This page is also available in: Deutsch (German)

In this article we present some Sophos Firewall CLI commands - for the console and the advanced shell. Feel free to browse through. Maybe you'll find something new! 😊

Introduction

The following Sophos Firewall CLI commands for the Advanced Shell and Console are all tested with versions 19.x.x. However, they should work in the same way in version 20+. I will gradually expand the overview.

Firewall Console

Check hotfix status

The hotfix status cannot be checked in the WebUI. If you want to check your current hotfix status on the console, enter the following here:

system diagnostic show version-info

IP countries review

You want to have the country associated with a certain IP address in order to optimize the rules accordingly? The Console offers an option for this:

show country-host ip2country ipaddress 8.8.8.8

Advanced Shell

tcpdump

We have written a separate article for tcpdump. Have a look here: Sophos Firewall Cookbook: tcpdump

conntrack with readable time stamp

Unfortunately, conntrack does not offer the possibility to display the timestamps in a readable format. However, this can still be solved with a pipe command.

conntrack -E -o timestamp | awk -F "[\t]" '{ gsub(/(\[)/,"",$1) ;gsub(/(\])/,"",$1); print strftime("%c",$1) " " $2 }'

conntrack - Parameters and fields

The conntrack tool is very useful for checking open or new connections of the Sophos Firewall. A small documentation on conntrack can be found in an article from Sophos: Sophos Firewall: CLI Troubleshooting Tools

Test SSL connection

You want to test whether the Sophos Firewall itself can establish an SSL connection, or whether the certificate is correct for the connection? The solution is openssl.

openssl s_client -connect sophos.com:443

Show detected SFP transceivers

You wanted to know if and which transceiver the Sophos Firewall has recognized in an SFP/SFP+ port. It works with "ethtool".

ethtool -m PortF1

Quick change to the console

Everyone will be familiar with this. If you have to jump back and forth between the Advanced Console and the Console frequently, it often becomes annoying. I therefore always recommend going directly to the Advanced Shell. There are two commands here with which you can quickly switch to the console! Exit then takes you back to the Advanced Shell. Super practical! 😊

cish

csh

CSC Service Debug

The CSC service cannot be set to debug with the familiar "service" command. There is a separate command here. To deactivate, simply enter the command again

csc custom debug

Check whether debug has been set or deactivated:

cat /log/csc.log | grep Toggling | tail -n 10

AKTIVIERT:
MESSAGE Oct 31 10:00:26Z [worker:11599]: Toggling log level to: MAX

DEAKTIVIERT
MESSAGE   Oct 31 10:04:20Z  [worker:23646]: Toggling log level to: WARNING

bwmon - Interface Bandwidth Monitor

With "bwmon", the current load per interface can be displayed in the shell.

bwmon

Once started, the current load is displayed at 0.5 second intervals. If you press "h" you will get a little help. This explains how to adjust the sampling intervals or the display of the throughput.

showfw - Show versions in firmware slots

showfw displays the firmware versions in the two firmware slots.

Show webadmin port

You have shell access, but don't know which port the web interface is running on? The configured ports can be found out with a database query.

psql -U nobody -d corporate -c "select destinationport from tbllocalservicedetails WHERE localserviceid =2"

More contributions from us

• Sophos Firewall: Readable timestamps