Sophos UTM 9

How to generate a Certificate Signing Request (CSR) on Sophos UTM 9

Please exclude all Brackets from the following commands.

  1. Log into the back end of the UTM.
  2. Log in as root su.
  3. Then switch to the home directory (cd/home/login)
  4. Now create a openvpn.cnf file with the following commands (cat/et/ssl/openssl.cnf | grep -v SUBJECT_ALT_NAME > ./openssl.config)
  5. Then we have to generate the CSR.
  6. openssl req -config  ./openssl.config -new -newkey rsa:2048 -out
  7. You should now get prompted for a passphrase and a Confirmation Passphrase (Enter the passphrase of your choice and press enter)
  8. You should now be prompted for details for the CSR ( Enter the details and hit enter again.
  9. The completed CSR will be saved to /home/login and can be downloaded with WinSCP.

Sophos XG and Sophos Firewall Manager

Here is a quick breakdown on how to get the firewall and the central management to communicate.

On the XG Firewall do the following:

  1. Navigate to the System (the little gear icon).
  2. Select Administration and then Central Management.
  3. Select to Enable Central Management
  4. For the IP Address / Domain enter the central management device IP.
  5. For Communication Details > set the Heartbeat Protocol > Https and Heartbeat Port to 443.
  6. Choose which synchronisation suits you best, to either pull device configuration or use the Firewall Manager to push the configuration.

Then Sophos firewall manager configuration is as follows:

  1. From Home navigate to Device Configuration and select Add Device
  2. Enter all Device Information and click Next
  3. Define Communication Mode and click Next
  4. Choose whether to update device firmware
  5. Configure Backups
  6. Select a template to Auto Configure Device and click Next
  7. The XG Firewall will now be communicating with the Sophos firewall manager.