Sophos Firewall

On-Premise firewall by Sophos enables you to manage your firewall, respond to threats, and monitor what’s happening on your network.

Configure Sophos Firewall on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for sophos_firewall.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
server_urlServer URLTrue
credentialsUser CredentialsTrue
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

sophos-firewall-rule-list#


Lists all firewall rules. IMPORTANT: Listing starts at 0 (not 1)!

Base Command#

sophos-firewall-rule-list

Input#

Argument NameDescriptionRequired
startThe start index for the rules to list, e.g: 5. Default is "0".Optional
endThe end index for the rules to list, e.g: 20. Default is "50".Optional

Context Output#

PathTypeDescription
SophosFirewall.SecurityPolicy.NameStringName of the rule.
SophosFirewall.SecurityPolicy.DescriptionStringDescription of the rule.
SophosFirewall.SecurityPolicy.StatusStringStatus of the rule.
SophosFirewall.SecurityPolicy.PolicyTypeStringPolicy type of the rule.
SophosFirewall.SecurityPolicy.IPFamilyStringIP family of the security policy. Either IPv4 or IPv6.
SophosFirewall.SecurityPolicy.AttachIdentityStringRule attach identity status.
SophosFirewall.SecurityPolicy.ActionStringCurrent rule action.
SophosFirewall.SecurityPolicy.LogTrafficNumberRule traffic logging code.

Command Example#

!sophos-firewall-rule-list start=0 end=6

Context Example#

{
"SophosFirewall": {
"SecurityPolicy": [
{
"After": {
"Name": "[example] Traffic to DMZ"
},
"ApplyNAT": "CustomNatPolicy",
"Description": "This rule was added automatically by SFOS MTA. However you could edit this policy based on network requirement.",
"DestSecurityHeartbeat": "Disable",
"IPFamily": "IPv4",
"IntrusionPrevention": "None",
"IsDeleted": false,
"LogTraffic": "Disable",
"MatchIdentity": "Disable",
"MinimumDestinationHBPermitted": "No Restriction",
"MinimumSourceHBPermitted": "No Restriction",
"Name": "Auto added firewall policy for MTA",
"OutboundAddress": "MASQ",
"OverrideGatewayDefaultNATPolicy": "Disable",
"PolicyType": "PublicNonHTTPPolicy",
"Position": "After",
"PublicNonHTTPBasedPolicy": {
"ScanIMAP": "Disable",
"ScanIMAPS": "Disable",
"ScanPOP3": "Disable",
"ScanPOP3S": "Disable",
"ScanSMTP": "Enable",
"ScanSMTPS": "Enable"
},
"SourceSecurityHeartbeat": "Disable",
"Status": "Enable",
"TrafficShappingPolicy": "None"
},
{
"Action": "Drop",
"After": {
"Name": "[example] Traffic to WAN"
},
"Description": "A disabled Firewall rule with the destination zone as DMZ. Such rules would be added to Traffic to DMZ group on the first match basis if user selects automatic grouping option.",
"DestinationZones": {
"Zone": "DMZ"
},
"IPFamily": "IPv4",
"IsDeleted": false,
"LogTraffic": "Enable",
"MatchIdentity": "Enable",
"Name": "[example] Traffic to DMZ",
"PolicyType": "User",
"Position": "After",
"Schedule": "All The Time",
"ShowCaptivePortal": "Enable",
"Status": "Disable"
},
{
"Action": "Drop",
"After": {
"Name": "after"
},
"Description": "A disabled Firewall rule with the destination zone as WAN. Such rules would be added to Traffic to WAN group on the first match basis if user selects automatic grouping option.",
"DestinationZones": {
"Zone": "WAN"
},
"IPFamily": "IPv4",
"IsDeleted": false,
"LogTraffic": "Enable",
"MatchIdentity": "Disable",
"Name": "[example] Traffic to WAN",
"PolicyType": "Network",
"Position": "After",
"Schedule": "All The Time",
"Status": "Disable"
},
{
"Action": "Drop",
"After": {
"Name": "Auto added firewall policy for MTA"
},
"Description": null,
"IPFamily": "IPv4",
"IsDeleted": false,
"LogTraffic": "Disable",
"MatchIdentity": "Disable",
"Name": "[example] Traffic to Internal Zones",
"PolicyType": "Network",
"Position": "After",
"Schedule": "All The Time",
"Status": "Enable"
},
{
"Action": "Drop",
"Description": null,
"IPFamily": "IPv4",
"IsDeleted": false,
"LogTraffic": "Disable",
"MatchIdentity": "Disable",
"Name": "Blocked IPs",
"PolicyType": "Network",
"Position": "Top",
"Schedule": "All The Time",
"SourceNetworks": {
"Network": "Blocked by Playbook"
},
"Status": "Enable"
},
{
"Action": "Drop",
"After": {
"Name": "before"
},
"Description": null,
"IPFamily": "IPv4",
"IsDeleted": false,
"LogTraffic": "Disable",
"MatchIdentity": "Disable",
"Name": "after",
"PolicyType": "Network",
"Position": "After",
"Schedule": "All The Time",
"Status": "Enable"
}
]
}
}

Human Readable Output#

Showing 0 to 6 SecurityPolicy objects out of 8#

NameDescriptionStatusPolicyTypeIPFamilyActionLogTraffic
Auto added firewall policy for MTAThis rule was added automatically by SFOS MTA. However you could edit this policy based on network requirement.EnablePublicNonHTTPPolicyIPv4Disable
[example] Traffic to DMZA disabled Firewall rule with the destination zone as DMZ. Such rules would be added to Traffic to DMZ group on the first match basis if user selects automatic grouping option.DisableUserIPv4DropEnable
[example] Traffic to WANA disabled Firewall rule with the destination zone as WAN. Such rules would be added to Traffic to WAN group on the first match basis if user selects automatic grouping option.DisableNetworkIPv4DropEnable
[example] Traffic to Internal ZonesEnableNetworkIPv4DropDisable
Blocked IPsEnableNetworkIPv4DropDisable
afterEnableNetworkIPv4DropDisable

sophos-firewall-rule-get#


Gets a single firewall rule by name.

Base Command#

sophos-firewall-rule-get

Input#

Argument NameDescriptionRequired
nameName of the rule to get.Required

Context Output#

PathTypeDescription
SophosFirewall.SecurityPolicy.NameStringName of the rule.
SophosFirewall.SecurityPolicy.DescriptionStringDescription of the rule.
SophosFirewall.SecurityPolicy.StatusStringStatus of the rule.
SophosFirewall.SecurityPolicy.PolicyTypeStringPolicy type of the rule.
SophosFirewall.SecurityPolicy.IPFamilyStringIP family of the security policy. Either IPv4 or IPv6.
SophosFirewall.SecurityPolicy.AttachIdentityStringRule attach identity status.
SophosFirewall.SecurityPolicy.ActionStringCurrent rule action.
SophosFirewall.SecurityPolicy.LogTrafficNumberRule traffic logging code.

Command Example#

!sophos-firewall-rule-get name=user_rule

Context Example#

{
"SophosFirewall": {
"SecurityPolicy": {
"Action": "Drop",
"After": {
"Name": "1"
},
"Description": null,
"DestinationZones": {
"Zone": "LAN"
},
"IPFamily": "IPv4",
"IsDeleted": false,
"LogTraffic": "Enable",
"MatchIdentity": "Disable",
"Name": "user_rule",
"PolicyType": "Network",
"Position": "After",
"Schedule": "All The Time",
"SourceZones": {
"Zone": "LAN"
},
"Status": "Enable"
}
}
}

Human Readable Output#

SecurityPolicy Object details#

NameStatusPolicyTypeIPFamilyActionLogTraffic
user_ruleEnableNetworkIPv4DropEnable

sophos-firewall-rule-add#


Adds a new firewall rule.

Base Command#

sophos-firewall-rule-add

Input#

Argument NameDescriptionRequired
nameName of the new rule.Required
descriptionDescription of the new rule.Optional
statusWhether the rule is enabled. Possible values: "Enable" and "Disable". Default is "Enable".Optional
ip_familyThe IP family. Possible values: "IPv4" and "IPv6". Default is "IPv4".Optional
positionWhether the rule should be at the "top" or "bottom" of the list, or "before" or\ \ "after" a specific rule? IMPORTANT: If "before" or "after" is selected, provide the\ \ position_policy_name parameter.Required
position_policy_nameThe name of the policy that the rule should be created before or after. REQUIRED: When the position is "before" or "after".Optional
policy_typeType of the new rule (policy). Possible values: "User" and "Network".Required
source_zonesSource zones to add to the rule. Possible values: "Any", "LAN". "WAN", "VPN", "DMZ", "WiFi".Optional
source_networksSource networks to add to the rule.Optional
destination_zonesDestination zones to add to the rule. Possible values: "Any", "LAN". "WAN", "VPN", "DMZ", "WiFi".Optional
destination_networksDestination networks to add to the rule.Optional
servicesDestination services to add to the rule.Optional
scheduleThe schedule for the rule. Possible values: "All the time", "Work hours (5 Day week)", "Work hours (6 Day week)", "All Time on Weekdays", "All Time on Weekends", "All Time on Sunday", "All Days 10:00 to 19:00". IMPORTANT: Creating a new schedule is available from the web console.Optional
log_trafficWhether to enable traffic logging for the policy. Possible values: "Enable" and "Disable". Default is "Disable".Optional
match_identityWhether to check if the specified user/user group from the\ \ selected zone is allowed to access the selected service. Possible values: "Enable" and "Disable". Default is "Disable". IMPORTANT: When enabling match_identity, the members argument is required.Optional
show_captive_portalWhether to accept traffic from unknown users. Captive portal page\ \ is displayed to the user where the user can login to access the Internet.\ \ Possible values: "Enable" and "Disable". Default is "Disable". IMPORTANT: MatchIdentity must be Enabled. PARAMETER OF: UserPolicy.Optional
membersAn existing user(s) or group(s) to add to the rule. REQUIRED when match_identity is enabled.Optional
actionAction for the rule traffic. Possible values: "Accept", "Reject", and "Drop". Default is "Drop".Optional
dscp_markingThe DSCP marking level to classify the flow of packets based on the Traffic Shaping policy.Optional
primary_gatewayThe primary gateway. Applicable only in case of multiple gateways.Optional
backup_gatewayThe backup gateway. Applicable only in case of multiple gateways.Optional
application_controlThe Application Filter policy for the rule. Default is "Allow All".Optional
application_based_qos_policyWhether to limit the bandwidth for the applications categorized\ \ under the Application category. This tag is only applicable when\ \ an application_control is selected. Possible values: "Apply" and "Revoke". Default is "Revoke".Optional
web_filterThe Web Filter policy for the rule. Default is "Allow All".Optional
web_category_base_qos_policyWhether to limit the bandwidth for the URLs categorized under the Web\ \ category. This tag is only applicable when any web_filter is defined." Possible values: "Apply" and "Revoke". Default is "Revoke".Optional
traffic_shaping_policyThe Traffic Shaping policy for the rule. Default is "None".Optional
scan_httpWhether to enable virus and spam scanning for HTTP protocol. Possible values: "Enable" and "Disable". Default is "Disable".Optional
scan_httpsWhether to enable virus and spam scanning for HTTPS protocol. Possible values: "Enable" and "Disable". Default is "Disable".Optional
sandstormWhether to enable sandstorm analysis. Possible values: "Enable" and "Disable". Default is "Disable".Optional
block_quick_quicWhether to enable Google websites to use HTTP/s instead of QUICK QUIC. Possible values: "Enable" and "Disable". Default is "Disable".Optional
scan_ftpWhether to enable scanning of FTP traffic. Possible values: "Enable" and "Disable". Default is "Disable".Optional
data_accountingWhether to exclude a user's network traffic from data accounting. This option is available only if the parameter "Match rule-based on user identity" is enabled. Possible values: "Enable" and "Disable". Default is "Disable".Optional
rewrite_source_addressWhether to enable the NAT policy. Possible values: "Enable" and "Disable". Default is "Enable".Optional
web_filter_internet_schemeWhether to enable the internet scheme to apply the user-based Web Filter policy for the rule. Possible values: "Enable" and "Disable". Default is "Disable".Optional
application_control_internet_schemeWhether to enable the internet scheme to apply user-based Application Filter Policy for the rule. Possible values: "Enable" and "Disable". Default is "Disable".Optional
override_gateway_default_nat_policyWhether to override the gateway of the default NAT policy. Possible values: "Enable" and "Disable". Default is "Disable".Optional
source_security_heartbeatWhether to enable the source security heartbeat. Possible values: "Enable" and "Disable". Default is "Disable".Optional
destination_security_heartbeatWhether to enable the destination security heartbeat. Possible values: "Enable" and "Disable". Default is "Disable".Optional
outbound_addressThe NAT policy to be applied. Default is "MASQ".Optional
minimum_source_hb_permittedThe minimum source health status permitted. Default is "No Restriction".Optional
minimum_destination_hb_permittedThe minimum destination health status permitted. Default is "No Restriction".Optional
intrusion_preventionThe IPS policy for the rule. Default is "generalpolicy".Optional

Context Output#

PathTypeDescription
SophosFirewall.SecurityPolicy.NameStringName of the rule.
SophosFirewall.SecurityPolicy.DescriptionStringDescription of the rule.
SophosFirewall.SecurityPolicy.StatusStringStatus of the rule.
SophosFirewall.SecurityPolicy.PolicyTypeStringPolicy type of the rule.
SophosFirewall.SecurityPolicy.IPFamilyStringIP family of the security policy. Either IPv4 or IPv6.
SophosFirewall.SecurityPolicy.AttachIdentityStringRule attach identity status.
SophosFirewall.SecurityPolicy.ActionStringCurrent rule action.
SophosFirewall.SecurityPolicy.LogTrafficNumberRule traffic logging code.

Command Example#

!sophos-firewall-rule-add name=user_rule action=Accept ip_family=IPv4 log_traffic=Disable policy_type=User position=bottom match_identity=Enable show_captive_portal=Enable destination_zones=LAN members="Guest Group"

Context Example#

{
"SophosFirewall": {
"SecurityPolicy": {
"Action": "Accept",
"After": {
"Name": "1"
},
"ApplicationBaseQoSPolicy": "Revoke",
"ApplicationControl": "Allow All",
"ApplicationControlInternetScheme": "Disable",
"BackupGateway": null,
"BlockQuickQuic": "Disable",
"DSCPMarking": null,
"DataAccounting": "Disable",
"Description": null,
"DestSecurityHeartbeat": "Disable",
"DestinationZones": {
"Zone": "LAN"
},
"IPFamily": "IPv4",
"Identity": {
"Member": "Guest Group"
},
"IntrusionPrevention": "generalpolicy",
"IsDeleted": false,
"LogTraffic": "Disable",
"MatchIdentity": "Enable",
"MinimumDestinationHBPermitted": "No Restriction",
"MinimumSourceHBPermitted": "No Restriction",
"Name": "user_rule",
"OutboundAddress": "MASQ",
"OverrideGatewayDefaultNATPolicy": "Disable",
"PolicyType": "User",
"Position": "After",
"PrimaryGateway": null,
"RewriteSourceAddress": "Enable",
"Sandstorm": "Disable",
"ScanFTP": "Disable",
"ScanHTTP": "Disable",
"ScanHTTPS": "Disable",
"Schedule": "All The Time",
"ShowCaptivePortal": "Enable",
"SourceSecurityHeartbeat": "Disable",
"Status": "Enable",
"TrafficShappingPolicy": "None",
"WebCategoryBaseQoSPolicy": "Revoke",
"WebFilter": "Allow All",
"WebFilterInternetScheme": "Disable"
}
}
}

Human Readable Output#

SecurityPolicy Object details#

NameStatusPolicyTypeIPFamilyActionLogTraffic
user_ruleEnableUserIPv4AcceptDisable

sophos-firewall-rule-update#


Updates an existing firewall rule.

Base Command#

sophos-firewall-rule-update

Input#

Argument NameDescriptionRequired
nameName of the new rule.Required
descriptionDescription of the new rule.Optional
statusWhether the rule is enabled. Possible values: "Enable" and "Disable". Default is "Enable".Optional
ip_familyThe IP family. Possible values: "IPv4" and "IPv6". Default is "IPv4".Optional
positionWhether the rule should be at the "top" or "bottom" of the list, or "before" or\ \ "after" a specific rule? IMPORTANT: If "before" or "after" is selected, provide the\ \ position_policy_name parameter.Optional
position_policy_nameThe name of the policy that the rule should be created before or after. REQUIRED: When the position is "before" or "after".Optional
policy_typeType of the new rule (policy). Possible values: "User" and "Network".Optional
source_zonesSource zones to add to the rule. Possible values: "Any", "LAN". "WAN", "VPN", "DMZ", "WiFi".Optional
source_networksSource networks to add to the rule.Optional
destination_zonesDestination zones to add to the rule. Possible values: "Any", "LAN". "WAN", "VPN", "DMZ", "WiFi".Optional
destination_networksDestination networks to add to the rule.Optional
servicesDestination services to add to the rule.Optional
scheduleThe schedule for the rule. Possible values: "All the time", "Work hours (5 Day week)", "Work hours (6 Day week)", "All Time on Weekdays", "All Time on Weekends", "All Time on Sunday", "All Days 10:00 to 19:00". IMPORTANT: Creating a new schedule is available in the web console.Optional
log_trafficWhether to enable traffic logging for the policy. Possible values: "Enable" and "Disable". Default is "Disable".Optional
match_identityWhether to check if the specified user/user group from the\ \ selected zone is allowed to access the selected service. Possible values: "Enable" and "Disable". Default is "Disable". IMPORTANT: When enabling match_identity, the members argument is required.Optional
show_captive_portalWhether to accept traffic from unknown users. Captive portal page\ \ is displayed to the user where the user can login to access the Internet.\ \ Possible values: "Enable" and "Disable". Default is "Disable". IMPORTANT: MatchIdentity must be Enabled. PARAMETER OF: UserPolicy.Optional
membersAn existing user(s) or group(s) to add to the rule. REQUIRED when match_identity is enabled.Optional
actionAction for the rule traffic. Possible values: "Accept", "Reject", and "Drop". Default is "Drop".Optional
dscp_markingThe DSCP marking level to classify the flow of packets based on the Traffic Shaping policy.Optional
primary_gatewayThe primary gateway. Applicable only in case of multiple gateways.Optional
backup_gatewayThe backup gateway. Applicable only in case of multiple gateways.Optional
application_controlThe Application Filter policy for the rule. Default is "Allow All".Optional
application_based_qos_policyWhether to limit the bandwidth for the applications categorized\ \ under the Application category. This tag is only applicable when\ \ an application_control is selected. Possible values: "Apply" and "Revoke". Default is "Revoke".Optional
web_filterThe Web Filter policy for the rule. Default is "Allow All".Optional
web_category_base_qos_policyWhether to limit the bandwidth for the URLs categorized under the Web\ \ category. This tag is only applicable when any web_filter is defined." Possible values: "Apply" and "Revoke". Default is "Revoke".Optional
traffic_shaping_policyThe Traffic Shaping policy for the rule. Default is "None".Optional
scan_httpWhether to enable virus and spam scanning for HTTP protocol. Possible values: "Enable" and "Disable". Default is "Disable".Optional
scan_httpsWhether to enable virus and spam scanning for HTTPS protocol. Possible values: "Enable" and "Disable". Default is "Disable".Optional
sandstormWhether to enable sandstorm analysis. Possible values: "Enable" and "Disable". Default is "Disable".Optional
block_quick_quicWhether to enable Google websites to use HTTP/s instead of QUICK QUIC. Possible values: "Enable" and "Disable". Default is "Disable".Optional
scan_ftpWhether to enable scanning of FTP traffic. Possible values: "Enable" and "Disable". Default is "Disable".Optional
data_accountingWhether to exclude a user's network traffic from data accounting. This option is available only if the parameter "Match rule-based on user identity" is enabled. Possible values: "Enable" and "Disable". Default is "Disable".Optional
rewrite_source_addressWhether to enable the NAT policy. Possible values: "Enable" and "Disable". Default is "Enable".Optional
web_filter_internet_schemeWhether to enable the internet scheme to apply the user-based Web Filter policy for the rule. Possible values: "Enable" and "Disable". Default is "Disable".Optional
application_control_internet_schemeWhether to enable the internet scheme to apply user-based Application Filter Policy for the rule. Possible values: "Enable" and "Disable". Default is "Disable".Optional
override_gateway_default_nat_policyWhether to override the gateway of the default NAT policy. Possible values: "Enable" and "Disable". Default is "Disable".Optional
source_security_heartbeatWhether to enable the source security heartbeat. Possible values: "Enable" and "Disable". Default is "Disable".Optional
destination_security_heartbeatWhether to enable the destination security heartbeat. Possible values: "Enable" and "Disable". Default is "Disable".Optional
outbound_addressThe NAT policy to be applied. Default is "MASQ".Optional
minimum_source_hb_permittedThe minimum source health status permitted. Default is "No Restriction".Optional
minimum_destination_hb_permittedThe minimum destination health status permitted. Default is "No Restriction".Optional
intrusion_preventionThe IPS policy for the rule. Default is "generalpolicy".Optional

Context Output#

PathTypeDescription
SophosFirewall.SecurityPolicy.NameStringName of the rule.
SophosFirewall.SecurityPolicy.DescriptionStringDescription of the rule.
SophosFirewall.SecurityPolicy.StatusStringStatus of the rule.
SophosFirewall.SecurityPolicy.PolicyTypeStringPolicy type of the rule.
SophosFirewall.SecurityPolicy.IPFamilyStringIP family of the security policy. Either IPv4 or IPv6.
SophosFirewall.SecurityPolicy.AttachIdentityStringRule attach identity status.
SophosFirewall.SecurityPolicy.ActionStringCurrent rule action.
SophosFirewall.SecurityPolicy.LogTrafficNumberRule traffic logging code.

Command Example#

!sophos-firewall-rule-update name=user_rule log_traffic=Enable source_zones=LAN

Context Example#

{
"SophosFirewall": {
"SecurityPolicy": {
"Action": "Drop",
"After": {
"Name": "1"
},
"Description": null,
"DestinationZones": {
"Zone": "LAN"
},
"IPFamily": "IPv4",
"IsDeleted": false,
"LogTraffic": "Enable",
"MatchIdentity": "Disable",
"Name": "user_rule",
"PolicyType": "Network",
"Position": "After",
"Schedule": "All The Time",
"SourceZones": {
"Zone": "LAN"
},
"Status": "Enable"
}
}
}

Human Readable Output#

SecurityPolicy Object details#

NameStatusPolicyTypeIPFamilyActionLogTraffic
user_ruleEnableNetworkIPv4DropEnable

sophos-firewall-rule-delete#


Deletes an existing firewall rule.

Base Command#

sophos-firewall-rule-delete

Input#

Argument NameDescriptionRequired
nameName of the rule.Required

Context Output#

PathTypeDescription
SophosFirewall.SecurityPolicy.NameStringName of the rule.
SophosFirewall.SecurityPolicy.IsDeletedBoolWhether the rule is deleted.

Command Example#

!sophos-firewall-rule-delete name=user_rule

Context Example#

{
"SophosFirewall": {
"SecurityPolicy": {
"IsDeleted": true,
"Name": "user_rule"
}
}
}

Human Readable Output#

Deleting SecurityPolicy Objects Results#

NameIsDeleted
user_ruletrue

sophos-firewall-rule-group-list#


Lists all firewall rule groups. IMPORTANT: Listing starts at 0 (not 1)!

Base Command#

sophos-firewall-rule-group-list

Input#

Argument NameDescriptionRequired
startThe start index for the rules to list, e.g: 5. Default is "0".Optional
endThe end index for the rules to list, e.g: 20. Default is "50".Optional

Context Output#

PathTypeDescription
SophosFirewall.SecurityPolicyGroup.NameStringName of the group.
SophosFirewall.SecurityPolicyGroup.DescriptionStringDescription of the group.
SophosFirewall.SecurityPolicyGroup.SecurityPolicyList.SecurityPolicyStringRules contained inside the group.
SophosFirewall.SecurityPolicyGroup.SourceZones.ZoneStringSource zone in the group.
SophosFirewall.SecurityPolicyGroup.DestinationZones.ZoneStringDestination zone in the group.
SophosFirewall.SecurityPolicyGroup.PolicyTypeNumberType of the rules in the group.

Command Example#

!sophos-firewall-rule-group-list start=0 end=6

Context Example#

{
"SophosFirewall": {
"SecurityPolicyGroup": [
{
"Description": "Inbound traffic to DMZ. Firewall rules with the destination zone as DMZ would be added to this group on the first match basis if user selects automatic grouping option. This is the default group.",
"DestinationZones": {
"Zone": "DMZ"
},
"IsDeleted": false,
"Name": "Traffic to DMZ",
"Policytype": "Any",
"SecurityPolicyList": {
"SecurityPolicy": "[example] Traffic to DMZ"
}
},
{
"Description": null,
"IsDeleted": false,
"Name": "hi",
"Policytype": "Any"
},
{
"Description": null,
"IsDeleted": false,
"Name": "forunitest",
"Policytype": "Any"
},
{
"Description": "Outbound traffic to WAN. Firewall rules with the destination zone as WAN would be added to this group on the first match basis if user selects automatic grouping option. This is the default group.",
"DestinationZones": {
"Zone": "WAN"
},
"IsDeleted": false,
"Name": "Traffic to WAN",
"Policytype": "Any",
"SecurityPolicyList": {
"SecurityPolicy": "[example] Traffic to WAN"
}
},
{
"Description": null,
"IsDeleted": false,
"Name": "unitest",
"Policytype": "Any"
},
{
"Description": "For testing only",
"IsDeleted": false,
"Name": "unitest2",
"Policytype": "Any"
}
]
}
}

Human Readable Output#

Showing 0 to 6 SecurityPolicyGroup objects out of 8#

NameDescriptionSecurityPolicyListDestinationZones
Traffic to DMZInbound traffic to DMZ. Firewall rules with the destination zone as DMZ would be added to this group on the first match basis if user selects automatic grouping option. This is the default group.SecurityPolicy: [example] Traffic to DMZZone: DMZ
hi
forunitest
Traffic to WANOutbound traffic to WAN. Firewall rules with the destination zone as WAN would be added to this group on the first match basis if user selects automatic grouping option. This is the default group.SecurityPolicy: [example] Traffic to WANZone: WAN
unitest
unitest2For testing only

sophos-firewall-rule-group-get#


Gets a single firewall rule group by name.

Base Command#

sophos-firewall-rule-group-get

Input#

Argument NameDescriptionRequired
nameName of the firewall rule group.Optional

Context Output#

PathTypeDescription
SophosFirewall.SecurityPolicyGroup.NameStringName of the group.
SophosFirewall.SecurityPolicyGroup.DescriptionStringDescription of the group.
SophosFirewall.SecurityPolicyGroup.SecurityPolicyList.SecurityPolicyStringRules contained inside the group.
SophosFirewall.SecurityPolicyGroup.SourceZones.ZoneStringSource zone in the group.
SophosFirewall.SecurityPolicyGroup.DestinationZones.ZoneStringDestination zone in the group.
SophosFirewall.SecurityPolicyGroup.PolicyTypeNumberType of the rules in the group.

Command Example#

!sophos-firewall-rule-group-get name=rulegroup

Context Example#

{
"SophosFirewall": {
"SecurityPolicyGroup": {
"Description": "rulegroup for user/network rules",
"IsDeleted": false,
"Name": "rulegroup",
"Policytype": "User/network rule",
"SecurityPolicyList": {
"SecurityPolicy": [
"network_rule",
"user_rule"
]
}
}
}
}

Human Readable Output#

SecurityPolicyGroup Object details#

NameDescriptionSecurityPolicyList
rulegrouprulegroup for user/network rulesSecurityPolicy: network_rule,
user_rule

sophos-firewall-rule-group-add#


Adds a new firewall rule group.

Base Command#

sophos-firewall-rule-group-add

Input#

Argument NameDescriptionRequired
nameName of the rule group.Required
descriptionDescription of the rule group.Optional
policy_typeType of the rules (policies) inside the group. Possible values: "Any", "User/network rule", "User rule", "Business application rule".Optional
rulesRules contained in the group.Optional
source_zonesSource zones contained in the group. Possible values: "Any", "LAN", "WAN", "VPN", "DMZ", "WiFi.Optional
destination_zonesDestination zones contained in the group. Possible values: "Any", "LAN", "WAN", "VPN", "DMZ", "WiFi.Optional

Context Output#

PathTypeDescription
SophosFirewall.SecurityPolicyGroup.NameStringName of the group.
SophosFirewall.SecurityPolicyGroup.DescriptionStringDescription of the group.
SophosFirewall.SecurityPolicyGroup.SecurityPolicyList.SecurityPolicyStringRules contained in the group.
SophosFirewall.SecurityPolicyGroup.SourceZones.ZoneStringSource zone in the group.
SophosFirewall.SecurityPolicyGroup.DestinationZones.ZoneStringDestination zone in the group.
SophosFirewall.SecurityPolicyGroup.PolicyTypeNumberType of the rules in the group.

Command Example#

!sophos-firewall-rule-group-add name=rulegroup policy_type="User/network rule" rules=user_rule,network_rule

Context Example#

{
"SophosFirewall": {
"SecurityPolicyGroup": {
"Description": null,
"IsDeleted": false,
"Name": "rulegroup",
"Policytype": "User/network rule",
"SecurityPolicyList": {
"SecurityPolicy": [
"user_rule",
"network_rule"
]
}
}
}
}

Human Readable Output#

SecurityPolicyGroup Object details#

NameSecurityPolicyList
rulegroupSecurityPolicy: user_rule,
network_rule

sophos-firewall-rule-group-update#


Updates an existing firewall rule group.

Base Command#

sophos-firewall-rule-group-update

Input#

Argument NameDescriptionRequired
nameName of the rule group.Required
descriptionDescription of the rule group.Optional
policy_typeType of the rules (policies) inside the group. Possible values: "Any", "User/network rule", "User rule", "Business application rule".Optional
rulesRules contained in the group.Optional
source_zonesSource zones contained in the group. Possible values: "Any", "LAN", "WAN", "VPN", "DMZ", "WiFi.Optional
destination_zonesDestination zones contained in the group. Possible values: "Any", "LAN", "WAN", "VPN", "DMZ", "WiFi.Optional

Context Output#

PathTypeDescription
SophosFirewall.SecurityPolicyGroup.NameStringName of the group.
SophosFirewall.SecurityPolicyGroup.DescriptionStringDescription of the group.
SophosFirewall.SecurityPolicyGroup.SecurityPolicyList.SecurityPolicyStringRules contained in the group.
SophosFirewall.SecurityPolicyGroup.SourceZones.ZoneStringSource zone in the group.
SophosFirewall.SecurityPolicyGroup.DestinationZones.ZoneStringDestination zone in the group.
SophosFirewall.SecurityPolicyGroup.PolicyTypeNumberType of the rules in the group.

Command Example#

!sophos-firewall-rule-group-update name=rulegroup description="rulegroup for user/network rules"

Context Example#

{
"SophosFirewall": {
"SecurityPolicyGroup": {
"Description": "rulegroup for user/network rules",
"IsDeleted": false,
"Name": "rulegroup",
"Policytype": "User/network rule",
"SecurityPolicyList": {
"SecurityPolicy": [
"network_rule",
"user_rule"
]
}
}
}
}

Human Readable Output#

SecurityPolicyGroup Object details#

NameDescriptionSecurityPolicyList
rulegrouprulegroup for user/network rulesSecurityPolicy: network_rule,
user_rule

sophos-firewall-rule-group-delete#


Deletes an existing firewall group.

Base Command#

sophos-firewall-rule-group-delete

Input#

Argument NameDescriptionRequired
nameName of the group.Required

Context Output#

PathTypeDescription
SophosFirewall.SecurityPolicyGroup.NameStringName of the group.
SophosFirewall.SecurityPolicyGroup.IsDeletedBoolWhether the group is deleted.

Command Example#

!sophos-firewall-rule-group-delete name=rulegroup

Context Example#

{
"SophosFirewall": {
"SecurityPolicyGroup": {
"IsDeleted": true,
"Name": "rulegroup"
}
}
}

Human Readable Output#

Deleting SecurityPolicyGroup Objects Results#

NameIsDeleted
rulegrouptrue

sophos-firewall-url-group-list#


Lists all URL groups. IMPORTANT: Listing starts at 0 (not 1)!

Base Command#

sophos-firewall-url-group-list

Input#

Argument NameDescriptionRequired
startThe start index for the rules to list, e.g: 5. Default is "0".Optional
endThe end index for the rules to list, e.g: 20. Default is "50".Optional

Context Output#

PathTypeDescription
SophosFirewall.WebFilterURLGroup.NameStringName of the URL group.
SophosFirewall.WebFilterURLGroup.DescriptionStringDescription of the URL group.
SophosFirewall.WebFilterURLGroup.URLlist.URLStringURL in the group.

Command Example#

!sophos-firewall-url-group-list start=0 end=6

Context Example#

{
"SophosFirewall": {
"WebFilterURLGroup": [
{
"Description": "1desc",
"IsDeleted": false,
"Name": "1",
"URLlist": {
"URL": [
"www.x.com",
"www.y.com"
]
}
},
{
"Description": null,
"IsDeleted": false,
"Name": "2",
"URLlist": {
"URL": "www.z.com"
}
},
{
"Description": null,
"IsDeleted": false,
"Name": "google",
"URLlist": {
"URL": "www.google.com"
}
},
{
"Description": null,
"IsDeleted": false,
"Name": "urlgroup1",
"URLlist": {
"URL": "www.blockthisurl.com"
}
},
{
"Description": null,
"IsDeleted": false,
"Name": "forunitest",
"URLlist": {
"URL": "badwebsite.com"
}
},
{
"Description": null,
"IsDeleted": false,
"Name": "forunitest2",
"URLlist": {
"URL": "badwebsite2.com"
}
}
]
}
}

Human Readable Output#

Showing 0 to 6 WebFilterURLGroup objects out of 12#

NameDescriptionURLlist
11descURL: www.x.com,
www.y.com
2URL: www.z.com
googleURL: www.google.com
urlgroup1URL: www.blockthisurl.com
forunitestURL: badwebsite.com
forunitest2URL: badwebsite2.com

sophos-firewall-url-group-get#


Gets a single URL group by name.

Base Command#

sophos-firewall-url-group-get

Input#

Argument NameDescriptionRequired
nameName of the group.Required

Context Output#

PathTypeDescription
SophosFirewall.WebFilterURLGroup.NameStringName of the URL group.
SophosFirewall.WebFilterURLGroup.DescriptionStringDescription of the URL group.
SophosFirewall.WebFilterURLGroup.URLlist.URLStringURL contained in the group.

Command Example#

!sophos-firewall-url-group-get name=urlgroup

Context Example#

{
"SophosFirewall": {
"WebFilterURLGroup": {
"Description": null,
"IsDeleted": false,
"Name": "urlgroup",
"URLlist": {
"URL": [
"www.example.com",
"www.another-example.com"
]
}
}
}
}

Human Readable Output#

WebFilterURLGroup Object details#

NameURLlist
urlgroupURL: www.example.com,
www.another-example.com

sophos-firewall-url-group-add#


Adds a new URL group.

Base Command#

sophos-firewall-url-group-add

Input#

Argument NameDescriptionRequired
nameName of the group.Required
descriptionDescription of the group.Optional
urlsURLs to add to the group.Required

Context Output#

PathTypeDescription
SophosFirewall.WebFilterURLGroup.NameStringName of the URL group.
SophosFirewall.WebFilterURLGroup.DescriptionStringDescription of the URL group.
SophosFirewall.WebFilterURLGroup.URLlist.URLStringURL contained in the group.

Command Example#

!sophos-firewall-url-group-add name=urlgroup urls=www.example.com

Context Example#

{
"SophosFirewall": {
"WebFilterURLGroup": {
"Description": null,
"IsDeleted": false,
"Name": "urlgroup",
"URLlist": {
"URL": [
"www.example.com"
]
}
}
}
}

sophos-firewall-url-group-update#


Updates an existing URL group.

Base Command#

sophos-firewall-url-group-update

Input#

Argument NameDescriptionRequired
nameName of the group.Required
descriptionDescription of the group.Optional
urlsURLs to add to the group.Optional

Context Output#

PathTypeDescription
SophosFirewall.WebFilterURLGroup.NameStringName of the URL group.
SophosFirewall.WebFilterURLGroup.DescriptionStringDescription of the URL group.
SophosFirewall.WebFilterURLGroup.URLlist.URLStringURL contained in the group.

Command Example#

!sophos-firewall-url-group-update name=urlgroup urls=www.another-example.com

Context Example#

{
"SophosFirewall": {
"WebFilterURLGroup": {
"Description": null,
"IsDeleted": false,
"Name": "urlgroup",
"URLlist": {
"URL": [
"www.example.com",
"www.another-example.com"
]
}
}
}
}

Human Readable Output#

WebFilterURLGroup Object details#

NameURLlist
urlgroupURL: www.example.com,
www.another-example.com

sophos-firewall-url-group-delete#


Deletes an existing URL group or groups.

Base Command#

sophos-firewall-url-group-delete

Input#

Argument NameDescriptionRequired
nameName of the group(s).Required

Context Output#

PathTypeDescription
SophosFirewall.WebFilterURLGroup.NameStringName of the URL group.
SophosFirewall.WebFilterURLGroup.IsDeletedBoolWhether the URL group is deleted.

Command Example#

!sophos-firewall-url-group-delete name=urlgroup

Context Example#

{
"SophosFirewall": {
"WebFilterURLGroup": {
"IsDeleted": true,
"Name": "urlgroup"
}
}
}

Human Readable Output#

Deleting WebFilterURLGroup Objects Results#

NameIsDeleted
urlgrouptrue

sophos-firewall-ip-host-list#


Lists all IP hosts. IMPORTANT: Listing starts at 0 (not 1)!

Base Command#

sophos-firewall-ip-host-list

Input#

Argument NameDescriptionRequired
startThe start index for the rules to list, e.g: 5. Default is "0".Optional
endThe end index for the rules to list, e.g: 20. Default is "50".Optional

Context Output#

PathTypeDescription
SophosFirewall.IPHost.NameStringName of the IP host.
SophosFirewall.IPHost.IPFamilyStringIP family of the host group. Either IPv4 or IPv6.
SophosFirewall.IPHost.HostTypeStringType of the host.

Command Example#

!sophos-firewall-ip-host-list start=0 end=6

Context Example#

{
"SophosFirewall": {
"IPHost": [
{
"HostType": "System Host",
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "##ALL_RW"
},
{
"HostType": "System Host",
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "##ALL_IPSEC_RW"
},
{
"HostType": "System Host",
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "##ALL_SSLVPN_RW"
},
{
"HostType": "System Host",
"IPFamily": "IPv6",
"IsDeleted": false,
"Name": "##ALL_RW6"
},
{
"HostType": "System Host",
"IPFamily": "IPv6",
"IsDeleted": false,
"Name": "##ALL_SSLVPN_RW6"
},
{
"HostType": "System Host",
"IPFamily": "IPv6",
"IsDeleted": false,
"Name": "##ALL_IPSEC_RW6"
}
]
}
}

Human Readable Output#

Showing 0 to 6 IPHost objects out of 13#

NameIPFamilyHostType
##ALL_RWIPv4System Host
##ALL_IPSEC_RWIPv4System Host
##ALL_SSLVPN_RWIPv4System Host
##ALL_RW6IPv6System Host
##ALL_SSLVPN_RW6IPv6System Host
##ALL_IPSEC_RW6IPv6System Host

sophos-firewall-ip-host-get#


Gets a single IP host by name.

Base Command#

sophos-firewall-ip-host-get

Input#

Argument NameDescriptionRequired
nameName of the IP host.Required

Context Output#

PathTypeDescription
SophosFirewall.IPHost.NameStringName of the IP host.
SophosFirewall.IPHost.IPFamilyStringIP family of the host group. Either IPv4 or IPv6.
SophosFirewall.IPHost.HostTypeStringType of the host.

Command Example#

!sophos-firewall-ip-host-get name=iphost

Context Example#

{
"SophosFirewall": {
"IPHost": {
"HostType": "IP",
"IPAddress": "2.2.2.2",
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "iphost"
}
}
}

Human Readable Output#

IPHost Object details#

NameIPFamilyHostType
iphostIPv4IP

sophos-firewall-ip-host-add#


Adds a new IP host.

Base Command#

sophos-firewall-ip-host-add

Input#

Argument NameDescriptionRequired
nameName of the IP host.Required
host_typeType of the host. Possible values: "IP", "Network", "IPRange", "IPList".Required
ip_familyThe IP family. Possible values: "IPv4" and "IPv6". Default is "IPv4".Optional
ip_addressIP address if IP or network was the chosen type.Optional
subnet_maskSubnet mask if network was the chosen type.Optional
start_ipStart of the IP range if IPRange was chosen.Optional
end_ipEnd of the IP range if IPRange was chosen.Optional
ip_addressesList of IP addresses if IPList was chosen.Optional
host_groupSelect the host group to which the host belongs.Optional

Context Output#

PathTypeDescription
SophosFirewall.IPHost.NameStringName of the IP host.
SophosFirewall.IPHost.IPFamilyStringIP family of the host group. Either IPv4 or IPv6.
SophosFirewall.IPHost.HostTypeStringType of the host.

Command Example#

!sophos-firewall-ip-host-add name=iphost host_type=IP ip_address=1.1.1.1

Context Example#

{
"SophosFirewall": {
"IPHost": {
"HostType": "IP",
"IPAddress": "1.1.1.1",
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "iphost"
}
}
}

Human Readable Output#

IPHost Object details#

NameIPFamilyHostType
iphostIPv4IP

sophos-firewall-ip-host-update#


Updates an existing IP host.

Base Command#

sophos-firewall-ip-host-update

Input#

Argument NameDescriptionRequired
nameName of the IP host.Required
host_typeType of the host. Possible values: "IP", "Network", "IPRange", "IPList".Optional
ip_familyThe IP family. Possible values: "IPv4" and "IPv6". Default is "IPv4".Optional
ip_addressIP address if IP or network was the chosen type.Optional
subnet_maskSubnet mask if network was the chosen type.Optional
start_ipStart of the IP range if IPRange was chosen.Optional
end_ipEnd of the IP range if IPRange was chosen.Optional
ip_addressesList of IP addresses if IPList was chosen.Optional
host_groupSelect the host group to which the host belongs.Optional

Context Output#

PathTypeDescription
SophosFirewall.IPHost.NameStringName of the IP host.
SophosFirewall.IPHost.IPFamilyStringIP family of the host group. Either IPv4 or IPv6.
SophosFirewall.IPHost.HostTypeStringType of the host.

Command Example#

!sophos-firewall-ip-host-update name=iphost ip_address=2.2.2.2

Context Example#

{
"SophosFirewall": {
"IPHost": {
"HostType": "IP",
"IPAddress": "2.2.2.2",
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "iphost"
}
}
}

Human Readable Output#

IPHost Object details#

NameIPFamilyHostType
iphostIPv4IP

sophos-firewall-ip-host-delete#


Deletes an existing IP host.

Base Command#

sophos-firewall-ip-host-delete

Input#

Argument NameDescriptionRequired
nameName of the host.Required

Context Output#

PathTypeDescription
SophosFirewall.IPHost.NameStringName of the IP host.
SophosFirewall.IPHost.IsDeletedBoolWhether the IP host is deleted.

Command Example#

!sophos-firewall-ip-host-delete name=iphost

Context Example#

{
"SophosFirewall": {
"IPHost": {
"IsDeleted": true,
"Name": "iphost"
}
}
}

Human Readable Output#

Deleting IPHost Objects Results#

NameIsDeleted
iphosttrue

sophos-firewall-ip-host-group-list#


Lists all IP host groups. IMPORTANT: Listing starts at 0 (not 1)!

Base Command#

sophos-firewall-ip-host-group-list

Input#

Argument NameDescriptionRequired
startThe start index for the rules to list, e.g: 5. Default is "0".Optional
endThe end index for the rules to list, e.g: 20. Default is "50".Optional

Context Output#

PathTypeDescription
SophosFirewall.IPHostGroup.NameStringName of the IP host group.
SophosFirewall.IPHostGroup.descriptionStringDescription of the IP host group.
SophosFirewall.IPHostGroup.HostList.HostStringHost contained in the host group.
SophosFirewall.IPHostGroup.IPFamilyStringIP family of the host group. Either IPv4 or IPv6.

Command Example#

!sophos-firewall-ip-host-group-list start=0 end=6

Context Example#

{
"SophosFirewall": {
"IPHostGroup": [
{
"Description": null,
"HostList": {
"Host": [
"1.2.3.4",
"8.8.8.8"
]
},
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "Blocked by Playbook"
},
{
"Description": "FOR TESTING",
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "unitest2"
},
{
"Description": null,
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "Noam-Test"
}
]
}
}

Human Readable Output#

Showing 0 to 3 IPHostGroup objects out of 3#

NameDescriptionIPFamilyHostList
Blocked by PlaybookIPv4Host: 1.2.3.4,
8.8.8.8
unitest2FOR TESTINGIPv4
Noam-TestIPv4

sophos-firewall-ip-host-group-get#


Gets a single IP host group by name.

Base Command#

sophos-firewall-ip-host-group-get

Input#

Argument NameDescriptionRequired
nameName of the IP host group.Required

Context Output#

PathTypeDescription
SophosFirewall.IPHostGroup.NameStringName of the IP host group.
SophosFirewall.IPHostGroup.descriptionStringDescription of the IP host group.
SophosFirewall.IPHostGroup.HostList.HostStringHost contained inside the host group.
SophosFirewall.IPHostGroup.IPFamilyStringIP family of the host group. Either IPv4 or IPv6.

Command Example#

!sophos-firewall-ip-host-group-get name=iphostgroup

Context Example#

{
"SophosFirewall": {
"IPHostGroup": {
"Description": null,
"HostList": {
"Host": "iphost"
},
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "iphostgroup"
}
}
}

Human Readable Output#

IPHostGroup Object details#

NameIPFamilyHostList
iphostgroupIPv4Host: iphost

sophos-firewall-ip-host-group-add#


Adds a new IP host group.

Base Command#

sophos-firewall-ip-host-group-add

Input#

Argument NameDescriptionRequired
nameName of the IP host group.Required
descriptionDescription of the IP host group.Optional
ip_familyThe IP family. Possible values: "IPv4" and "IPv6".Optional
hostsIP hosts contained in the group. Must be hosts already existing in the system.Optional

Context Output#

PathTypeDescription
SophosFirewall.IPHostGroup.NameStringName of the IP host group.
SophosFirewall.IPHostGroup.descriptionStringDescription of the IP host group.
SophosFirewall.IPHostGroup.HostList.HostStringHost contained in the host group.
SophosFirewall.IPHostGroup.IPFamilyStringIP family of the host group. Either IPv4 or IPv6.

Command Example#

!sophos-firewall-ip-host-group-add name=iphostgroup

Context Example#

{
"SophosFirewall": {
"IPHostGroup": {
"Description": null,
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "iphostgroup"
}
}
}

Human Readable Output#

IPHostGroup Object details#

NameIPFamily
iphostgroupIPv4

sophos-firewall-ip-host-group-update#


Updates an existing IP host group.

Base Command#

sophos-firewall-ip-host-group-update

Input#

Argument NameDescriptionRequired
nameName of the IP host group.Required
descriptionDescription of the IP host group.Optional
ip_familyThe IP family. Possible values: "IPv4" and "IPv6".Optional
hostsIP hosts contained in the group. Must be hosts already existing in the system.Optional

Context Output#

PathTypeDescription
SophosFirewall.IPHostGroup.NameStringName of the IP host group.
SophosFirewall.IPHostGroup.descriptionStringDescription of the IP host group.
SophosFirewall.IPHostGroup.HostList.HostStringHost contained inside the host group.
SophosFirewall.IPHostGroup.IPFamilyStringIP family of the host group. Either IPv4 or IPv6.

Command Example#

!sophos-firewall-ip-host-group-update name=iphostgroup hosts=iphost

Context Example#

{
"SophosFirewall": {
"IPHostGroup": {
"Description": null,
"HostList": {
"Host": "iphost"
},
"IPFamily": "IPv4",
"IsDeleted": false,
"Name": "iphostgroup"
}
}
}

Human Readable Output#

IPHostGroup Object details#

NameIPFamilyHostList
iphostgroupIPv4Host: iphost

sophos-firewall-ip-host-group-delete#


Deletes an existing IP host group.

Base Command#

sophos-firewall-ip-host-group-delete

Input#

Argument NameDescriptionRequired
nameName of the group.Required

Context Output#

PathTypeDescription
SophosFirewall.IPHostGroup.NameStringName of the IP host group.
SophosFirewall.IPHostGroup.IsDeletedBoolWhether the IP host group is deleted.

Command Example#

!sophos-firewall-ip-host-group-delete name=iphostgroup

Context Example#

{
"SophosFirewall": {
"IPHostGroup": {
"IsDeleted": true,
"Name": "iphostgroup"
}
}
}

Human Readable Output#

Deleting IPHostGroup Objects Results#

NameIsDeleted
iphostgrouptrue

sophos-firewall-services-list#


Lists all firewall services. IMPORTANT: Listing starts at 0 (not 1)!

Base Command#

sophos-firewall-services-list

Input#

Argument NameDescriptionRequired
startThe start index for the rules to list, e.g: 5. Default is "0".Optional
endThe end index for the rules to list, e.g: 20. Default is "50".Optional

Context Output#

PathTypeDescription
SophosFirewall.Services.NameStringName of the firewall service.
SophosFirewall.Services.TypeStringType of the firewall service.
SophosFirewall.Services.ServiceDetails.ServiceDetailStringDetails about the service.

Command Example#

!sophos-firewall-services-list start=0 end=6

Context Example#

{
"SophosFirewall": {
"Services": [
{
"IsDeleted": false,
"Name": "AH",
"ServiceDetails": {
"ServiceDetail": {
"ProtocolName": "AH"
}
},
"Type": "IP"
},
{
"IsDeleted": false,
"Name": "AOL",
"ServiceDetails": {
"ServiceDetail": {
"DestinationPort": "5190:5194",
"Protocol": "TCP",
"SourcePort": "1:65535"
}
},
"Type": "TCPorUDP"
},
{
"IsDeleted": false,
"Name": "BGP",
"ServiceDetails": {
"ServiceDetail": {
"DestinationPort": "179",
"Protocol": "TCP",
"SourcePort": "1:65535"
}
},
"Type": "TCPorUDP"
},
{
"IsDeleted": false,
"Name": "DHCP",
"ServiceDetails": {
"ServiceDetail": {
"DestinationPort": "67:68",
"Protocol": "UDP",
"SourcePort": "67:68"
}
},
"Type": "TCPorUDP"
},
{
"IsDeleted": false,
"Name": "DNS",
"ServiceDetails": {
"ServiceDetail": [
{
"DestinationPort": "53",
"Protocol": "TCP",
"SourcePort": "1:65535"
},
{
"DestinationPort": "53",
"Protocol": "UDP",
"SourcePort": "1:65535"
}
]
},
"Type": "TCPorUDP"
},
{
"IsDeleted": false,
"Name": "ESP",
"ServiceDetails": {
"ServiceDetail": {
"ProtocolName": "ESP"
}
},
"Type": "IP"
}
]
}
}

Human Readable Output#

Showing 0 to 6 Services objects out of 63#

NameTypeServiceDetails
AHIPServiceDetail: {"ProtocolName": "AH"}
AOLTCPorUDPServiceDetail: {"SourcePort": "1:65535", "DestinationPort": "5190:5194", "Protocol": "TCP"}
BGPTCPorUDPServiceDetail: {"SourcePort": "1:65535", "DestinationPort": "179", "Protocol": "TCP"}
DHCPTCPorUDPServiceDetail: {"SourcePort": "67:68", "DestinationPort": "67:68", "Protocol": "UDP"}
DNSTCPorUDPServiceDetail: {'SourcePort': '1:65535', 'DestinationPort': '53', 'Protocol': 'TCP'},
{'SourcePort': '1:65535', 'DestinationPort': '53', 'Protocol': 'UDP'}
ESPIPServiceDetail: {"ProtocolName": "ESP"}

sophos-firewall-services-get#


Gets a single service by name.

Base Command#

sophos-firewall-services-get

Input#

Argument NameDescriptionRequired
nameName of the firewall service.Required

Context Output#

PathTypeDescription
SophosFirewall.Services.NameStringName of the firewall service.
SophosFirewall.Services.TypeStringType of the firewall service.
SophosFirewall.Services.ServiceDetails.ServiceDetailStringDetails about the service.

Command Example#

!sophos-firewall-services-get name=service

Context Example#

{
"SophosFirewall": {
"Services": {
"IsDeleted": false,
"Name": "service",
"ServiceDetails": {
"ServiceDetail": [
{
"ProtocolName": "Compaq-Peer"
},
{
"ProtocolName": "AH"
}
]
},
"Type": "IP"
}
}
}

Human Readable Output#

Services Object details#

NameTypeServiceDetails
serviceIPServiceDetail: {'ProtocolName': 'Compaq-Peer'},
{'ProtocolName': 'AH'}

sophos-firewall-services-add#


Adds a new firewall service.

Base Command#

sophos-firewall-services-add

Input#

Argument NameDescriptionRequired
nameName of the firewall service.Required
service_typeType of service. Possible values: "TCPorUDP", "IP", "ICMP", "ICMPv6".Required
protocolThe protocol for the service if service_type is TCPorUDP. Possible values: "TCP" and "UDP".Optional
source_portSource port if service_type is TCPorUDP.Optional
destination_portDestination port if service_type is TCPorUDP.Optional
protocol_nameProtocol name if service_type is IP.Optional
icmp_typeICMP type if service_type is ICMP.Optional
icmp_codeICMP code if service_type is ICMP.Optional
icmp_v6_typeICMPv6 type if service_type is ICMPv6.Optional
icmp_v6_codeICMPv6 code if service_type is ICMPv6.Optional

Context Output#

PathTypeDescription
SophosFirewall.Services.NameStringName of the firewall service.
SophosFirewall.Services.TypeStringType of the firewall service.
SophosFirewall.Services.ServiceDetails.ServiceDetailStringDetails about the service.

Command Example#

!sophos-firewall-services-add name=service service_type=IP protocol_name="Compaq-Peer"

Context Example#

{
"SophosFirewall": {
"Services": {
"IsDeleted": false,
"Name": "service",
"ServiceDetails": {
"ServiceDetail": {
"ProtocolName": "Compaq-Peer"
}
},
"Type": "IP"
}
}
}

Human Readable Output#

Services Object details#

NameTypeServiceDetails
serviceIPServiceDetail: {"ProtocolName": "Compaq-Peer"}

sophos-firewall-services-update#


Updates an existing firewall service.

Base Command#

sophos-firewall-services-update

Input#

Argument NameDescriptionRequired
nameName of the firewall service.Required
service_typeType of service. Possible values: "TCPorUDP", "IP", "ICMP", "ICMPv6".Optional
protocolThe protocol for the service if service_type is TCPorUDP. Possible values: "TCP" and "UDP".Optional
source_portSource port if service_type is TCPorUDP.Optional
destination_portDestination port if service_type is TCPorUDP.Optional
protocol_nameProtocol name if service_type is IP.Optional
icmp_typeICMP type if service_type is ICMP.Optional
icmp_codeICMP code if service_type is ICMP.Optional
icmp_v6_typeICMPv6 type if service_type is ICMPv6.Optional
icmp_v6_codeICMPv6 code if service_type is ICMPv6.Optional

Context Output#

PathTypeDescription
SophosFirewall.Services.NameStringName of the firewall service.
SophosFirewall.Services.TypeStringType of the firewall service.
SophosFirewall.Services.ServiceDetails.ServiceDetailStringDetails about the service.

Command Example#

!sophos-firewall-services-update name=service service_type=IP protocol_name=AH

Context Example#

{
"SophosFirewall": {
"Services": {
"IsDeleted": false,
"Name": "service",
"ServiceDetails": {
"ServiceDetail": [
{
"ProtocolName": "Compaq-Peer"
},
{
"ProtocolName": "AH"
}
]
},
"Type": "IP"
}
}
}

Human Readable Output#

Services Object details#

NameTypeServiceDetails
serviceIPServiceDetail: {'ProtocolName': 'Compaq-Peer'},
{'ProtocolName': 'AH'}

sophos-firewall-services-delete#


Deletes an existing firewall service.

Base Command#

sophos-firewall-services-delete

Input#

Argument NameDescriptionRequired
nameName of the service.Required

Context Output#

PathTypeDescription
SophosFirewall.Services.NameStringName of the firewall service.
SophosFirewall.Services.IsDeletedBoolWhether the firewall service is deleted.

Command Example#

!sophos-firewall-services-delete name=service

Context Example#

{
"SophosFirewall": {
"Services": {
"IsDeleted": true,
"Name": "service"
}
}
}

Human Readable Output#

Deleting Services Objects Results#

NameIsDeleted
servicetrue

sophos-firewall-user-list#


Lists all users. IMPORTANT: Listing starts at 0 (not 1)!

Base Command#

sophos-firewall-user-list

Input#

Argument NameDescriptionRequired
startThe start index for the rules to list, e.g: 5. Default is "0".Optional
endThe end index for the rules to list, e.g: 20. Default is "50".Optional

Context Output#

PathTypeDescription
SophosFirewall.User.NameStringName of the user.
SophosFirewall.User.UsernameStringUsername of the user.
SophosFirewall.User.DescriptionStringDescription of the user.
SophosFirewall.User.EmailList.EmailIDStringEmail of the user.
SophosFirewall.User.GroupStringGroup of the user.
SophosFirewall.User.UserTypeStringUser type of the user.
SophosFirewall.User.StatusStringStatus of the user.

Command Example#

!sophos-firewall-user-list start=0 end=6

Context Example#

{
"SophosFirewall": {
"User": [
{
"AccessTimePolicy": "Allowed all the time",
"CISCO": "Disable",
"ClientlessPolicy": "No Policy Applied",
"DataTransferPolicy": "100 MB Total Data Transfer policy",
"Description": null,
"EmailList": {
"EmailID": "test@test.com"
},
"Group": "Open Group",
"IsDeleted": false,
"IsEncryptCert": "Disable",
"L2TP": "Disable",
"LoginRestriction": "UserGroupNode",
"LoginRestrictionForAppliance": null,
"MACBinding": "Disable",
"Name": "user_new",
"PPTP": "Disable",
"Password": {
"#text": "0488F379742662C337D2FB1BDD1F08D9",
"@passwordform": "encrypt"
},
"QoSPolicy": "High Guarantee User",
"QuarantineDigest": "Disable",
"SSLVPNPolicy": "sg",
"ScheduleForApplianceAccess": "All The Time",
"SimultaneousLoginsGlobal": "Enable",
"Status": "Active",
"SurfingQuotaPolicy": "Unlimited Internet Access",
"UserType": "User",
"Username": "user new"
},
{
"AccessTimePolicy": "Allowed all the time",
"CISCO": "Disable",
"ClientlessPolicy": "No Policy Applied",
"DataTransferPolicy": "100 MB Total Data Transfer policy",
"Description": "new desc",
"EmailList": {
"EmailID": "test@test.com"
},
"Group": "Guest Group",
"IsDeleted": false,
"IsEncryptCert": "Disable",
"L2TP": "Disable",
"LoginRestriction": "UserGroupNode",
"LoginRestrictionForAppliance": null,
"MACBinding": "0",
"Name": "sg",
"PPTP": "Disable",
"Password": {
"#text": "ECA5ABF3D68822A1C3C9193F8AAE1522",
"@passwordform": "encrypt"
},
"Profile": "Administrator",
"QoSPolicy": "High Guarantee User",
"QuarantineDigest": "0",
"SSLVPNPolicy": "No Policy Applied",
"ScheduleForApplianceAccess": "All The Time",
"SimultaneousLoginsGlobal": "Enable",
"Status": "Active",
"SurfingQuotaPolicy": "Unlimited Internet Access",
"UserType": "User",
"Username": "sg1"
},
{
"AccessTimePolicy": "Allowed all the time",
"CISCO": "Disable",
"ClientlessPolicy": "No Policy Applied",
"DataTransferPolicy": "100 MB Total Data Transfer policy",
"Description": "1",
"Group": "Guest Group",
"IsDeleted": false,
"IsEncryptCert": "Disable",
"L2TP": "Disable",
"LoginRestriction": "UserGroupNode",
"LoginRestrictionForAppliance": null,
"MACBinding": "0",
"Name": "1",
"PPTP": "Disable",
"Password": {
"#text": "A8DFE8F6454F585D404E04435416C95E",
"@passwordform": "encrypt"
},
"QoSPolicy": "High Guarantee User",
"QuarantineDigest": "0",
"SSLVPNPolicy": "No Policy Applied",
"ScheduleForApplianceAccess": "All The Time",
"SimultaneousLoginsGlobal": "Enable",
"Status": "Active",
"SurfingQuotaPolicy": "Unlimited Internet Access",
"UserType": "User",
"Username": "1"
},
{
"AccessTimePolicy": "Allowed all the time",
"CISCO": "Disable",
"ClientlessPolicy": "No Policy Applied",
"DataTransferPolicy": "100 MB Total Data Transfer policy",
"Description": null,
"EmailList": {
"EmailID": "test@test.test"
},
"Group": "Guest Group",
"IsDeleted": false,
"IsEncryptCert": "Disable",
"L2TP": "Disable",
"LoginRestriction": "UserGroupNode",
"LoginRestrictionForAppliance": null,
"MACBinding": "0",
"Name": "unitest2",
"PPTP": "Disable",
"Password": {
"#text": "F5A7EFCF49F10328D7198A1968618B38",
"@passwordform": "encrypt"
},
"QoSPolicy": "High Guarantee User",
"QuarantineDigest": "Disable",
"SSLVPNPolicy": "No Policy Applied",
"ScheduleForApplianceAccess": "All The Time",
"SimultaneousLoginsGlobal": "Enable",
"Status": "Active",
"SurfingQuotaPolicy": "Unlimited Internet Access",
"UserType": "User",
"Username": "unitestuser"
},
{
"AccessTimePolicy": "Allowed all the time",
"CISCO": "Disable",
"ClientlessPolicy": "No Policy Applied",
"DataTransferPolicy": "100 MB Total Data Transfer policy",
"Description": null,
"EmailList": {
"EmailID": "test@test.test"
},
"Group": "Guest Group",
"IsDeleted": false,
"IsEncryptCert": "Disable",
"L2TP": "Disable",
"LoginRestriction": "UserGroupNode",
"LoginRestrictionForAppliance": null,
"MACBinding": "0",
"Name": "unitest3",
"PPTP": "Disable",
"Password": {
"#text": "F5A7EFCF49F10328D7198A1968618B38",
"@passwordform": "encrypt"
},
"QoSPolicy": "High Guarantee User",
"QuarantineDigest": "Disable",
"SSLVPNPolicy": "No Policy Applied",
"ScheduleForApplianceAccess": "All The Time",
"SimultaneousLoginsGlobal": "Enable",
"Status": "Active",
"SurfingQuotaPolicy": "Unlimited Internet Access",
"UserType": "User",
"Username": "unitestuser2"
}
]
}
}

Human Readable Output#

Showing 0 to 6 User objects out of 8#

UsernameNameDescriptionEmailListGroupUserTypeStatus
user newuser_newEmailID: test@test.comOpen GroupUserActive
sgsgThis is sg descEmailID: test@test.comGuest GroupAdministratorActive
111Guest GroupUserActive
sg1sgnew descGuest GroupUserActive
unitestuserunitest2EmailID: test@test.testGuest GroupUserActive
unitestuser2unitest3EmailID: test@test.testGuest GroupUserActive

sophos-firewall-user-get#


Gets a single user by name.

Base Command#

sophos-firewall-user-get

Input#

Argument NameDescriptionRequired
nameName of the user.Required

Context Output#

PathTypeDescription
SophosFirewall.User.NameStringName of the user.
SophosFirewall.User.UsernameStringUsername of the user.
SophosFirewall.User.DescriptionStringDescription of the user.
SophosFirewall.User.EmailList.EmailIDStringEmail of the user.
SophosFirewall.User.GroupStringGroup of the user.
SophosFirewall.User.UserTypeStringUser type of the user.
SophosFirewall.User.StatusStringStatus of the user.

Command Example#

!sophos-firewall-user-get name=user

Context Example#

{
"SophosFirewall": {
"User": {
"AccessTimePolicy": "Allowed all the time",
"CISCO": "Disable",
"ClientlessPolicy": "No Policy Applied",
"DataTransferPolicy": "100 MB Total Data Transfer policy",
"Description": "Description for the user",
"Group": "Guest Group",
"IsDeleted": false,
"IsEncryptCert": "Disable",
"L2TP": "Disable",
"LoginRestriction": "UserGroupNode",
"LoginRestrictionForAppliance": null,
"MACBinding": "0",
"Name": "user",
"PPTP": "Disable",
"Password": {
"#text": "A8DFE8F6454F585D404E04435416C95E",
"@passwordform": "encrypt"
},
"QoSPolicy": "High Guarantee User",
"QuarantineDigest": "0",
"SSLVPNPolicy": "No Policy Applied",
"ScheduleForApplianceAccess": "All The Time",
"SimultaneousLoginsGlobal": "Enable",
"Status": "Active",
"SurfingQuotaPolicy": "Unlimited Internet Access",
"UserType": "User",
"Username": "user"
}
}
}

Human Readable Output#

User Object details#

UsernameNameDescriptionGroupUserTypeStatus
useruserDescription for the userGuest GroupUserActive

sophos-firewall-user-add#


Adds a new user.

Base Command#

sophos-firewall-user-add

Input#

Argument NameDescriptionRequired
usernameUsername of the user.Required
nameName of the user.Required
descriptionDescription of the user.Optional
emailEmail of the user.Required
groupGroup of the user. Default is "Guest Group".Optional
passwordThe password of the user.Required
user_typeThe type of the user. Possible values: "Administrator" and "User". Default is "User".Optional
profileProfile of the administrator if user_type is Administrator. Possible values: "Administrator", "Crypto Admin", "Security Admin", "Audit Admin", "HAProfile". IMPORTANT: You can add more types in the web console.Optional
surfing_quota_policyThe Surfing Quota policy. Default is "Unlimited Internet Access".Optional
access_time_policyThe Access Time policy. Default is "Allowed all the time".Optional
ssl_vpn_policyThe SSL VPN policy. Default is "No Policy Applied".Optional
clientless_policyThe clientless policy. Default is "No Policy Applied".Optional
data_transfer_policyThe Data Transfer policy. Default is: "100 MB Total Data Transfer policy".Optional
simultaneous_logins_globalWhether to enable simultaneous logins global. Possible values: "Enable" and "Disable". Default is "Eanble".Optional
schedule_for_appliance_accessThe schedule for appliance access. Default is "All The Time". IMPORTANT: This option\ \ is available only for Administrators.Optional
qos_policyThe QoS policy. Default is "High Guarantee User".Optional
login_restrictionThe login restriction option. Possible values: "AnyNode" and "UserGroupNode". Default is "UserGroupNode".Optional

Context Output#

PathTypeDescription
SophosFirewall.User.NameStringName of the user.
SophosFirewall.User.UsernameStringUsername of the user.
SophosFirewall.User.DescriptionStringDescription of the user.
SophosFirewall.User.EmailList.EmailIDStringEmail of the user.
SophosFirewall.User.GroupStringGroup of the user.
SophosFirewall.User.UserTypeStringUser type of the user.
SophosFirewall.User.StatusStringStatus of the user.

Command Example#

!sophos-firewall-user-add name=user username=user password=1234 email=user@mail.com

Context Example#

{
"SophosFirewall": {
"User": {
"AccessTimePolicy": "Allowed all the time",
"CISCO": "Disable",
"ClientlessPolicy": "No Policy Applied",
"DataTransferPolicy": "100 MB Total Data Transfer policy",
"Description": null,
"EmailList": {
"EmailID": "user@mail.com"
},
"Group": "Guest Group",
"IsDeleted": false,
"IsEncryptCert": "Disable",
"L2TP": "Disable",
"LoginRestriction": "UserGroupNode",
"LoginRestrictionForAppliance": null,
"MACBinding": "0",
"Name": "user",
"PPTP": "Disable",
"Password": {
"#text": "A8DFE8F6454F585D404E04435416C95E",
"@passwordform": "encrypt"
},
"QoSPolicy": "High Guarantee User",
"QuarantineDigest": "Disable",
"SSLVPNPolicy": "No Policy Applied",
"ScheduleForApplianceAccess": "All The Time",
"SimultaneousLoginsGlobal": "Enable",
"Status": "Active",
"SurfingQuotaPolicy": "Unlimited Internet Access",
"UserType": "User",
"Username": "user"
}
}
}

Human Readable Output#

User Object details#

UsernameNameEmailListGroupUserTypeStatus
useruserEmailID: user@mail.comGuest GroupUserActive

sophos-firewall-user-update#


Updates a user.

Base Command#

sophos-firewall-user-update

Input#

Argument NameDescriptionRequired
usernameUsername of the user.Required
nameName of the user.Required
descriptionDescription of the user.Optional
emailEmail of the user.Optional
groupGroup of the user. Default is "Guest Group".Optional
passwordThe password of the user.Optional
user_typeThe type of the user. Possible values: "Administrator" and "User". Default is "User".Optional
profileProfile of the administrator if user_type is Administrator. Possible values: "Administrator", "Crypto Admin", "Security Admin", "Audit Admin", "HAProfile". IMPORTANT: You can add more types in the web console.Optional
surfing_quota_policyThe Surfing Quota policy. Default is "Unlimited Internet Access".Optional
access_time_policyThe Access Time policy. Default is "Allowed all the time".Optional
ssl_vpn_policyThe SSL VPN policy. Default is "No Policy Applied".Optional
clientless_policyThe clientless policy. Default is "No Policy Applied".Optional
data_transfer_policyThe Data Transfer policy. Default is: "100 MB Total Data Transfer policy".Optional
simultaneous_logins_globalWhether to enable simultaneous logins global. Possible values: "Enable" and "Disable". Default is "Eanble".Optional
schedule_for_appliance_accessThe schedule for appliance access. Default is "All The Time".IMPORTANT: This option\ \ is available only for Administrators.Optional
qos_policyThe QoS policy. Default is "High Guarantee User".Optional
login_restrictionThe login restriction option. Possible values: "AnyNode" and "UserGroupNode". Default is "UserGroupNode".Optional

Context Output#

PathTypeDescription
SophosFirewall.User.NameStringName of the user.
SophosFirewall.User.UsernameStringUsername of the user.
SophosFirewall.User.DescriptionStringDescription of the user.
SophosFirewall.User.EmailList.EmailIDStringEmail of the user.
SophosFirewall.User.GroupStringGroup of the user.
SophosFirewall.User.UserTypeStringUser type of the user.
SophosFirewall.User.StatusStringStatus of the user.

Command Example#

!sophos-firewall-user-update name=user username=user description="Description for the user"

Context Example#

{
"SophosFirewall": {
"User": {
"AccessTimePolicy": "Allowed all the time",
"CISCO": "Disable",
"ClientlessPolicy": "No Policy Applied",
"DataTransferPolicy": "100 MB Total Data Transfer policy",
"Description": "Description for the user",
"Group": "Guest Group",
"IsDeleted": false,
"IsEncryptCert": "Disable",
"L2TP": "Disable",
"LoginRestriction": "UserGroupNode",
"LoginRestrictionForAppliance": null,
"MACBinding": "0",
"Name": "user",
"PPTP": "Disable",
"Password": {
"#text": "A8DFE8F6454F585D404E04435416C95E",
"@passwordform": "encrypt"
},
"QoSPolicy": "High Guarantee User",
"QuarantineDigest": "0",
"SSLVPNPolicy": "No Policy Applied",
"ScheduleForApplianceAccess": "All The Time",
"SimultaneousLoginsGlobal": "Enable",
"Status": "Active",
"SurfingQuotaPolicy": "Unlimited Internet Access",
"UserType": "User",
"Username": "user"
}
}
}

Human Readable Output#

User Object details#

UsernameNameDescriptionGroupUserTypeStatus
useruserDescription for the userGuest GroupUserActive

sophos-firewall-user-delete#


Deletes an existing user.

Base Command#

sophos-firewall-user-delete

Input#

Argument NameDescriptionRequired
nameName of the user.Required

Context Output#

PathTypeDescription
SophosFirewall.User.NameStringName of the user.
SophosFirewall.User.IsDeletedBoolWhether the user is deleted.

Command Example#

!sophos-firewall-user-delete name=user

Context Example#

{
"SophosFirewall": {
"User": {
"IsDeleted": true,
"Name": "user"
}
}
}

Human Readable Output#

Deleting User Objects Results#

NameIsDeleted
usertrue

sophos-firewall-app-policy-list#


Lists all app policies. IMPORTANT: Listing starst at 0 (not 1)!

Base Command#

sophos-firewall-app-policy-list

Input#

Argument NameDescriptionRequired
startThe start index for the rules to list, e.g: 5. Default is "0".Optional
endThe end index for the rules to list, e.g: 20. Default is "50".Optional

Context Output#

PathTypeDescription
SophosFirewall.ApplicationFilterPolicy.NameStringName of the firewall app policy.
SophosFirewall.ApplicationFilterPolicy.DescriptionStringDescription of the firewall app policy.
SophosFirewall.ApplicationFilterPolicy.MicroAppSupportStringWhether the policy support microapps.
SophosFirewall.ApplicationFilterPolicy.DefaultActionStringDefault action the policy executes.
SophosFirewall.ApplicationFilterPolicy.RuleList.RuleStringDetails of the rule.

Command Example#

!sophos-firewall-app-policy-list start=0 end=6

Context Example#

{
"SophosFirewall": {
"ApplicationFilterPolicy": [
{
"DefaultAction": "Allow",
"Description": "Allow All Policy.",
"IsDeleted": false,
"MicroAppSupport": "True",
"Name": "Allow All"
},
{
"DefaultAction": "Allow",
"Description": "Drops traffic from applications that tunnels other apps, proxy and tunnel apps, and from apps that can bypass firewall policy. These applications allow users to anonymously browse Internet by connecting to servers on the Internet via encrypted SSL tunnels. This, in turn, enables users to bypass network security measures.",
"IsDeleted": false,
"MicroAppSupport": "True",
"Name": "Block filter avoidance apps",
"RuleList": {
"Rule": [
{
"Action": "Deny",
"ApplicationList": {
"Application": [
"test"
]
},
"CategoryList": {
"Category": "Proxy and Tunnel"
},
"Schedule": "All The Time",
"SelectAllRule": "Enable",
"SmartFilter": null
},
{
"Action": "Deny",
"ApplicationList": {
"Application": [
"test"
]
},
"CharacteristicsList": {
"Characteristics": "Can bypass firewall policy"
},
"Schedule": "All The Time",
"SelectAllRule": "Enable",
"SmartFilter": null
},
{
"Action": "Deny",
"ApplicationList": {
"Application": [
"test"
]
},
"CharacteristicsList": {
"Characteristics": "Tunnels other apps"
},
"Schedule": "All The Time",
"SelectAllRule": "Enable",
"SmartFilter": null
}
]
}
}
]
}
}

Human Readable Output#

Showing 0 to 6 ApplicationFilterPolicy objects out of 12#

NameDescriptionMicroAppSupportDefaultActionRuleList
Allow AllAllow All Policy.TrueAllow
Block filter avoidance appsDrops traffic from applications that tunnels other apps, proxy and tunnel apps, and from apps that can bypass firewall policy. These applications allow users to anonymously browse Internet by connecting to servers on the Internet via encrypted SSL tunnels. This, in turn, enables users to bypass network security measures.TrueAllowRule: {'SelectAllRule': 'Enable', 'CategoryList': {'Category': 'Proxy and Tunnel'}, 'SmartFilter': None, 'ApplicationList': {'Application': 'test'}, 'Action': 'Deny', 'Schedule': 'All The Time'}
Block generally unwanted appsDrops generally unwanted applications traffic. This includes file transfer apps, proxy & tunnel apps, risk prone apps, peer to peer networking (P2P) apps and apps that causes loss of productivity.TrueAllowRule: {'SelectAllRule': 'Enable', 'CategoryList': {'Category': 'P2P'}, 'SmartFilter': None, 'ApplicationList': {'Application': ['test']}, 'Action': 'Deny', 'Schedule': 'All The Time'}
Block high risk (Risk Level 4 and 5) appsDrops traffic that are classified under high risk apps (Risk Level- 4 and 5).TrueAllowRule: {'SelectAllRule': 'Enable', 'RiskList': {'Risk': 'High'}, 'SmartFilter': None, 'ApplicationList': {'Application': ['test']}, 'Action': 'Deny', 'Schedule': 'All The Time'}
Block peer to peer (P2P) networking appsDrops traffic from applications that are categorized as P2P apps. P2P could be a mechanism for distributing Bots, Spywares, Adware, Trojans, Rootkits, Worms and other types of malwares. It is generally advised to have P2P application blocked in your network.TrueAllowRule: {"SelectAllRule": "Enable", "CategoryList": {"Category": "P2P"}, "SmartFilter": null, "ApplicationList": {"Application": ["test"]}, "Action": "Deny", "Schedule": "All The Time"}
Block very high risk (Risk Level 5) appsDrops traffic that are classified under very high risk apps (Risk Level- 5).TrueAllowRule: {"SelectAllRule": "Enable", "RiskList": {"Risk": "Very High"}, "SmartFilter": null, "ApplicationList": {"Application": ["test]}, "Action": "Deny", "Schedule": "All The Time"}

sophos-firewall-app-policy-get#


Gets a single app policy by name.

Base Command#

sophos-firewall-app-policy-get

Input#

Argument NameDescriptionRequired
nameName of the policy.Required

Context Output#

PathTypeDescription
SophosFirewall.ApplicationFilterPolicy.NameStringName of the firewall app policy.
SophosFirewall.ApplicationFilterPolicy.DescriptionStringDescription of the firewall app policy.
SophosFirewall.ApplicationFilterPolicy.MicroAppSupportStringDoes the policy support microapps.
SophosFirewall.ApplicationFilterPolicy.DefaultActionStringDefault action the policy executes.
SophosFirewall.ApplicationFilterPolicy.RuleList.RuleStringDetails of the rule.

Command Example#

!sophos-firewall-app-policy-get name=apppolicy

Context Example#

{
"SophosFirewall": {
"ApplicationFilterPolicy": {
"DefaultAction": "Allow",
"Description": "Description for app policy object",
"IsDeleted": false,
"MicroAppSupport": "True",
"Name": "apppolicy"
}
}
}

Human Readable Output#

ApplicationFilterPolicy Object details#

NameDescriptionMicroAppSupportDefaultAction
apppolicyDescription for app policy objectTrueAllow

sophos-firewall-app-policy-add#


Adds a new app policy.

Base Command#

sophos-firewall-app-policy-add

Input#

Argument NameDescriptionRequired
nameName of the policy.Required
descriptionDescription of the policy.Optional
micro_app_supportWhether microapp support is enabled. Possible values: "true" and "false".Optional
default_actionDefault action for the policy. Possible values: "Allow" and "Deny".Optional
select_allWhether to enable the select all rule. Possible values: "Enable" and "Disable".Optional
categoriesCategories to add to the rule.Optional
risksRisks to add to the rule.Optional
applicationsApplications to add to the rule.Optional
characteristicsCharacteristics to add to the rule.Optional
technologiesTechnologies to add to the rule.Optional
classificationsClassifications to add to the rule.Optional
actionAction for the rule. Possible values: "Allow" and "Deny".Optional
scheduleThe schedule for the rule. Possible values: "All the time", "Work hours (5 Day week)", "Work hours (6 Day week)", "All Time on Weekdays", "All Time on Weekends", "All Time on Sunday", "All Days 10:00 to 19:00". IMPORTANT: Creating a new schedule is available in the web console.Optional

Context Output#

PathTypeDescription
SophosFirewall.ApplicationFilterPolicy.NameStringName of the firewall app policy.
SophosFirewall.ApplicationFilterPolicy.DescriptionStringDescription of the firewall app policy.
SophosFirewall.ApplicationFilterPolicy.MicroAppSupportStringWhether the policy supports microapps.
SophosFirewall.ApplicationFilterPolicy.DefaultActionStringDefault action the policy executes.
SophosFirewall.ApplicationFilterPolicy.RuleList.RuleStringDetails of the rule.

Command Example#

!sophos-firewall-app-policy-add name=apppolicy

Context Example#

{
"SophosFirewall": {
"ApplicationFilterPolicy": {
"DefaultAction": "Allow",
"Description": null,
"IsDeleted": false,
"MicroAppSupport": "True",
"Name": "apppolicy"
}
}
}

Human Readable Output#

ApplicationFilterPolicy Object details#

NameMicroAppSupportDefaultAction
apppolicyTrueAllow

sophos-firewall-app-policy-update#


Updates an existing app policy.

Base Command#

sophos-firewall-app-policy-update

Input#

Argument NameDescriptionRequired
nameName of the policy.Required
descriptionDescription of the policy.Optional
micro_app_supportWhether microapp support is enabled. Possible values: "true" and "false".Optional
default_actionDefault action for the policy. Possible values: "Allow" and "Deny".Optional
select_allWhether to enable the select all rule. Possible values: "Enable" and "Disable".Optional
categoriesCategories to add to the rule.Optional
risksRisks to add to the rule.Optional
applicationsApplications to add to the rule.Optional
characteristicsCharacteristics to add to the rule.Optional
technologiesTechnologies to add to the rule.Optional
classificationsClassifications to add to the rule.Optional
actionAction for the rule. Possible values: "Allow" and "Deny".Optional
scheduleThe schedule for the rule. Possible values: "All the time", "Work hours (5 Day week)", "Work hours (6 Day week)", "All Time on Weekdays", "All Time on Weekends", "All Time on Sunday", "All Days 10:00 to 19:00". IMPORTANT: Creating a new schedule is available in the web console.Optional

Context Output#

PathTypeDescription
SophosFirewall.ApplicationFilterPolicy.NameStringName of the firewall app policy.
SophosFirewall.ApplicationFilterPolicy.DescriptionStringDescription of the firewall app policy.
SophosFirewall.ApplicationFilterPolicy.MicroAppSupportStringWhether the policy supports microapps.
SophosFirewall.ApplicationFilterPolicy.DefaultActionStringDefault action the policy executes.
SophosFirewall.ApplicationFilterPolicy.RuleList.RuleStringDetails of the rule.

Command Example#

!sophos-firewall-app-policy-update name=apppolicy description="Description for app policy object"

Context Example#

{
"SophosFirewall": {
"ApplicationFilterPolicy": {
"DefaultAction": "Allow",
"Description": "Description for app policy object",
"IsDeleted": false,
"MicroAppSupport": "True",
"Name": "apppolicy"
}
}
}

Human Readable Output#

ApplicationFilterPolicy Object details#

NameDescriptionMicroAppSupportDefaultAction
apppolicyDescription for app policy objectTrueAllow

sophos-firewall-app-policy-delete#


Deletes an existing app policy.

Base Command#

sophos-firewall-app-policy-delete

Input#

Argument NameDescriptionRequired
nameName of the policy.Required

Context Output#

PathTypeDescription
SophosFirewall.ApplicationFilterPolicy.NameStringName of the firewall app policy.
SophosFirewall.ApplicationFilterPolicy.IsDeletedBoolWhether the firewall app policy is deleted.

Command Example#

!sophos-firewall-app-policy-delete name=apppolicy

Context Example#

{
"SophosFirewall": {
"ApplicationFilterPolicy": {
"IsDeleted": true,
"Name": "apppolicy"
}
}
}

Human Readable Output#

Deleting ApplicationFilterPolicy Objects Results#

NameIsDeleted
apppolicytrue

sophos-firewall-app-category-list#


Lists all app filter categories. IMPORTANT: Listing starts at 0 (not 1)!

Base Command#

sophos-firewall-app-category-list

Input#

Argument NameDescriptionRequired
startThe start index for the rules to list, e.g: 5. Default is "0".Optional
endThe end index for the rules to list, e.g: 20. Default is "50".Optional

Context Output#

PathTypeDescription
SophosFirewall.ApplicationFilterCategory.NameStringName of the app category.
SophosFirewall.ApplicationFilterCategory.DescriptionStringDescription of the app category.
SophosFirewall.ApplicationFilterCategory.QoSPolicyStringQoS policy of the category.
SophosFirewall.ApplicationFilterCategory.BandwidthUsageTypeStringBandwidth usage type of the category.

Command Example#

!sophos-firewall-app-category-list start=0 end=6

Context Example#

{
"SophosFirewall": {
"ApplicationFilterCategory": [
{
"BandwidthUsageType": null,
"Description": "Conferencing",
"IsDeleted": false,
"Name": "Conferencing",
"QoSPolicy": "None"
},
{
"BandwidthUsageType": null,
"Description": "Desktop Mail",
"IsDeleted": false,
"Name": "Desktop Mail",
"QoSPolicy": "None"
},
{
"BandwidthUsageType": null,
"Description": "Database Applications",
"IsDeleted": false,
"Name": "Download Applications",
"QoSPolicy": "None"
},
{
"BandwidthUsageType": null,
"Description": "E-commerce",
"IsDeleted": false,
"Name": "E-commerce",
"QoSPolicy": "None"
},
{
"BandwidthUsageType": null,
"Description": "File Transfer",
"IsDeleted": false,
"Name": "File Transfer",
"QoSPolicy": "None"
},
{
"BandwidthUsageType": "Individual",
"Description": "Gaming Sites and Applications",
"IsDeleted": false,
"Name": "Gaming",
"QoSPolicy": "policy"
}
]
}
}

Human Readable Output#

Showing 0 to 6 ApplicationFilterCategory objects out of 25#

NameDescriptionQoSPolicyBandwidthUsageType
ConferencingConferencingNone
Desktop MailDesktop MailNone
Download ApplicationsDatabase ApplicationsNone
E-commerceE-commerceNone
File TransferFile TransferNone
GamingGaming Sites and ApplicationspolicyIndividual

sophos-firewall-app-category-get#


Gets a single app filter category by name.

Base Command#

sophos-firewall-app-category-get

Input#

Argument NameDescriptionRequired
nameName of the app category.Required

Context Output#

PathTypeDescription
SophosFirewall.ApplicationFilterCategory.NameStringName of the app category.
SophosFirewall.ApplicationFilterCategory.DescriptionStringDescription of the app category.
SophosFirewall.ApplicationFilterCategory.QoSPolicyStringQoS policy of the category.
SophosFirewall.ApplicationFilterCategory.BandwidthUsageTypeStringBandwidth usage type of the category.

Command Example#

!sophos-firewall-app-category-get name=Gaming

Context Example#

{
"SophosFirewall": {
"ApplicationFilterCategory": {
"BandwidthUsageType": "Individual",
"Description": "Gaming Sites and Applications",
"IsDeleted": false,
"Name": "Gaming",
"QoSPolicy": "policy"
}
}
}

Human Readable Output#

ApplicationFilterCategory Object details#

NameDescriptionQoSPolicyBandwidthUsageType
GamingGaming Sites and ApplicationspolicyIndividual

sophos-firewall-app-category-update#


Updates an existing app filter category.

Base Command#

sophos-firewall-app-category-update

Input#

Argument NameDescriptionRequired
nameName of the app category.Required
descriptionThe description of the category.Optional
qos_policyQoS policy of the category.Optional

Context Output#

PathTypeDescription
SophosFirewall.ApplicationFilterCategory.NameStringName of the app category.
SophosFirewall.ApplicationFilterCategory.DescriptionStringDescription of the app category.
SophosFirewall.ApplicationFilterCategory.QoSPolicyStringQoS policy of the category.
SophosFirewall.ApplicationFilterCategory.BandwidthUsageTypeStringBandwidth usage type of the category.

Command Example#

!sophos-firewall-app-category-update name=Gaming qos_policy=policy

Context Example#

{
"SophosFirewall": {
"ApplicationFilterCategory": {
"BandwidthUsageType": "Individual",
"Description": "Gaming Sites and Applications",
"IsDeleted": false,
"Name": "Gaming",
"QoSPolicy": "policy"
}
}
}

Human Readable Output#

ApplicationFilterCategory Object details#

NameDescriptionQoSPolicyBandwidthUsageType
GamingGaming Sites and ApplicationspolicyIndividual

sophos-firewall-web-filter-list#


Lists all web filter policies. IMPORTANT: Listing starts at 0 (not 1)!

Base Command#

sophos-firewall-web-filter-list

Input#

Argument NameDescriptionRequired
startThe start index for the rules to list, e.g: 5. Default is "0".Optional
endThe end index for the rules to list, e.g: 20. Default is "50".Optional

Context Output#

PathTypeDescription
SophosFirewall.WebFilterPolicy.NameStringName of the policy.
SophosFirewall.WebFilterPolicy.DefaultActionStringDefault action for the web filter policy.
SophosFirewall.WebFilterPolicy.DescriptionStringDescription of the rule.
SophosFirewall.WebFilterPolicy.EnableReportingStringWhether the policy reports events.
SophosFirewall.WebFilterPolicy.DownloadFileSizeRestrictionNumberMaximum file size that can be downloaded.
SophosFirewall.WebFilterPolicy.DownloadFileSizeRestrictionEnabledStringWhether the file size restriction is active.
SophosFirewall.WebFilterPolicy.RuleList.RuleStringRule list information.

Command Example#

!sophos-firewall-web-filter-list start=0 end=6

Context Example#

{
"SophosFirewall": {
"WebFilterPolicy": [
{
"DefaultAction": "Allow",
"Description": "Deny access to web mail and online chat sites",
"DownloadFileSizeRestriction": "0",
"DownloadFileSizeRestrictionEnabled": "0",
"EnableReporting": "Enable",
"EnforceImageLicensing": "0",
"EnforceSafeSearch": "0",
"GoogAppDomainList": null,
"GoogAppDomainListEnabled": "0",
"IsDeleted": false,
"Name": "No Web Mail or Chat",
"RuleList": {
"Rule": [
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Web E-Mail",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Online Chat",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
}
]
},
"YoutubeFilterEnabled": "0",
"YoutubeFilterIsStrict": "0"
},
{
"DefaultAction": "Allow",
"Description": "Deny access to web mail sites",
"DownloadFileSizeRestriction": "0",
"DownloadFileSizeRestrictionEnabled": "0",
"EnableReporting": "Enable",
"EnforceImageLicensing": "0",
"EnforceSafeSearch": "0",
"GoogAppDomainList": null,
"GoogAppDomainListEnabled": "0",
"IsDeleted": false,
"Name": "No Web Mail",
"RuleList": {
"Rule": {
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Web E-Mail",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
}
},
"YoutubeFilterEnabled": "0",
"YoutubeFilterIsStrict": "0"
},
{
"DefaultAction": "Allow",
"Description": "Deny access to online chat sites",
"DownloadFileSizeRestriction": "0",
"DownloadFileSizeRestrictionEnabled": "0",
"EnableReporting": "Enable",
"EnforceImageLicensing": "0",
"EnforceSafeSearch": "0",
"GoogAppDomainList": null,
"GoogAppDomainListEnabled": "0",
"IsDeleted": false,
"Name": "No Online Chat",
"RuleList": {
"Rule": {
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Online Chat",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
}
},
"YoutubeFilterEnabled": "0",
"YoutubeFilterIsStrict": "0"
},
{
"DefaultAction": "Allow",
"Description": "Restrict users from uploading content to any site",
"DownloadFileSizeRestriction": "0",
"DownloadFileSizeRestrictionEnabled": "0",
"EnableReporting": "Enable",
"EnforceImageLicensing": "0",
"EnforceSafeSearch": "0",
"GoogAppDomainList": null,
"GoogAppDomainListEnabled": "0",
"IsDeleted": false,
"Name": "No web uploads",
"RuleList": {
"Rule": {
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "HTTPUpload",
"type": "DynamicCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
}
},
"YoutubeFilterEnabled": "0",
"YoutubeFilterIsStrict": "0"
},
{
"DefaultAction": "Allow",
"Description": "Deny access to categories most commonly unwanted in professional environments",
"DownloadFileSizeRestriction": "0",
"DownloadFileSizeRestrictionEnabled": "0",
"EnableReporting": "Enable",
"EnforceImageLicensing": "0",
"EnforceSafeSearch": "0",
"GoogAppDomainList": null,
"GoogAppDomainListEnabled": "0",
"IsDeleted": false,
"Name": "Default Workplace Policy",
"RuleList": {
"Rule": [
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Weapons",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Extreme",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Phishing & Fraud",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Militancy & Extremist",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Gambling",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Criminal Activity",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Pro-Suicide & Self-Harm",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Intellectual Piracy",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Marijuana",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Controlled substances",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Legal highs",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Hunting & Fishing",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Anonymizers",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Sexually Explicit",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
},
{
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Nudity",
"type": "WebCategory"
}
},
"ExceptionList": {
"FileTypeCategory": null
},
"FollowHTTPAction": "1",
"HTTPAction": "Deny",
"HTTPSAction": "Deny",
"PolicyRuleEnabled": "1",
"Schedule": "All The Time"
}
]
},
"YoutubeFilterEnabled": "0",
"YoutubeFilterIsStrict": "0"
},
{
"DefaultAction": "Allow",
"Description": "Deny access to sexually explicit sites",
"DownloadFileSizeRestriction": "0",
"DownloadFileSizeRestrictionEnabled": "0",
"EnableReporting": "Enable",
"EnforceImageLicensing": "0",
"EnforceSafeSearch": "0",
"GoogAppDomainList": null,
"GoogAppDomainListEnabled": "0",
"IsDeleted": false,
"Name": "No Explicit Content",
"RuleList": {
"Rule": {
"CCLRuleEnabled": "0",
"CategoryList": {
"Category": {
"ID": "Sexually Explicit"