7/24/2014
How to add devices using Self Service Portal in Sophos Mobile Control (SMC)
After many hours of installing and configuring the Sophos Mobile Client Control, I found out there's no steps to add your mobile devices in any of their docs. They have so many docs on the SMC, but none on the info you want.
You have the Super Admin Guide, the Admin guide, the startup guide, the install guide, the SMC as service guide, the technical guide, and on and on.... and on.
All I want is to install the SMC software, add my iPhone, Android phone, tablet, and manage it in less than 10 - 20 minutes.
I installed the Sophos Mobile Control software and I was able to login. But spent hours trying to find out how to add devices to the SMC server. Needless to say, they need to have simpler docs.
Well, if you want a simple way of installing the SMC server and immediately add devices to it and start managing it, here are the steps. Skip to the bottom "Add devices using Self Service Portal in Sophos Mobile Control (SMC)" if you can already login to SMC.
Installing the SMC Server software: (skip this step if you already installed the software)
1. install the Windows O/S and or SQL server.
2. Download the SMC Mobile Control software from Sophos.
3. Install the .exe software. Follow the instruction on screen. When ask for the SQL server, you can point to a remote SQL server or use local.
4. Create an superadmin account to login: admin user to login to the SMC WEB gui.
5. Take defaults for the rest when you can.
6. done. You're done with the install.
Login to the Sophos Mobile Control SMC server:
1. To login, go to the url: https://IP-Address-of-SMC-server/
2. login with admin / yourpassword, the superadmin account you created during the install.
Create a Customer in SMC:
1. You have to create a customer and login as the admin user of that Customer to add and manage mobile devices.
A customer is your company / organization. From here on, you should always login to the customer and add / change any iPhone, Android, devices, etc. and modify mobile profiles.
2. If you don't create a customer, it won't work.
Add devices using Self Service Portal in Sophos Mobile Control (SMC):
Adding mobile devices, ie, iPhones, Android, Windows phone, Tablets to the SMC server is quite simple. You can have the user do it without the Administrator involve.
1. Access the SMC self service portal URL: https://IP-Address-of-SMC-server/ssp/
2. Login with an Active Directory user / group allowed to be controled by SMC mobile control. I just create a new AD group and add users with mobile phones I want to manage.
(you setup the external Active Directory by login as the customer then, --> Settings-->System Setup-->user setup tab.
3. From here on, I let the users add their own devices to the SMC server themselves without administrator involvement.
a. Users would need to go to their iPhones, Androids, Windows Phones, tablets and open a browser, ie. safari.
b. They go to the Self Service Portal URL: https://IP-Address-of-SMC-server/ssp/
c. Enter the Customer or company name and Active Directory user/password
d. After you login, you will see a button to "Register New Device"
e. Click on it and follow the on screen prompt and enter your telephone number, or you'll need to UPDATE the phone number by login as admin in SMC SERVER.
f. After a few minutes, you will get a "Configuration Finished", then click on "OK"
g. done. and Logout.
Option 2:
1. You, the Administrator, login to the SMC server with the customer admin user:
go to Inventory --> Devices --> click on Create Device.
Enter the 3 mandatory fields:
Name:
Description
Phone number
you're done.
Tell me how this works for you.
7/22/2014
Sophos UTM Running Slow 2
From the previous post:
Update: It did not work. After installing the active / active license and changing the HA MODE, and upgrading the firmware on the Sophos UTM, the internet is still slow. If we disabled UTM, web browsing is super fast.
There was a slight improvement but I'll say it's about a 5% improvement compare to not switching to a active/active configuration.
Before the active/active mode change, we had a complete loss of web browsing for about 20 - 30 seconds. And it would happen 3 times a day. Now, the complete loss of internet browsing is solved, but it's still noticeably slow. Sometimes it still takes 20 - 30 seconds to browse to your regular news or yahoo or any normal big websites.
So, at this point Sophos UTM is slow. I'm hoping the next firmware upgrade will fix this.
I have high hopes for Sophos, since it's really user friendly.
Leave a comment if it happens to you.
Sophos UTM Running Slow
Update: It did not work. After installing the active / active license and changing the HA MODE, and upgrading the firmware on the Sophos UTM, the internet is still slow. If we disabled UTM, web browsing is super fast.
There was a slight improvement but I'll say it's about a 5% improvement compare to not switching to a active/active configuration.
Before the active/active mode change, we had a complete loss of web browsing for about 20 - 30 seconds. And it would happen 3 times a day. Now, the complete loss of internet browsing is solved, but it's still noticeably slow. Sometimes it still takes 20 - 30 seconds to browse to your regular news or yahoo or any normal big websites.
So, at this point Sophos UTM is slow. I'm hoping the next firmware upgrade will fix this.
I have high hopes for Sophos, since it's really user friendly.
Leave a comment if it happens to you.
7/18/2014
Easy Steps: Config Netflow, Syslog, SNMP on Cisco ASA Firewall
Config Netflow on Cisco ASA to Send to your Netflow collector:
conf t
access-list ACCESS-LIST-NAME line 1 extended permit ip any any ( capture all IP source/destination for Netflow)
flow-export destination INSIDE 10.2.2.2 2055 (ENTER your IP address to send netflow data and port number. Default netflow port is 2055)
class-map global-class1 (Create a global class name to apply to all interfaces on the ASA)
match access-list ACCESS-LIST-NAME ( The Access-list named above)
policy-map global_policy
class global-class1 (the same global-class1 created above.)
flow-export event-type all destination 10.2.2.2 (To send all netflow events to the Destination IP)
Config SNMP traps on the ASA to send to your SNMP SERVER:
snmp-server host <ASA Interface name> <SNMP SERVER IP> poll community <community string>
snmp-server enable traps
Config SYSLOG on ASA to send to your syslog server:
There are many freeware syslog servers out there to use as your syslog server, ie. kiwi syslog or WhatsUpGold. I like WhatsUpGold better as a syslog server.
logging enable
logging timestamp
logging buffer-size 20000
logging buffered critical
logging trap critical
logging history critical
logging asdm critical
logging host INSIDE <IP address of your Syslog Server>
logging class auth trap informational
conf t
access-list ACCESS-LIST-NAME line 1 extended permit ip any any ( capture all IP source/destination for Netflow)
flow-export destination INSIDE 10.2.2.2 2055 (ENTER your IP address to send netflow data and port number. Default netflow port is 2055)
class-map global-class1 (Create a global class name to apply to all interfaces on the ASA)
match access-list ACCESS-LIST-NAME ( The Access-list named above)
policy-map global_policy
class global-class1 (the same global-class1 created above.)
flow-export event-type all destination 10.2.2.2 (To send all netflow events to the Destination IP)
Config SNMP traps on the ASA to send to your SNMP SERVER:
snmp-server host <ASA Interface name> <SNMP SERVER IP> poll community <community string>
snmp-server enable traps
Config SYSLOG on ASA to send to your syslog server:
There are many freeware syslog servers out there to use as your syslog server, ie. kiwi syslog or WhatsUpGold. I like WhatsUpGold better as a syslog server.
logging enable
logging timestamp
logging buffer-size 20000
logging buffered critical
logging trap critical
logging history critical
logging asdm critical
logging host INSIDE <IP address of your Syslog Server>
logging class auth trap informational
7/09/2014
Sophos UTM Running Slow
We have our Sophos Appliance SG330 running for over a month now and it is running slow. Users are experiencing slow internet access.
We had upgraded our Sophos UTM 425 to the newer SG
Series. And this saw a slight improvement. The SG series is supposed to be
the fastest UTM on the block. It’s a big
step up from the older version UTM 425.
In our office, we have about 150 users and I don’t think
they all access the internet at the same time.
We are only doing single scan (sophos scan) and no Avira
Scan.
Users are experiencing marked slowness when browsing the
internet. Just going to normal sites,
like cnn.com, yahoo.com, google.com, etc. are all super slow. Going to any https site is even slower.
A few times during the day we can’t get to the internet at
all. But I can ping google, yahoo,
etc. We just can’t browsed to any site
using any web browser.
Our internet speed to the internet is over 100Mbps. We don’t use more than 20mbps at any
particular time.
The browser would hang for 20 seconds and all of a sudden,
it loads and we can access the internet again.
It seems to happen a few times a day. Like I said pings to the internet is okay, it
never timeout, but no user can browsed to the internet.
It seems that the Sophos UTM is not able to handle the
load. According to the Sophos Sizing
Guide, it should be able to handle 400 users with ALL UTM Module subscriptions
enabled.
So, today we upgraded the firmware of our Sophos SG330 from 9.201-23
to Current firmware version: 9.203-3.
We also changed the Sophos HA mode from Active/Standby to
Active/Active. In my next post, I will
describe how to upgrade to an Active/Active configuration.
So far, after a few hours, users are saying they see faster
internet access. No complaints yet.
Will give an update in a week. Wanted to let it baked in and see user
experience.
See updated post: Sophos UTM Running Slow 2
Subscribe to:
Posts (Atom)