Setting up Sophos XG Firewall for working with ProxyInspector

All articles

To get log files containing traffic data from Sophos XG Firewall, you need to use an external SysLog server. You can use almost any SysLog server for Windows (Kiwi, SysLog Watcher, etc.) or for Linux. The general requirements for the SysLog server are its uninterrupted 24/7 operation and ability to access log files at the ProxyInspector end.

Configuring Sophos XG Firewall to send log messages to Syslog  server

In the Administration section, open Configure | System Services | Log Settings, click the Add button, and add the SysLog server. Change the Severity value to Information:

Enable the Firewall Rules, Web Filter, and Application Filter message types for the created SysLog server:

Then click the Apply button.

Configuring Firewall rules and HTTPS inspection in Sophos XG Firewall

Enable the Scan HTTP and Decrypt & Scan HTTPS options for all firewall rules allowing HTTP/HTTPS traffic. Enable the Log Firewall Traffic option for all rules allowing traffic that must be monitored by ProxyInspector:

When using HTTPS Inspection, you need to install a respective security certificate to the Trusted Root Certification Authorities section on the users computers. You can download the certificate via the System | Certificates | Certificate Authorities section:

Configuring ProxyInspector for Sophos XG reporting

You need to specify the log files’ path and mask in ProxyInspector, so that it can access them. Typically, it’s a network path to a folder on the Syslog server. If you are using the Enterprise Edition, you need to do it in Settings | Domains and servers; and if you are using the Standard Edition, you need to do it in Settings | Base settings:

Notes and known issues

  • You need to enable the HTTPS Inspection function so that ProxyInspector can properly generate search phrase and video viewing reports;
  • Sophos XG Firewall support HTTP referrer logging only from version 17.x, so it is recommended to use 17.x or later version for best CrystalWeb results;
  • Sophos XG Firewall doesn’t log firewall rule names but only logs firewall rule IDs.

Tags: Sophos XG, log file, SysLog, ProxyInspector