Sophos Firewall गाइड

Is guide ka upyog karke Sophos Firewall me Active Threat Response aur Third-party threat feeds ke through Cybora feed add karein.

Requirements

• Sophos Firewall 21.0 ya usse naya.
• Xstream Protection bundle, jise Sophos Third-party threat feeds ke liye required license batata hai.
• Domain aur URL feeds ke liye zaruri firewall settings configured honi chahiye, jaise sahi firewall rule, Application Classification ya IPS Policy, aur zarurat pade to HTTPS Decryption / SSL/TLS Inspection.
• Validation aur troubleshooting ke liye Active Threat Response Logging enable karna bhi recommended hai.

Steps

1. Protect > Active threat response > Third-party threat feeds par jayen.
2. Ek naya Third-party threat feed add karein.
3. Naam dalein aur apna Cybora feed URL add karein.
4. Sahi indicator type chunen, jaise IPv4 address, Domain ya URL.
5. Matching traffic ke liye action chunen. Agar aap pehle validate karna chahte hain to monitoring se start kar sakte hain. Lekin hum blocking ko recommend karte hain taaki malicious IPs, domains ya URLs actively block ho jayein.
6. Polling interval ko apne Cybora plan ke bilkul hisab se set karein. Feed ko plan se zyada frequently query na karein. Allowed interval ke andar sirf ek request permitted hai. Excessive polling ki wajah se feed block ho sakta hai.
7. Feed save karein aur use relevant policy ya rule set me assign karein.

Version note

Sophos Firewall 21.x me Active Threat Response kuch inbound traffic types, jaise DNAT aur WAF traffic, ke liye source IP match nahi karta.

Sophos Firewall 22.0 se Sophos DNAT aur WAF jaise inbound forwarded traffic ke liye source IP matching document karta hai. Isse in scenarios me feed coverage better hoti hai.

Further reading

• Third-party threat feeds
• Licenses for threat feed modules
• Firewall configurations for threat feeds
• Active threat response in Sophos Firewall 22.0

Validation

Confirm karein ki feed successfully sync ho raha hai aur matches Active Threat Response logs me dikh rahe hain. Agar aap Domain ya URL feeds ko HTTPS ke saath use kar rahe hain, to decryption aur required rule settings bhi verify karein taaki firewall traffic ko expected tarike se identify kar sake.