Sophos Central Firewall Management: Features with SFOS v18
The first connection between the Firewall and Central already took place through the implementation of Synchronized Security. This was followed a little later by the Sophos Central Firewall Manager. However, the functionality of this early version was very limited, which didn’t really make the product interesting. With SFOS v18, however, the Central Firewall Manager’s features were greatly enhanced.
Info: If you want to know everything about the new features in the upcoming SFOS v18, you can find my detailed article about it here: Sophos SFOS v18: New features at a glance
Central Firewall Management
Personally, I think the Sophos Central Firewall Manager (SCFM) is absolutely brilliant. Sure, the features currently available are still a bit limited, but Sophos’s vision behind it is awesome. It helps us to keep track of customers with multiple Firewalls. The UTM has the Sophos UTM Manager (SUM) for this and the SFOS can also use the Sophos Firewall Manager. The latter, however, is absolute crap in my eyes and when I see where the journey with the SCFM is going, it will surely be stopped in the medium term.
Let’s have a quick look at the basic features and how you can get started with the Central Firewall Manager yourself.
Connect the Firewall
To be able to use Firewall management, a Sophos Central Account is required. You can create it for free and also the Firewall management is a free feature. In the backend of the Firewall you can register the Firewall with Central via the menu
Central synchronization. The Firewall will then appear in your Central Account.
In your Central account you will get a list of all the Firewalls you have added. By clicking on the Firewall name you automatically log in to the Firewall backend and can now configure it as usual. Logging in to the Firewall is noticeably slower than connecting directly to the Firewall, but much more comfortable, since no additional login is required. Does the Firewall have a dynamic IP address? No problem. Since the Firewall establishes the connection to Central, this works perfectly.
Which features are available in the Central Firewall Manager depends on the firmware of the Firewall. Some functionality will not be available until a certain release.
In the Firewall overview you can see at a glance which firmware version the individual models have. By clicking on
Upgrade and then
Upgrade Firmware, the latest version is installed.
I can’t stress it enough at this point to always press the update button with great care. Prepare for an update and inform yourself in advance which changes will take effect with the new version. We always have the experience that a Firewall update is too frivolous. With our Firewall maintenance contracts we take care of the updates of your Firewalls and can protect you from nasty surprises. 😎
You can also use Sophos Central Firewall Manager to create scheduled or manual backups of the configuration of your Firewalls. Of course, it is highly recommended that you set up such a backup. Previously, you could manually download these backups from the Firewall or save them directly to FTP. Sending them by email was also available as an option.
Although it is possible to create a backup on the Firewall, problems can occur if such a backup is needed. We have already encountered the following situations with customers:
- The email address to which the backup was sent no longer existed and therefore the backups never arrived in the mailbox.
- Email Protection blocked the emails because they were sent from a dynamic IP or the SPF was not correct.
- A backup was available, but the password could no longer be found.
- A backup was available, but very outdated.
There would certainly be other reasons why it could fail in an emergency despite backup. Many of these problems are solved by the introduction of online backup on Central. You get a secure way to store your backups centrally and encrypted in Central. These backups are always up to date and ready when needed in case of an emergency.
New v18 features
The features mentioned above are already available with version 17.5. Now let’s get to the new features that will only be available with SFOS v18.
There used to be a Sophos product called iView which enabled a consolidated reporting system. To be honest, this software still exists, but for us a product that hasn’t been updated for years no longer exists. The fact that it has not been discontinued by Sophos does not make it any more relevant. 😅 iView definitely has no future for us and definitely lives on in Central Reporting.
If you enable reporting on the Firewall, the Firewall logs will be sent to Central. From the collected data appealing reports can be generated.
Central reporting for the Firewall is currently still in Beta. But in the current version you get a very good feeling for what you can expect from the final version.
Global Firewall settings
For customers with a lot of Firewalls, we are quickly faced with the problem that such a mass of devices is very difficult to manage. With 10 Firewalls this can still work to some extent, with more than 50 this is already a real challenge. With v18 the Firewalls on Central can be grouped wonderfully!
You then get a Firewall interface in the group policies and can define and save settings centrally. These are then rolled out to all Firewalls in this group.
Also this feature is still in beta at the moment and in my tests this was noticeable. They are still a bit away from a stable implementation. In addition, during my tests some questions have accumulated which are still unanswered. However, I am absolutely convinced that the global Firewall settings will be of great help to us in the future!