--- # ============================================================================ # Sample Firewall Configuration 1 # ============================================================================ # This is a complete example configuration for testing and reference. # All IPs, domains, and credentials are FAKE and for demonstration only. # ============================================================================ sophos_mgmt_host: "192.168.100.1" sophos_api_username: "admin" sophos_api_password: "SampleP@ssw0rd123" sophos_hostname: "fw-sample1" sophos_location: "sample-datacenter" # Interfaces sophos_interfaces: - name: "Port1" zone: "WAN" description: "Internet connection" mode: "static" ip_address: "203.0.113.100" netmask: "255.255.255.248" gateway: "203.0.113.97" enabled: true - name: "Port2" zone: "LAN" description: "Internal network" mode: "static" ip_address: "10.100.0.1" netmask: "255.255.255.0" enabled: true # VLANs sophos_vlans: - name: "VLAN10-Servers" vlan_id: 10 parent_interface: "Port2" zone: "LAN" ip_address: "10.100.10.1" netmask: "255.255.255.0" enabled: true # DHCP sophos_dhcp_servers: - name: "DHCP-LAN" interface: "Port2" enabled: true start_ip: "10.100.0.100" end_ip: "10.100.0.200" netmask: "255.255.255.0" gateway: "10.100.0.1" dns_servers: ["8.8.8.8", "8.8.4.4"] lease_time: 86400 # Firewall Rules sophos_firewall_rules: - name: "Allow-LAN-to-Internet" source_zones: ["LAN"] dest_zones: ["WAN"] source_networks: ["any"] dest_networks: ["any"] services: ["HTTP", "HTTPS", "DNS"] action: "accept" log: false enabled: true # Site-to-Site VPN sophos_site_to_site_vpns: - name: "Sample-VPN" enabled: true local_gateway: "203.0.113.100" local_networks: ["10.100.0.0/16"] remote_gateway: "203.0.113.200" remote_networks: ["10.200.0.0/16"] psk: "SamplePSK123" description: "Sample VPN tunnel" # SNMP sophos_snmp: enabled: true version: "v2c" community: "sample" location: "Sample Location" contact: "admin@example.com" # Logging sophos_logging: enabled: true syslog_servers: - host: "10.100.0.50" port: 514 protocol: "udp" # NTP sophos_ntp: servers: - "0.pool.ntp.org" timezone: "UTC"