This can be very useful when troubleshooting traffic going thru the Sophos Firewall and can also be used to troubleshoot when firewall rules are not working and you need to confirm that traffic is coming to the firewall. This is also valid for an AWS market place Sophos.
you can not test the firewall rules if the traffic is not even hitting the firewall so this is the first step in confirming that traffic is hitting the firewall
The first thing you will need to do is the login using the Web portal using the admin account and password and the portal link should be something like https://x.x.x.x:8080. the port is set initially set during the install
Once you are logged in then you can go to Management – Systems settings on the left and click on the shell access tab. choose the passwords and turn the access on by clicking the button on the top right
Once the passwords are set then you can start the session using putty and use the internal IP to login using the loginuser and password and use sudo to get to the privileged level
Below is a command to capture traffic from source host 10.20.20.20 and destination host 102.16.39.41. this confirms if you see the traffic that it is hitting the firewall interfaces and may be getting dropped by a firewall rule
AW-Sophos01:/root # tcpdump -veni any host 10.20.20.20 and host 102.16.39.41
This can become very handy when troubleshooting – let me know if this is not accurate and I can update the article
HTH
