Sophos Central Firewall Management – features with SFOS v18

The first connection between the firewall and Central has already been established by implementing Synchronized Security. This was followed somewhat later by Sophos Central Firewall Manager. However, the functionality of this early version was very limited, which made the product not really interesting yet. With SFOS v18, however, the functions of the Central Firewall Manager have now been greatly enhanced.

Info: If you want to learn all about what’s new in the upcoming SFOS v18, you can find my detailed post about it here: Sophos SFOS v18: New features at a glance.

Central Firewall Management

Personally, I find the Sophos Central Firewall Manager (SCFM) absolutely brilliant. Sure, the features currently available are still a bit sparse, but Sophos their vision behind it is phenomenal. The tool helps us especially to keep track of customers with multiple firewalls. On the UTM, there is the Sophos UTM Manager (SUM) for this purpose, and for the SFOS, the Sophos Firewall Manager can also be used. However, the latter is absolute crap in my eyes and seeing where the journey is going with SCFM, it will certainly be discontinued in the medium term.

Let’s take a quick look at the basic features and how you can get started with Central Firewall Manager.

Connect firewall

In order to use the firewall management, you need a Sophos Central account. You can create this for free and firewall management is also a free feature. In the backend of the firewall you can register the firewall with Central via the menu item “Central synchronization”. This will then appear in your Central Account.

Management

Over time, a list of all the firewalls you have added will appear in your Central Account. By clicking on the firewall name, you will automatically log in to the backend of the firewall and can now make your configurations as usual. Logging in to the firewall is noticeably slower than connecting directly to the firewall, but it is much more convenient because no additional login is required. Does the firewall have a dynamic IP address? No problem. Since the firewall connects to Central, this works fine.

Which functions are available to you in the Central Firewall Manager depends on the firmware of the firewall. There are features that are not unlocked until a certain release.

Firmware updates

In the firewall overview, you can see at a glance which firmware version the individual models have. Clicking on “Upgrade” and then “Upgrade Firmware” will install the latest version.

I can’t stress enough at this point to always press the update button with the utmost caution. Be prepared for an update and find out beforehand what changes will come into effect with the new version. We make the experience again and again that a firewall update is installed too lightly. With our firewall maintenance contracts we take care of the updates of your firewalls and can save you from unpleasant surprises. 😎

Online backup

You can also create scheduled or manual backups of the configuration of your firewalls using Sophos Central Firewall Manager. Of course, it is absolutely recommended to set up such a backup. Until now, you could download these backups manually from the firewall or save them directly to an FTP. Sending by e-mail was also available as an option.

Despite this possibility of creating a backup on the firewall, problems can occur if such a backup is then needed. We have encountered the following situations with customers:

• The email address to which the backup was sent had not existed for some time and therefore the backups never arrived in the mailbox.
• Email Protection blocked the emails because they were sent from a dynamic IP or the SPF was incorrect.
• A backup was available, but the password could no longer be located.
• A backup was available, but already very outdated.

There would certainly be other reasons why it could fail in an emergency despite the backup. Many of these problems are solved by the introduction of online backup to Central. You get a secure way to store your backups centrally and encrypted in Central. There they are always up to date and ready when they are needed for an emergency.

New v18 functions

The functions mentioned above are already available with version 17.5. So now let’s move on to the new features that will only arrive with SFOS v18.

Reporting

There used to be a product from Sophos called iView that allowed centralized reporting. Honestly, this software still exists, but for us, a product that has not been developed for years no longer exists. The fact that Sophos itself has not yet put it out to pasture does not make it any more up-to-date. 😅 iView definitely no longer has a future for us, but definitely lives on in Central Reporting.

If you enable reporting on the firewall, the firewall logs are sent to Central. Appealing reports can then be generated from the collected data.

Central Reporting for the firewall is currently still in beta. In the current version, however, you already get a very good feeling for what you can expect from the final version.

Global firewall settings

For customers with a lot of firewalls, we quickly face the problem that such a mass of devices is very difficult to manage. With 10 firewalls, this can still work to some extent, but with more than 50, it is a real challenge. But with v18, the firewalls on Central can be grouped wonderfully!

You then get a firewall interface in the group policies and can define and save settings centrally. These are then rolled out to all firewalls in that group.

This feature is also still beta at the moment and in my testing you could tell. We are still a bit away from a stable implementation. In addition, some questions have accumulated during my tests that are still unanswered. Basically, however, I am convinced that the global firewall settings will be of great help to us in the future!