Sophos UTM 9.6 Sophos UTM Manager
August 28, 2019
Marcel Zimmer
Sophos
Sophos
Sophos UTM Manager (SUM) is Sophos's central management product. You can connect multiple UTM appliances to a SUM, through which central monitoring, configuration and maintenance is possible. SUM 4.2 only supports the configuration of UTM 9.2. Other versions of UTM are also represented in SUM and can be monitored. For example, if a UTM 9.2 connects to a SUM 4.1, "legacy mode" becomes active. Backups, MSP licensing and Up2Date installations are still possible.
This tab allows you to configure the connection of your UTM to one or two SUMs.
To allow Sophos UTM to be monitored by a SUM server, do the following:
Enable SUM functionality on the Sophos UTM Manager tab.
Click the slider.
The slider turns yellow and the SUM settings area can be edited.
Specify the SUM host.
Select or add a SUM server for the UTM to connect to.Adding a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
Authentication (optional): If the SUM server requires authentication, select this option and specify the password (agreed key) configured on the SUM server.
Use SUM server as Up2Date cache (optional): Up2Date packets can be fetched from a cache located on the SUM server. If you want to use this functionality for your gateway, select the option Use SUM server as Up2Date cache. Please make sure that on the SUM server managing your device, the Up2Date cache functionality is also active. Note that the use of the Up2Date cache functionality and a parent proxy for Up2Date packets are mutually exclusive.
Set the permissions of the SUM administrator.
The administrator responsible for the UTM can only manage the areas of the UTM in the SUM for which explicit permission is granted here. The permissions listed here correspond to the main menu and the administration options of the SUM Gateway Manager.
Administration: If selected, the administrator can use the functions in the Maintenance and Administration menus. This allows the inventory to be viewed, for example. It can also create and restore backups and perform scheduled operations such as firmware upgrades.
Reports: When selected, the administrator can use the functions in the Reports menu. For example, he can request UTM reports.
Monitoring: If selected, the UTM is displayed on the Monitoring pages and the administrator can use the corresponding functions.
Configuration: If selected, the administrator can use the functions in the Configuration menu. For example, he can assign objects (networks, hosts, VPNs) to the UTM.
Click Apply.
Your settings are saved.
The slider turns green.
The UTM now tries to connect to the Sophos UTM Manager. As soon as a connection exists between the two systems, the connection status turns green. The UTM can then be monitored and managed by the SUM server selected here. You can track the current connection status and state in the SUM State area. Reloading the page updates this data. Use the Open Live Log button and read the displayed messages carefully to be able to detect connection problems if necessary.
Settings for a second SUM
In this section you can optionally add another SUM. This is useful if, for example, you do the configuration yourself (first SUM server) but still want to have your machines monitored by a third party, e.g. your MSSP (second SUM server). The settings are almost identical to those of the first SUM server, only the Configuration option is missing, as this is only available to the first SUM server. The UTM will not appear in the MSP section of the second SUM, which means MSP licensing is only possible from the first SUM.
Note - Note that the gateway and SUM server communicate with each other via port 4433, whereas access to the Sophos UTM Manager with a browser is via the HTTPS protocol on port 4444 for the WebAdmin and on port 4422 for the gateway manager interface.
SUM state
You can see the current connection status and state in the SUM state section. Reloading the page will refresh this data.
SUM objects
This section is disabled (greyed out) unless there are objects created from a SUM and that SUM is now separate from the Sophos UTM. SUM-created objects can be network definitions, remote host definitions, IPsec VPN tunnels and the like.
The Clean Up Objects button can be clicked to release all objects created from the SUM that was formerly used to manage the system. These objects are normally locked and can only be viewed on the local device. After pressing the button, the objects become fully accessible and can be reused or deleted by the local administrator. If there are unused objects, they are deleted directly and cannot be reused.
Note - If former SUM-created objects have been cleaned up, they cannot be converted back when the device is reconnected to the same SUM. This means that if a remote SUM still holds object definitions for a device that later reconnects to it, these objects will be transferred to the device again - even though local copies will already exist.
Live log
You can use the live log to monitor the connection between the Sophos UTM and the SUM. Click the Open live log button to open the live log in a new window.
This tab allows you to configure the connection of your UTM to one or two SUMs.
To allow Sophos UTM to be monitored by a SUM server, do the following:
Enable SUM functionality on the Sophos UTM Manager tab.
Click the slider.
The slider turns yellow and the SUM settings area can be edited.
Specify the SUM host.
Select or add a SUM server for the UTM to connect to.Adding a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
Authentication (optional): If the SUM server requires authentication, select this option and specify the password (agreed key) configured on the SUM server.
Use SUM server as Up2Date cache (optional): Up2Date packets can be fetched from a cache located on the SUM server. If you want to use this functionality for your gateway, select the option Use SUM server as Up2Date cache. Please make sure that on the SUM server managing your device, the Up2Date cache functionality is also active. Note that the use of the Up2Date cache functionality and a parent proxy for Up2Date packets are mutually exclusive.
Set the permissions of the SUM administrator.
The administrator responsible for the UTM can only manage the areas of the UTM in the SUM for which explicit permission is granted here. The permissions listed here correspond to the main menu and the administration options of the SUM Gateway Manager.
Administration: If selected, the administrator can use the functions in the Maintenance and Administration menus. This allows the inventory to be viewed, for example. It can also create and restore backups and perform scheduled operations such as firmware upgrades.
Reports: When selected, the administrator can use the functions in the Reports menu. For example, he can request UTM reports.
Monitoring: If selected, the UTM is displayed on the Monitoring pages and the administrator can use the corresponding functions.
Configuration: If selected, the administrator can use the functions in the Configuration menu. For example, he can assign objects (networks, hosts, VPNs) to the UTM.
Click Apply.
Your settings are saved.
The slider turns green.
The UTM now tries to connect to the Sophos UTM Manager. As soon as a connection exists between the two systems, the connection status turns green. The UTM can then be monitored and managed by the SUM server selected here. You can track the current connection status and state in the SUM State area. Reloading the page updates this data. Use the Open Live Log button and read the displayed messages carefully to be able to detect connection problems if necessary.
Settings for a second SUM
In this section you can optionally add another SUM. This is useful if, for example, you do the configuration yourself (first SUM server) but still want to have your machines monitored by a third party, e.g. your MSSP (second SUM server). The settings are almost identical to those of the first SUM server, only the Configuration option is missing, as this is only available to the first SUM server. The UTM will not appear in the MSP section of the second SUM, which means MSP licensing is only possible from the first SUM.
Note - Note that the gateway and SUM server communicate with each other via port 4433, whereas access to the Sophos UTM Manager with a browser is via the HTTPS protocol on port 4444 for the WebAdmin and on port 4422 for the gateway manager interface.
SUM state
You can see the current connection status and state in the SUM state section. Reloading the page will refresh this data.
SUM objects
This section is disabled (greyed out) unless there are objects created from a SUM and that SUM is now separate from the Sophos UTM. SUM-created objects can be network definitions, remote host definitions, IPsec VPN tunnels and the like.
The Clean Up Objects button can be clicked to release all objects created from the SUM that was formerly used to manage the system. These objects are normally locked and can only be viewed on the local device. After pressing the button, the objects become fully accessible and can be reused or deleted by the local administrator. If there are unused objects, they are deleted directly and cannot be reused.
Note - If former SUM-created objects have been cleaned up, they cannot be converted back when the device is reconnected to the same SUM. This means that if a remote SUM still holds object definitions for a device that later reconnects to it, these objects will be transferred to the device again - even though local copies will already exist.
Live log
You can use the live log to monitor the connection between the Sophos UTM and the SUM. Click the Open live log button to open the live log in a new window.
Author:
Marcel Zimmer
Marcel Zimmer is the Technical Managing Director of EnBITCon. During his time in the German Armed Forces, the trained IT developer was able to gain numerous project experiences. His interest in IT security was significantly awakened by his service in command support. Even after his service, he is an active reservist in the Bundeswehr.
His first firewall was a Sophos UTM 120, which he had to set up for a customer project. Since then, his interest in IT security has grown steadily. In the course of time, various security and infrastructure topics have come into his focus. His most interesting projects included, for example, WLAN coverage in an explosion-proof area, as well as a multi-site WLAN solution for a large