I would like to monitor my Sophos UTM appliance with PRTG but there are no native sensors for Sophos UTM. How can I set up UTM monitoring with PRTG nevertheless?
This article applies to PRTG Network Monitor 16 or later
Monitoring Sophos UTM Firewalls with PRTG
Out of the box, PRTG includes a broad variety of sensors for SNMP capable devices. For other device types, like Sophos UTM Solutions, PRTG provides the great possibility to create custom sensors. For example, if the device that you want to monitor supports SNMP, you can try to get a MIB file from the vendor, convert it with the MIB Importer into an OIDlib file for PRTG, and use it with the SNMP Library sensor.
Using Device Templates to Monitor Sophos UTM Devices
Update: For the Sophos UTM9/XG devices, there is an updated version of the template available on GitLab. Direct link for installation download.
With the help of this device template you can create the following sensors:
Follow the steps below to set up your Sophos UTM monitoring.
Steps to Go
- Download PRTG_Sophos_20170112.zip
- Extract all files into the folder of your your PRTG installation under %programfiles%PRTG Network Monitor.
- In PRTG, create a new device.
- Navigate to the settings page of the device.
- Choose Device Type > Sensor Management > Automatic sensor creation using specific device template(s) > Sophos UTM9 and let PRTG create the Sophos UTM sensors for you. For newer versions, please right-click the device within your device tree instead and choose "Auto-Discovery > Run Auto-Discovery with Template" and select the device template "Sophos UTM9" here.
- Enjoy monitoring your Sophos UTM device!
The provided files will add the most relevant monitoring metrics for Sophos UTM devices. According to the Sophos MIB file, there are no additional OIDs available right now using SNMP.
Please note that we cannot provide any support for these OIDs, nor can we guarantee that they work as expected.
For more information, please see the following articles:
Hi U, About monitor hard disk? i tried but not successful
I'm not sure whether Sophos provides data about hard disks at all by SNMP. I've found different threads stating it might work by editing snmpd.conf on the UTM while others were like "No, it does not work and there's a feature request at Sophos pending about it".
Hi Erhard Mikulik,
Thanks your reply
I also tried edit snmpd.conf but not work
Then I'm afraid you need to contact Sophos about that.
Oke Erhard Mikulik
How about the newer Sophos XG models? Do the provided mib file and the instructions above still work?
I found a thread on their support with another mib but haven't tested it yet. https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/75477/has-anyone-got-snmp-monitoring-working/367787#367787
I cannot verify this as we don't have a Sophos XG lying around here. Give it a shot to find out, otherwise try the other MIB as described here for example. Otherwise contact us by email so we can dig deeper into this and also send us this other MIB file.
Is there any sensors that monitor the UTM VPN Connection status (up/down) and VPN Traffics and bandwidth?
If it's not in the MIB, then no, it appears they do not provide those metrics by SNMP, see also here for example.
There may be a workaround. Every Sophos UTM vlan interface is visible and to available for snmp traffix monitoring (plain SNMP) Suppos there's a way to create an extra VLAN interface between your internal network and the remote (VPN) network and getting all VPN traffic over this new Vlan. When this really works within UTM (haven't got the time to test it) it is possible to monitor traffic for the specific VPN.
Another nice extra feature would be that we're able to set QoS for each VPN tunnel (which isn't possible in UTM)
As soon I've had the time to test I'll get back.
Any chance to monitor the Sophos Access Point (traffic eg)?
In case the Access Point has an SNMP implementation of its own, try adding the Access Point with its IP to PRTG with the required "Credentials for SNMP Devices" and try adding the regular SNMP Traffic Sensor.
I´ve downloaded and installed the older and the newer "plugin". I´ve create a device for our UTM-Device, enabled SNMP-Query on the UTM and I´m able to query via Paessler SNMP Tester from the PRTG-Host. - Firewall logs permitted SNMP-Traffic
I´ve executed the device search with the template but nothing gets added.
Has anybody a working config?
Can you try adding an SNMP Uptime sensor to the UTM from PRTG?