Sophos Advisory: Customers are not able to access any Central Dashboards due to ongoing Microsoft Azure outage. March 15 Sophos Advisory: Central and Enterprise Dashboard - Some customers are unable to add or edit the 'Custom Rules' section within the Federation Login global setting. At Sophos, we took I.T. Security and made it simple. Then, just for fun, we created a line of simple, awesome, useful, amazing, smile-inducing goods.
The option to configure OSPF is available only when Sophos Firewall is deployed in Gateway mode.
OSPF (Open Shortest Path First) is one of the IGPs (Interior Gateway Protocols). Compared with RIP (Routing Information Protocol), OSPF can serve many more networks and the period of convergence is very short. OSPF is widely used in large networks such as ISP backbone and enterprise networks.
The Sophos Firewall implementation of OSPF supports:
- OSPF version 2 (as described in RFC 2328)
- Plain text and Message Digest 5 (MD5) authentication
How OSPF works
OSPF keeps track of a complete topological database of all connections in the local network. It is typically divided into logical areas linked by area border routers. An area comprises a group of contiguous networks. An area border router links one or more areas to the OSPF network backbone.
Sophos Firewall participates in OSPF communications, when it has an interface in the same area. Sophos Firewall uses the OSPF Hello protocol to acquire neighbors in an area. A neighbor is any router that has an interface to the same area as the Sophos Firewall. After initial contact, the Sophos Firewall exchanges Hello packets with its OSPF neighbors at regular intervals to confirm that the neighbors can be reached.
OSPF-enabled routers generate link-state advertisements and send them to their neighbors whenever the status of a neighbor changes or a new neighbor comes online. If the OSPF the network is stable, link-state advertisements between OSPF neighbors do not occur. A Link-State Advertisement (LSA) identifies the interfaces of all OSPF-enabled routers in an area, and provides information that enables OSPF-enabled routers to select the shortest path to a destination. All LSA exchanges between OSPF-enabled routers are authenticated. The Sophos Firewall maintains a database of link-state information based on the advertisements that it receives from OSPF-enabled routers. To calculate the shortest path to a destination, the Sophos Firewall applies the Shortest Path First (SPF) algorithm to the accumulated link-state information.
The Sophos Firewall updates its routing table dynamically based on the results of the SPF calculation to ensure that an OSPF packet will be routed using the shortest path to its destination.
Removing routes
To remove route configuration, execute the no network command from the command prompt as shown below:
Turning off OSPF
To turn off OSPF routing configuration, execute the no router command from the command prompt as shown below:
OSPF configuration task list
OSPF must be turned on before you carry out any of the OSPF commands.
To configure OSPF, see OSPF configuration steps
This topic explains how to set up Microsoft Office 365 to route email through Sophos Email.
Add your domain and verify ownership
You need to add your domain.
Note You will need to provide the following information when configuring Sophos Email to process and deliver email for your domain:- Your email domain name
- Your mail delivery destination host as a Fully Qualified Domain Name (FQDN) or IP address
- The port number used to listen for SMTP traffic on the mail delivery destination host
To find your FQDN for Office 365:
- Log into the Office portal.
- Select Domains.
- Copy the value displayed for the expected MX record.Note The format is normally
<yourdomain-com>.mail.protection.outlook.com
Sophos Online Support
To add a domain in Sophos Central, do as follows:
- Click Email Gateway > Settings.
- Click Domain Settings/Status.
- Click Add Domain.
- Enter your email domain details, the direction of traffic, and delivery destination details.
- Next, click Verify Domain Ownership.
- Copy the TXT value presented in the Verify Domain Ownership dialog.
- Create a TXT DNS record in the root level of the domain name you entered earlier and paste the TXT value that you copied earlier.You can give it the same TXT name as shown or use @. If you're not sure how to do this, contact the organization that registered your domain name.
- Once the new TXT DNS record entry is saved, click Verify.
Once the DNS update with the correct TXT value is propagated, a message is returned indicating that domain verification was successful.
If the DNS update has not yet propagated, or if the value entered is incorrect, a failure message is returned. Confirm that the value entered is correct.