Sophos XG decrypt backup file
Uploading the file to my linux server and using the ‘file’ command it revealed the file type as an ‘openssl enc’d data with salted password’.
ooking into OpenSSL file encryption/decryption, and trialing a few commands, I found the following command to work: (You will need to know the encryption password).
openssl enc -aes-256-cbc -md md5 -d -in SophosXG_Backup_SerialNumber_Date_Time -out unencyptedfile
Checking the outputted unencrypted file with the ‘file’ command it revealed the file type as an ‘gzip compressed data’, (pretty much a zip). Uncompressing and checking this file revealed a tar archive. Inside being the contents of the Sophos XG backup.
This is a simple guide showing how to configure WinSCP to connect to a Sophos XG firewall so files can be transferred off the device.
Confirm SSH Access on Sophos XG
Ensure you can have enabled SSH access to the Sophos XG Firewall. If you are are accessing the device from a remote location, add an ACL exception rule.
This guide will provide guidance on setting up a IPSEC IKEv2 VPN between a OXO Connect and Mikrotik devices. I have very little knowledge of the OXO Connect platform, but did assist in implementing a client solution using Mikrotik hardware. Best practices may not have been implemented due to knowledge gap, but this configuration was derived from an existing supported Fortigate documentation.
- Client lab was setup to implement and test the solution.
- IP addressing configuration is intentionally selected as close to vendor defaults. WAN address & IPSEC address selected randomly.
- Firewall rules are intentionally lax for proof of concept and…
This guide will provide guidance on setting up a OpenVPN Site-to-Site VPN between a pfSense and Mikrotik devices.
- Hyper-V lab was setup to implement and test the solution.
- IP addressing configuration is intentionally selected as close to vendor defaults.
- Firewall rules are intentionally lax for proof of concept and should be adjusted based on real world implementation.
pfSense is selected as the OpenVPN Server in this scenario because it has the most flexible configuration of the two devices, the Mikrotik support for OpenVPN is limited so it is configured as the client device that will dial out.
A little of work done while with previous employer, decoding the Option 82 string from NBN DSL services (FTTN,FTTB). NBN PRI must be enabled for sending relay data, or modified to. Option 82 output from RouterOS DHCP logging to syslog server.
Quick PHP command line script to decode an Option 82 output into plain text.