Sophos iView is a dedicated reporting appliance that extends and enhances the UTM. There are yet no reviews for this product. Next product Back to: Sophos iView. Network and endpoint protection, centrally managed and communicating together. For stronger, simpler security. Sophos iView takes full advantage of our patented Layer-8 user identity to provide visibility into user activities. Get insights into users accessing P2P and other high risk applications, unproductive web surfing, user machines triggering ATP events, downloads and bandwidth consumption across your entire network, regardless of where users are. Sophos iView Help. Sophos iView Administrator Guide. How to Use the Log Digester. Configure Data Anonymization. Sophos documentation in PDF format requires the free.
Overview:
- This guide is intended to help you install and get up,running with Sophos iView v2 and connect a Sophos Firewall to the Sophos iView for detailed reporting and diagnostic information.
- Sophos iView Try XG Firewall Instead To provide you with the best possible protection and the latest technology, XG Firewall is available for trial. Sophos iView has entered the End of Sale/End of Life phase of the product lifecycle.
- Applies to the following Sophos products and versions Sophos Firewall, Sophos iView, Sophos UTM How to troubleshoot Firewall usage reports Possible reasons: Log traffic is not activated on the firewall rule. Firewall log is disabled in remote syslog log selection. Sophos UTM Activate firewall rule log in Sophos UTM: Log on to UTM.
Reports for Device Type:
- iView v2 provides reports for following device types:
- Sophos Firewall OS
- Sophos UTM 9
- CyberoamOS
Licensing:
- Sophos iView licenses are available in multiple tiers based on storage requirements and support terms offering great value for any size organization.
- A limited capacity (100GB) version is available at no charge for evaluation, or for small customers who don’t need to store data for extended periods. Paid licenses are available for 500 GB, 1TB, 4 TB, 8TB, and unlimited storage requirements.
- After Device Registration and License Activation, the Storage Subscriptions in iView are perpetual while the Support Subscriptions need to be renewed periodically.
Sophos iView License | Storage Limit | Recommended CPU ** | Recommended Memory (vRAM) | Network Interface support (Minimum / Maximum) | Approximate event capacity |
---|---|---|---|---|---|
iView Light* | 100 GB | Dual core | 4 GB | 1 / 4 | Short-term evaluation only |
iView 500 GB | 500 GB | Dual core | 4 GB | 1 / 4 | Up to 300 events per second |
iView 1 TB | 1 TB | Dual core | 4 GB | 1 / 4 | Up to 300 events per second |
iView 4 TB | 4 TB | Quad core | 4 GB | 1 / 4 | Up to 600 events per second |
iView 8 TB | 8 TB | Quad core | 4 GB | 1 / 4 | Up to 600 events per second |
iView Unlimited | Unlimited (16 TB recommended) | Quad core# | 8 GB | 1 / 4 | Up to 2000 events per second |
Event capacity varies with CPU family and hardware specs
* Free for evaluation purpose
** CPU frequency 2.7 GHz or equivalent
# CPU frequency 3.1 GHz or equivalent
Install iView
Download
- iView v2 is available as Virtual Appliance or as Software Appliance (on custom hardware).
- 1.Click the link – https://sophos.com/en-us/products/next-gen-firewall/free-trial/iview.aspx to register for MySophos account (or login your sophos account and do step 3) and download the virtual or software appliance for Sophos iView v2.
- 2.To register for MySophos Account, fill in the required details as highlighted in the image below and click Submit.
- After download the virtual image for your iView appliance, as highlighted in the image below:
Deploying a Virtual or Software Appliance
- Virtual Appliances:
- VMware Virtual Machine (VMware Workstation, ESXi_Server)
- Xen Virtual Machine
- Hyper-V Virtual Machine
- KVM Virtual Machine
- Import the VM file into your hypervisor of choice, and set the hardware specs for your Sophos iView VM.
Software Appliances (ISO File)
- The downloaded ISO file can be installed on the custom hardware using an Installer. To create the Installer, refer the next section.
- Creating an Installer
- For Software installs, you’ll start with an ISO. Write the ISO to a standard USB thumb drive to start the installation.
- On Windows:
- 1. Download and run the Win32 Disk Imager utility (http://sourceforge.net/projects/win32diskimager/)
- 2. Run the utility, and browse for the downloaded ISO file. The application will default to looking for .IMG files. Be sure to change the file filter to (*.*), then locate and select the iView ISO file.
- 3. Select the USB thumb drive you wish to install the ISO on. The thumb drive should be at least 1GB in size, and writing the ISO to it will erase any data it currently contains.
- 4. Once the process is complete, your thumb drive is ready to use.
- On OSX:
- 1. Open the Disk Utility included on OSX.
- 2. Locate the thumb drive in the list of disks.
- 3. On the partitions tab, change the volume scheme to “1 partition”, and the format to “Free Space”, then click apply.
- 4. You’ll need to convert the downloaded ISO file into a new format. Open a terminal window, and navigate to the path where the ISO is stored.
- 5. Run the command: hdiutil convert -format UDRW -o VI-SIVOS_ 02.00.0-092.iso The converted ISO will be /can be named iview.img.dmg
- 6. Next, locate the device path of the USB device, by running diskutil list. For example, let’s say your USB thumb drive’s path is /dev/disk9 but be sure to use the actual path of your thumb drive.
- 7. Next, write the converted ISO to your thumb drive, with the following command: dd if=./iview.img.dmg of=/dev/rdisk9 bs=1m Note: – The of= path adds an “r” in front of the device path name. This is deliberate, and enables RAW disk access. You may leave the r out, but the process will go much more slowly. – You may need to run “sudo dd ” for the imaging to work on your system.
- 8. Wait a few minutes for the process to complete. When you return to a command prompt, the thumb drive will be ready, and can be ejected.
- 9. If you run into problems, see http://borgstrom.ca/2010/10/14/os-x-bootable-usb.html for more detailed instructions.
Installation process
- Since this is a Software Appliance, you may need to change BIOS settings for the thumb drive to boot, if you are installing on your own hardware. You will also need to connect a monitor and keyboard, or a serial cable to the system to complete. You will need to respond to two prompts to begin the installation.
Booting
- When prompted, press y to start the install. The install progress will be shown on the screen, as it continues.
- Once the install is complete, remove the thumb drive, and reboot the device. Give it a couple minutes for the first boot to complete, and the system to be ready and running iView.
- At this point, the system is now running iView.
First-Time Device setup
Basic Setup
- Open the Web Admin UI from http://172.16.16.18 or https://172.16.16.18:443 using initial credentials admin /admin. The End User License Agreement is displayed, carefully read the agreement and click I Accept to continue.
- Click Basic Setup and complete the device’s Basic Setup so that device will be able to connect to the Internet for Activation.
- Note:
- To active device successfully, make sure the WAN, DNS and Default Gateway are configured correctly to reach to the internet connection.
Device Activation
- You should have received an email with the Serial Number on the email address provided while downloading the iView v2 Partner Beta image.
- After Basic Setup is done, enter the Serial Number and click Activate Appliance. Your device will be activated successfully.
Device Registration
- After Activation, click Register Device to register your device.
- As highlighted in the image below, under ‘I have an account already’ section, provide the login credentials you configured while registering for MySophos Account
- Click Continue and your device will be registered.
Synchronize License
- After Registration, click Initiate License Synchronization to start license synchronization on the device
Integrate with Sophos Firewall
On XG Firewall
- Login to Web admin console by your account.
- Go to System Services -> Log Settings and click Add under Syslog Servers.
- Fill in the settings as described below
- Name: A common name for the server.
- IP Address/Domain: The IP or domain name of the Sophos iView appliance.
- Port: 514 (Default).
- Facility: Daemon (information of services running in device as daemon).
- Severity Level: Debug (The device logs all information at the severity level selected and above, selecting Debug will give you all severity levels).
- Format: Device Standard Format.
- Click Save to save.
Enable logging on Syslog Server
- Go to System Services > Log Settings and enable the added syslog servers to receive log and Click Apply.
Sophos iView configuration
Sophos Iview License
- Browse to the IP address of the Sophos iView: <http://<IP address of the Sophos iView>. Sophos iView automatically detects the added SF devices and prompts administrators when they log in.
- Enter the Device Name. Select the Device Type from the drop down list and click Save.
- Result : All log from Sophos XG Firewall will sync to Sophos iView.
- For see it click Report on Sophos iView.
If you’re one of our many XG Firewall partners already managing your customer’s networks through Sophos Central, you’re intimately familiar with the benefits it provides for easy management and reporting.
Urgent Notice: If you’re still managing your XG Firewall customer networks through our legacy Cloud Firewall Manager (CFM), or have customer using Sophos Firewall Manager (SFM) or iView, you need to take action urgently. These legacy platforms are being retired with End-of-Life coming up soon.
- CFM is EOL and going dark at the end of this year which is coming up fast.
- iView is also EOL at the end of this year.
- SFM is EOL next July.
This is actually good news because these legacy platforms are not scalable, do not meet our standards for security and are difficult and expensive to maintain.
A much better solution exists that you can switch to for free with Sophos Central and most of our partners and customers have already made the switch and finding that Sophos Central has dramatically reduced their management time and overhead.
Sophos Sg105 Manual
Sophos Central offers a completely modern platform for management and reporting with the ultimate in security, scalability, and performance all while enabling us to accelerate feature development to add tremendous time savers for you, your team, and your customers.
Why Sophos Central?
Have a quick look at all the great central management capabilities in this short video:
What you get:
- Better usability – workflows are more intuitive, streamlined, efficient, and task oriented.
- Better security – there’s no exposed services, no VPN, and no open ports and it’s been built-from the ground up with security in mind.
- Better reliability – with a modern cloud architecture scaling to millions of users.
- Better features – with a modern development platform and architecture we can accelerate our roadmap to deliver more features – faster.
- Better integration – you can not only centrally manage your firewalls but all your other Sophos products from a common interface and this integration is essential for Synchronized Security, XDR, MTR, ZTNA and the future of cybersecurity.
Features and capabilities you get today with Sophos Central:
- Group Firewall Management – makes managing multiple firewalls easy including recently added support for HA pairs.
- Zero-touch deployment – saves time and money deploying new firewall devices
- Backup management – a central repository for all your firewall backups
- Central inventory – see all your firewall devices under management at a glance
- Central secure access – with full control over which admins can access which firewalls so you don’t need to expose your webadmin access to the WAN
- Firmware updates and scheduling – with one-click ease and new scheduling options
- Audit logging and tracking – with a full change log history and synchronization status
- High-Availability management – supported as of v18 MR3 to manage HA pairs together
- Central Firewall Reporting – with useful built-in reports, flexible custom report building tools, and export/scheduling options
What’s Next? – Before year end:
Firmware update scheduling – update scheduling is already included in Sophos Central, but you need v18 MR3 running on your firewalls to take advantage of it, making it helpful for the next firmware update.
Partner dashboard integration – We are bringing many of these features to the partner dashboard as well, allowing you to easily make changes to multiple customer firewalls at once with new firewall group templates.
Roadmap – What’s coming in the first half of next year:
Partner Dashboard Inventory and Status – offers full inventory and status at-a-glance of your entire estate (see mockup below). You can also easily schedule firmware updates and store backups for all your customers.
SD-WAN Orchestration – giving you point-and-click options to establish multiple site-to-site VPN networks.
You can see a full list of features in Sophos Central below, what’s coming soon, and compare that with the legacy CFM/SFM platforms. Sophos Central already includes much requested features that that are missing today in the legacy platforms and more enhancements are coming soon.
Making the Switch:
If you haven’t already, now is the time to make the switch. CFM is EOL and going dark at the end of the year which is coming up quickly. Fortunately, migrating management and reporting for your XG Firewalls to Sophos Central is as easy as 1-2-3…
- Register the Firewall to Sophos Central
- Enable Management and Reporting
- Approve the management in Sophos Central
If you have many firewalls to migrate, there is an open-source tool available to help automate the process.
If you require assistance with migration, our Migration Helpdesk can provide guidance, assist with setting up a migration strategy and even guide you through the first few migrations. Log in to the Sophos Partner Portal to get in touch with the team.
If you want to learn more about Sophos Central and what it can do for you, check out our website for more information.