• Hardware
    • Firewall
      • XG Appliances
        • XG 86
        • XG 106
        • XG 115
        • XG 125
        • XG 135
        • XG 210
        • XG 230
        • XG 310
        • XG 330
        • XG 430
        • XG 450
        • XG 550
        • XG 650
        • XG 750
      • XG Accessories
      • SG Appliances
        • SG 105
        • SG 115
        • SG 125
        • SG 135
        • SG 210
        • SG 230
        • SG 310
        • SG 330
        • SG 430
        • SG 450
        • SG 550
        • SG 650
      • SG Accessories
    • Access Point
      • Appliances
        • APX 120
        • APX 320
        • APX 530
        • APX 740
        • APX 320X
        • AP 100X
      • AP Accessories
    • RED
      • Appliances
        • SD-RED 20
        • SD-RED 60
      • RED Accessories
  • Licence
    • Firewall
      • XG Licences
        • XG 85
        • XG 86
        • XG 105
        • XG 106
        • XG 115
        • XG 125
        • XG 135
        • XG 210
        • XG 230
        • XG 310
        • XG 330
        • XG 430
        • XG 450
        • XG 550
        • XG 650
        • XG 750
      • SG Licences
        • SG 105
        • SG 115
        • SG 125
        • SG 135
        • SG 210
        • SG 230
        • SG 310
        • SG 330
        • SG 430
        • SG 450
        • SG 550
        • SG 650
      • SFOS Software
        • 1 CPU 4GB RAM
        • 2 CPU 4GB RAM
        • 4 CPU 6GB RAM
        • 6 CPU 8GB RAM
        • 8 CPU 16GB RAM
        • 16 CPU 24GB RAM
        • Unlimited CPU / GB RAM
      • UTM Software
        • 10 User
        • 25 User
        • 50 User
        • 75 User
        • 100 User
        • 150 User
        • 250 User
        • 500 User
        • 750 User
        • 1000 User
        • 1500 User
        • 2500 User
        • unlimited User
    • Central
      • Endpoint Protection
      • Intercept X
      • Intercept X Advanced
      • Intercept X Advanced with EDR
      • Intercept X Advanced with EDR and MTR
      • Server Protection
      • Intercept X Advanced for Server
      • Intercept X Advanced for Server with EDR
      • Intercept X Advanced for Server with EDR and MTR
      • Mobile
      • Intercept X for Mobile
      • Wireless
      • Email Gateway
      • Device Encryption
      • Phish Threat
      • Firewall Reporting
  • Service
  • Blog
  • Support
  • Contact
  • English
    • Deutsch
Sign in
My Account
Cart
  1. Home
  2. Blog
  3. Sophos Firewall
  4. Sophos Central Firewall Management
  • Sophos Firewall 32
  • Sophos Central 28
  • Avanet Shop 32
  • Security Life 14

Subscribe

Subscribe to our Newsletter, RSS Feed or follow us on Social Media to make sure you don't miss an article.

Subscribe Now
Sophos Central Firewall Management - Features with SFOS v18
sophos-firewall

Sophos Central Firewall Management: Features with SFOS v18

Patrizio December 19, 2019

The first connection between the Firewall and Central already took place through the implementation of Synchronized Security. This was followed a little later by the Sophos Central Firewall Manager. However, the functionality of this early version was very limited, which didn’t really make the product interesting. With SFOS v18, however, the Central Firewall Manager’s features were greatly enhanced.

Info: If you want to know everything about the new features in the upcoming SFOS v18, you can find my detailed article about it here: Sophos SFOS v18: New features at a glance


Central Firewall Management

Personally, I think the Sophos Central Firewall Manager (SCFM) is absolutely brilliant. Sure, the features currently available are still a bit limited, but Sophos’s vision behind it is awesome. It helps us to keep track of customers with multiple Firewalls. The UTM has the Sophos UTM Manager (SUM) for this and the SFOS can also use the Sophos Firewall Manager. The latter, however, is absolute crap in my eyes and when I see where the journey with the SCFM is going, it will surely be stopped in the medium term.

Let’s have a quick look at the basic features and how you can get started with the Central Firewall Manager yourself.

Connect the Firewall

To be able to use Firewall management, a Sophos Central Account is required. You can create it for free and also the Firewall management is a free feature. In the backend of the Firewall you can register the Firewall with Central via the menu Central synchronization. The Firewall will then appear in your Central Account.

Sophos Central Firewall Management - Connect to Central

Management

In your Central account you will get a list of all the Firewalls you have added. By clicking on the Firewall name you automatically log in to the Firewall backend and can now configure it as usual. Logging in to the Firewall is noticeably slower than connecting directly to the Firewall, but much more comfortable, since no additional login is required. Does the Firewall have a dynamic IP address? No problem. Since the Firewall establishes the connection to Central, this works perfectly.

Sophos Central Firewall Management - Already linked firewalls

Which features are available in the Central Firewall Manager depends on the firmware of the Firewall. Some functionality will not be available until a certain release.

Firmware updates

In the Firewall overview you can see at a glance which firmware version the individual models have. By clicking on Upgrade and then Upgrade Firmware, the latest version is installed.

Sophos Central Firewall Management - Overview of the current firmware version Sophos Central Firewall Management - Firmware update

I can’t stress it enough at this point to always press the update button with great care. Prepare for an update and inform yourself in advance which changes will take effect with the new version. We always have the experience that a Firewall update is too frivolous. With our Firewall maintenance contracts we take care of the updates of your Firewalls and can protect you from nasty surprises. 😎

Online-Backup

You can also use Sophos Central Firewall Manager to create scheduled or manual backups of the configuration of your Firewalls. Of course, it is highly recommended that you set up such a backup. Previously, you could manually download these backups from the Firewall or save them directly to FTP. Sending them by email was also available as an option.

Although it is possible to create a backup on the Firewall, problems can occur if such a backup is needed. We have already encountered the following situations with customers:

  • The email address to which the backup was sent no longer existed and therefore the backups never arrived in the mailbox.
  • Email Protection blocked the emails because they were sent from a dynamic IP or the SPF was not correct.
  • A backup was available, but the password could no longer be found.
  • A backup was available, but very outdated.

There would certainly be other reasons why it could fail in an emergency despite backup. Many of these problems are solved by the introduction of online backup on Central. You get a secure way to store your backups centrally and encrypted in Central. These backups are always up to date and ready when needed in case of an emergency.

Sophos Central Firewall Management - Manage backups

New v18 features

The features mentioned above are already available with version 17.5. Now let’s get to the new features that will only be available with SFOS v18.

Reporting

There used to be a Sophos product called iView which enabled a consolidated reporting system. To be honest, this software still exists, but for us a product that hasn’t been updated for years no longer exists. The fact that it has not been discontinued by Sophos does not make it any more relevant. 😅 iView definitely has no future for us and definitely lives on in Central Reporting.

If you enable reporting on the Firewall, the Firewall logs will be sent to Central. From the collected data appealing reports can be generated.

Sophos Central Firewall Management - Activate Central Reporting Sophos Central Firewall Management - Report Dashboard Sophos Central Firewall Management - Bandwidth usage report

Central reporting for the Firewall is currently still in Beta. But in the current version you get a very good feeling for what you can expect from the final version.

Global Firewall settings

For customers with a lot of Firewalls, we are quickly faced with the problem that such a mass of devices is very difficult to manage. With 10 Firewalls this can still work to some extent, with more than 50 this is already a real challenge. With v18 the Firewalls on Central can be grouped wonderfully!

Sophos Central Firewall Management - Group Firewalls

You then get a Firewall interface in the group policies and can define and save settings centrally. These are then rolled out to all Firewalls in this group.

Sophos Central Firewall Management - Firewall groups task que

Also this feature is still in beta at the moment and in my tests this was noticeable. They are still a bit away from a stable implementation. In addition, during my tests some questions have accumulated which are still unanswered. However, I am absolutely convinced that the global Firewall settings will be of great help to us in the future!

Sophos Platinum Solution Partner Logo

Purchase Advice

+41 44 585 24 68

Mo - Fr, 9:00 - 12:00 Uhr
Mo - Fr, 13:00 - 17:00 Uhr

Information

  • Payment
  • Shipping & Delivery
  • Order
  • Index of Information
  • Follow us
  • About us

Legal Issues

  • AGB
  • Legal Notice
  • Privacy Policy