clients able to resolve the UTM’s internal address by hostname and FQDN
• All clients joined to Active Directory

Question 4

What are the AD SSO in transparent mode limitations?

Answer 4

uses last cached successful authentication

• https
• any url with a parameter
• AJAX requests
• Any non-browser application not using ‘Mozilla’ in the agent string

Question 5

Describe how to configure AD SSO transparent mode

Answer 5

• Enable AD SSO in web proxy profile:
• Add the UTM FQDN to the local intranet zone on the client(Windows)
• add both hostname and FQDN
• chrome uses the same settings as internet explorer
• Firefox must be configured separately
• To use Mac OS X, Kerberos authentication must be enabled on the AD Server.

See KBA 120791 for further info.

Question 6

Describe how the rules are managed in Application Control.

Answer 6

• Create rules with one or more applications or dynamic filters
• Block or allow traffic
• Rules apply to one or more network definitions
• Traffic NOT matching a rule is allowed.

Question 7

What is the difference between web filtering profile and web filtering policy?

Answer 7

A web filtering profile determines where the user id connecting from and how they will authenticate. The web filtering policy matches a user to a filter action.

Question 8

What can be used in an Application Control rule to selct what applications to block?

Answer 8

Application categories and productivity and risk ratings.

Question 9

What are the 2 independent virus scanners?

Answer 9

Sophos and IlVira for SMTP an POP3.
Blocks malware before it reaches e-mail servers or desktops
Can specify file formats ( file extensions) and content (MIME type) to block
Emails and attachments can be dropped rejected with messages to sender, passed with a warning or quarantined.

Question 10

What does the Anti- SPAM offer feature wise.

Answer 10

Reject at SMTP time, RBL’s real time blackhole lists, heuristic checksum-based spam filter, Sender blacklist, Invalid HELO / missing RDNS, Greylisting, BATV, SPF check, recipient check and expression filter.

Question 11

What 3 methods of encryption does the UTM use for e-mail?

Answer 11

open pgp, smime and sophos secure pdf exchange. SPX

Question 12

what features does the utm provide?

Answer 12

encryption, decryption and digital signatures for SMTP e-mails, completely transparent, Easy setup, Central Management of all keys and certificates
allows content scanning for encrypte emails
Simple encryption using Sophos SPX, escure pdf exchange.

Question 13

what does Routing do with regard to mail?

Answer 13

Method of routing

• define the email domains to accept mail for
• specify static host names
• specify DNS hostname and MX records

Question 14

What is required to e-mail out of the UTM?

Answer 14

Relaying is required for the UTM to process outbound e-mails. Becareful not to allow your UTM become blacklisted as an open relay. Do NOT select ANY as a relay!!!

Question 15

what 2 modes does anti-virus configuration offer?

Answer 15

dual or single engine scanning.
*optionally reject malware during transmission
*quarantine or blackhole (delete) malware
* filter content based on MIME types ,File extensions
whitelist content by MIME type.
*optional footnote

Question 16

What does CCL stand for?

Answer 16

Content Control List

Question 17

Describe SPX

Answer 17

Secure PDF Exchange (SPX)

• does not require key or certificate exchange
• 128 bit or 256 AES encryption
• simple portal for secure reply ( supports attachments)
• customisable templates
• encryption password

Question 18

What is a RED Management device?

Answer 18

Its a branch office device that connects back securely to the main office. Device need router running dhcp and gateway to the internet. The network just appears in in UTM management as any other interface.

Question 19

How does an admin setup the UTM?

Answer 19

The admin configures the red on the UTM by setting up publically resolvable ip address and hostname. ( ip and netmask of remote network) and RED ID which is a 15 character string on a sticker underneath of device. The UTM sends the config to a cloud based provisioning service on the internet. The red connects via internet connected router to the provisioning server for its config.

Question 20

What connection does RED use to connect to the Main Office UTM?

Answer 20

The RED establishes a layer 2 tunnel to the UTM using tcp/udp3400, RED udp 3410

Question 21

Name the 3 Operating modes for a RED to connect.

Answer 21

Standard/Unified, Standard/Split and Transparent/Split

Question 22

What is Standard/Unified?

Answer 22

remote network is managed by the UTM, which serves as dhcp server and default gateway. All traffic is sent through the network to the UTM from the RED.

Question 23

What is standard/split mode?

Answer 23

UTM still manages network by providing dhcp and default gw. Only defined network traffic is sent from the RED to the UTM. All other traffic is sent directly to the internet.

Question 24

Name 2 versions of RED

Answer 24

RED10 and RED 50

Question 25

Red 10 attributes?

Answer 25

heavy duty steel chassis, unrestricted number of users, no lcd, data compression, no hardware accelerated encryption, 30 Mbit/s vpn throughput, 1x10/100 Wan port, 4x 10/100 lan ports, no vlans, 1 usb port, power consumption 7W.

Question 26

Red 50 Attributes?

Answer 26

heavy duty steel chassis, unrestricted number of users, lcd, data compression, hardware accelerated encryption, 360 Mbit/s vpn throughput, 2x1 Gbit Wan port, 4x Gbit lan ports, vlans, 2 usb port, power consumption 38W.

Question 27

What site to site VPN connections does the Sophos UTM support?

Answer 27

IPsec VPN, SSL VPN, Amazon VPC (Virtual Private Cloud) Tunnels.

Question 28

what steps need to be carried on both UTM’s to setup a site to site VPN configuration.

Answer 28

1. edit / create an IPSEC policy (IKE policy and IPsec policy config , data compression)
2. create a remote gateway ( remote gateway ip address, remote networks authentication type and VPN ID)
3. configure the connection
4. Configure the firewall rules.

Question 29

What is SUM?

Answer 29

Sophos UTM Manager. SUM provides events in real time . Central point where admins can get a view of their infrastructure.

Question 30

What features does SUM provide?

Answer 30

• Real-Time Monitoring, aggregated reporting, Inventory management, device maintenance, central configuration, access management.

Question 31

What 2 ways can SUM be deployed?

Answer 31

As a software appliance or a Virtual appliance.

Question 32

What are the benefits of SUM?

Answer 32

1. Save and distribute management tasks.
2. Simple configuration for company wide security policies
3. Overview for important resources used.
4. Monitor critical system parameters in real-time
5. Easy maintenance for worldwide distributed services.

Question 33

What is RMM?

Answer 33

Remote Management and Monitoring

Question 34

What is RMM data collection sorted by?

Answer 34

• SNMP traps and queries
• Syslog
• E-mail

Question 35

What can RMM be used with?

Answer 35

Sophos iview, Kaseya, Labtech, Level Platforms, Nagios

Question 36

For which modules can reporting data be anonymized?

Answer 36

Email Protection and Web Protection

Question 37

What is SMC?

Answer 37

Sophos Mobile Control

Question 38

What can be achieved from SMC?

Answer 38

*Push Wi-Fi and configuration to Sophos Mobile Control.

Manage Wi-Fi and VPN access from mobile devices.

Question 39

What needs to be configured for SMC server connection?

Answer 39

Server URL, Customer and Administrator credentials. CA cert is also required.

Question 40

Which types of configuration can the UTM push to Sophos Mobile Control?

Answer 40

L2TP over IPsec, Cisco IPsec and Wi-Fi

Question 41

What is used to determine comliance of devices connecting to a VPN?

Answer 41

Username

Question 42

What hostname is required to join the UTM to Active Directory?

Answer 42

A hostname with a DNS A record in the internal Active Directory DNS domain