Sophos Firewall database tables

English translations

This post was translated with the help of a translation tool. Therefore, occasional errors are possible. An error-free version is available in German

This page is also available in: Deutsch (German)

A (complete) list of Sophos Firewall database tables from SFOS v20.0.0.

Introduction

In my past projects, I have repeatedly encountered issues where it is necessary to access the database - be it for information purposes, for scripting, or to correct errors that can no longer be corrected in the GUI. There are several examples. During my research I never really found any list of all tables.

I had already collected a few tables via the official community or by analyzing files in the firewall's file system. However, I never had a complete list. Given the number of tables, I would have been very surprised in retrospect. The number of tables is almost 540! WOW! 😮

In this article, I would like to present you with the complete list of tables for SFOS v20.0.0. What you do with it in the end and whether you can do anything with it is entirely up to you. But I think that the list might be quite interesting for some people.

Achtung

Please note that improper use of SQL commands can lead to errors or total failure of the firewall! Therefore, please use the information with the utmost care and always use a demo environment for testing! Use at your own risk.

I also give no guarantee for completeness. But it should be 99.x%.

How to get the list?

First of all, let's find out how to get the list. To do this, I have taken a backup and decrypted it as described in my article "Decrypting and unpacking a backup". This backup contains the SQL structure in a file. With a little effort, I imported the structure into a demo environment and… TADA…. the list of tables is available.

If you also want to do this, please note that the PostgreSQL version runs on a Sophos Firewall with version 9.2.24 to avoid any incompatibilities. I have used the oldest version of EDB (9.3.25).

Download

In the following download I offer you the list of SFOS v20.0.0. It is a simple text file in which all tables are listed.

Download

SFOS 20.0.0 DB.txt (Version: 1.0)
10.40 KB
Tags

Other articles from this category

8 Comments

Leave a Reply

Comments are not displayed directly, as they are released in moderation.


  2. Hallo Sebastian,

    weisst du zufällig in welcher Datenbank bzw. Tabelle die STAS LiveUser gespeichert werden?
    Leider kann man über die API immer nur 50 abrufen.
    Ich habe dank deiner Tabellenübersicht leider nur die tbllivesslvpnusers gefunden.
    Danke dir für die tolle Arbeit!
    Markus

    • Hallo Markus,
      nein, eine Tabelle ist mir dazu nicht bekannt. Sorry. Adhoc fällt mir auch kein anderer Weg ein.
      Mit welchem Aufruf holst du die Infos über die API?

      Gruß,
      Sebastian

      • userpassword
        Die 50 sind hartcodiert, dass hat Sophos leider inzwischen bestätigt und man kann auch keine Filter anwenden, dass ist ein known issue 🙁

            • Danke für die Info! Scheinbar gibt es noch eine zweite Datenbank mit SQLite. War mir garnicht bewusst bisher. Es gibt hier auch nicht viele Tabellen wie es aussieht. Diese hier habe ich gefunden:

              tblliveuser
              tblliveuser_otherattr
              tblliveuseraccounting
              tbladminaccess
              tblwifiliveconnections

              Mit diesem Befehl lässt sich herausfinden was die Spaltennamen sind:
              sqlite_client 127.0.0.1 6061 1 "PRAGMA table_info(tblliveuser);"

Popular posts

Sophos Firewall: object reference for users and groups
Sophos Firewall FQDN Object Import Generator
Sophos Firewall Host Object Import Generator (Powershell)
Sophos Firewall M365 exceptions (host objects)
WordPress Cookie Plugin by Real Cookie Banner