English translations
This post was translated with the help of a translation tool. Therefore, occasional errors are possible. An error-free version is available in German
This page is also available in: Deutsch (German)
In this article we present some Sophos Firewall CLI commands - for the console and the advanced shell. Feel free to browse through. Maybe you'll find something new! 😊
The following Sophos Firewall CLI commands for the Advanced Shell and Console are all tested with versions 19.x.x. However, they should work in the same way in version 20+. I will gradually expand the overview.
We accept no liability for problems or damage that may arise from the use of the commands listed here!
In general, the shell and console should only be used by experienced persons. If in doubt, please contact your Sophos partner.
The hotfix status cannot be checked in the WebUI. If you want to check your current hotfix status on the console, enter the following here:
system diagnostic show version-info
You want to have the country associated with a certain IP address in order to optimize the rules accordingly? The Console offers an option for this:
show country-host ip2country ipaddress 8.8.8.8
We have written a separate article for tcpdump. Have a look here: Sophos Firewall Cookbook: tcpdump
Unfortunately, conntrack does not offer the possibility to display the timestamps in a readable format. However, this can still be solved with a pipe command.
conntrack -E -o timestamp | awk -F "[\t]" '{ gsub(/(\[)/,"",$1) ;gsub(/(\])/,"",$1); print strftime("%c",$1) " " $2 }'
The conntrack tool is very useful for checking open or new connections of the Sophos Firewall. A small documentation on conntrack can be found in an article from Sophos: Sophos Firewall: CLI Troubleshooting Tools
You want to test whether the Sophos Firewall itself can establish an SSL connection, or whether the certificate is correct for the connection? The solution is openssl.
openssl s_client -connect sophos.com:443
You wanted to know if and which transceiver the Sophos Firewall has recognized in an SFP/SFP+ port. It works with "ethtool".
ethtool -m PortF1
Everyone will be familiar with this. If you have to jump back and forth between the Advanced Console and the Console frequently, it often becomes annoying. I therefore always recommend going directly to the Advanced Shell. There are two commands here with which you can quickly switch to the console! Exit then takes you back to the Advanced Shell. Super practical! 😊
cish
csh
The CSC service cannot be set to debug with the familiar "service" command. There is a separate command here. To deactivate, simply enter the command again
csc custom debug
Check whether debug has been set or deactivated:
cat /log/csc.log | grep Toggling | tail -n 10
AKTIVIERT:
MESSAGE Oct 31 10:00:26Z [worker:11599]: Toggling log level to: MAX
DEAKTIVIERT
MESSAGE Oct 31 10:04:20Z [worker:23646]: Toggling log level to: WARNING
With "bwmon", the current load per interface can be displayed in the shell.
bwmon
Once started, the current load is displayed at 0.5 second intervals. If you press "h" you will get a little help. This explains how to adjust the sampling intervals or the display of the throughput.
showfw displays the firmware versions in the two firmware slots.
You have shell access, but don't know which port the web interface is running on? The configured ports can be found out with a database query.
psql -U nobody -d corporate -c "select destinationport from tbllocalservicedetails WHERE localserviceid =2"
This page is also available in: Deutsch (German)
Feel free to leave a comment and share your opinion! This helps us to improve the tools and drive further exciting developments
This page is also available in: Deutsch (German)
You're leaving the website
You are about to leave the website and are going to:
{fbExpr this.triggerElement.href}
Please make sure that you trust this website as we cannot be held responsible for external content.
Danke, für die Auflistung. Sind ein paar neue Sachen bei für mich. Gibt es eine zweiten Teil?
Hallo Manfred,
Freut mich. Ja, der zweite ist in Arbeit. Das wird aber noch ein paar Wochen dauern. Schau einfach regelmäßig vorbei. 😊
Gruß,
Sebastian