The number of default apps in Portainer are limited. I’m going to show you how to add 100’s more in a few simple steps. Follow this guide to add 100+ App Templates to Docker using Portainer. HOW TO INSTALL AN APP IN PORTAINER Open up APP TEMPLATES Find the app you want to install, in. I also use the sophos UTM but only have 1 NIC on my Hosts and therefore i decided to use VLANs on each Portgrup except for the default one or rather my “WAN Portgrup” (which has VLAN0 and is in the same network as my Fritzbox). The Sophos UTM Free Home Use firewall contains its own operating system and will overwrite all data on the computer during the installation process. Therefore, a separate, dedicated computer is needed, which will change into a fully functional security appliance. Just right for the spare PC you have sitting in the corner!

Sophos Antivirus for Linux has been enhanced to improve detection of malware in Docker containers using on-access scanning and to improve the way in which detections in Docker containers are presented within the Sophos management consoles. We and third parties use cookies or similar technologies ('Cookies') as described below to collect and process personal data, such as your IP address or browser information.

Now that working with Doug & Wes I was able to get some issues worked out, I'd like to start parsing Sophos UTM logs as most of my SO sensors do receive Sophos UTM logs. I started working with Grok and using the debugger, still learning that. But also wondered if anyone else uses Sophos firewalls? It may make sense for a default conf file in the SO installations?

Some sample events below.

Sample Event:
10:07-09:32:32 firewall_hostname ulogd[25637]: severity='info' sys='SecureNet' sub='ips' name='UDP flood detected' action='UDP flood' fwrule='60013' initf='eth1' srcmac='11:11:11:11:11:11' dstmac='00:00:00:00:00:00' srcip='100.100.100.100' dstip='24.24.24.24' proto='17' length='1521' tos='0x00' prec='0x00' ttl='58' srcport='8080' dstport='8080'

Sample Event:
10:07-12:18:09 firewall_hostname httpproxy[18485]: severity='info' sys='SecureWeb' sub='http' name='http access' action='pass' method='CONNECT' srcip='X.X.X.X' dstip='X.X.X.X' user=' group=' ad_domain=' statuscode='200' cached='0' profile='REF_DefaultHTTPProfile (Default Web Filter Profile)' filteraction='REF_DefaultHTTPCFFAction (Default content filter action)' size='6903' request='0x8f74000' url='https://outlook.office365.com/' referer=' error=' authtime='0' dnstime='140397' cattime='290' avscantime='0' fullreqtime='75294216' device='0' auth='0' ua=' exceptions=' category='156' reputation='trusted' categoryname='Web Mail' country='United States'

I have used Sophos XG at home for about one week now, and I could not have been happier 🙂

For the last year I have tried most of the software firewalls out there, but let’s face it, I am a home user – I need a simple and nice GUI! It does not matter how great a functionality is, if you cannot use it. I understand basic networking, but it is not my strongest side.

After most of my tries on different firewalls, I landed on Sophos UTM 9. The Sophos UTM home-license had a 50 IP-address limit, which was too small for my network – so I ended up running Endian. Endian was great, but had a very static interface.

A garbage product to something beautiful

I tried Sophos XG early in the progress, when they announced that Sophos XG should take over for UTM. It did not take long before they retracted that comment after high amount of comments from the users.

Sophos XG was not a great product at the start. The GUI was terrible. You had to hover the menu to multiple levels, which was poorly described. It probably took you 10 minutes to find the feature you were looking for.

Sophos has done great things in the last version of XG. It is a lot simpler to navigate and you can find the things you are looking for.

Difference between Sophos UTM, XG and Endian

I mainly like Sophos because the nice interface. It shows charts and has great reports of what is going on – this is the same on both UTM and XG.

The UTM GUI is starting to get a bit out-dated, where the XG is more up to date.

Endian reminds me of any default firewall from a basic router. Maybe a bit more advanced features. Endian also has a great log view, but it mostly stops there. The interface is very static and does not show the health-status on your network. Endian uses ntop for a graphical network flow, but it is a separate page/GUI. It also don’t show any security/health related info – so I had no idea if anything on my network had a virus or doing anything something out of the ordinary.

Some short words about my setup

My firewall is running on my Vmware ESXi, which has two network cards. One for Internet/WAN and the other on the LAN-side.

Sophos Utm Docker Free

Sophos XG

The installation was simple, but a bit tricky. I did not find much information on the installation, so I had to google the username/password and try/fail on what network interface was WAN or LAN. When I finally got the web-interface up, it was mostly next-next-next.

I started with both web and application-filter, but I had to remove the application-filter, as it flagged Skype as a level 5 (highest level) security breach.

My kid is also getting more and more curious on the Internet, so I have now added a time-schedule called “KidsTime”. In this timeframe, the firewall will be a bit more protective, like blocking nudity (Right now it is just set to Warn in a testing period).

Sophos Utm Documentation

Sophos has a great database for web and applications. I do not agree with all of the classifications, but it works in most cases. Sophos is not just a firewall, it also protect my home users from doing stupid things 🙂