Firewall Config Audit

Sophos XG decrypt backup file

Uploading the file to my linux server and using the ‘file’ command it revealed the file type as an ‘openssl enc’d data with salted password’.

ooking into OpenSSL file encryption/decryption, and trialing a few commands, I found the following command to work: (You will need to know the encryption password).

openssl enc -aes-256-cbc -md md5 -d -in SophosXG_Backup_SerialNumber_Date_Time -out unencyptedfile

Checking the outputted unencrypted file with the ‘file’ command it revealed the file type as an ‘gzip compressed data’, (pretty much a zip)Uncompressing and checking this file revealed a tar archive. Inside being the contents of the Sophos XG backup.

Image for post

WinSCP to Sophos XG

This is a simple guide showing how to configure WinSCP to connect to a Sophos XG firewall so files can be transferred off the device.

Confirm SSH Access on Sophos XG

Ensure you can have enabled SSH access to the Sophos XG Firewall. If you are are accessing the device from a remote location, add an ACL exception rule.

Image for post

OXO Connect <-> Mikrotik IPSEC IKEv2

Summary

This guide will provide guidance on setting up a IPSEC IKEv2 VPN between a OXO Connect and Mikrotik devices. I have very little knowledge of the OXO Connect platform, but did assist in implementing a client solution using Mikrotik hardware. Best practices may not have been implemented due to knowledge gap, but this configuration was derived from an existing supported Fortigate documentation.

  • Client lab was setup to implement and test the solution.
  • IP addressing configuration is intentionally selected as close to vendor defaults. WAN address & IPSEC address selected randomly.
  • Firewall rules are intentionally lax for proof of concept and…


pfSense <-> Mikrotik OpenVPN Site-to-Site

Summary

This guide will provide guidance on setting up a OpenVPN Site-to-Site VPN between a pfSense and Mikrotik devices.

  • Hyper-V lab was setup to implement and test the solution.
  • IP addressing configuration is intentionally selected as close to vendor defaults.
  • Firewall rules are intentionally lax for proof of concept and should be adjusted based on real world implementation.
Image for post

Create Certificates

pfSense is selected as the OpenVPN Server in this scenario because it has the most flexible configuration of the two devices, the Mikrotik support for OpenVPN is limited so it is configured as the client device that will dial out.


Decoding NBN Option 82 with DSL line stats. (SubOptions 129/130).

A little of work done while with previous employer, decoding the Option 82 string from NBN DSL services (FTTN,FTTB). NBN PRI must be enabled for sending relay data, or modified to. Option 82 output from RouterOS DHCP logging to syslog server.

Image for post

Quick PHP command line script to decode an Option 82 output into plain text.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.