Central Orchestration - What features does the new license offer?
Sophos Firewall

Central Orchestration - What features does the new license offer?

Patrizio - December 1, 2021

When the new licensing model for SFOS was introduced, we heard about Central Orchestration for the first time. At that time (April 21) it was not yet ready, but is now available with SFOS 18.5 MR1. A licence for Central Orchestration is already included in the Xstream Protection Bundle. The licence can also be purchased separately.

In general, however, it can be said that Central Orchestration is not very useful with only one firewall. In the next section I will explain why.elurchase of the licence is rather unnecessary.


One of two new features in Central Orchestration is SD-WAN. Setting up a site-to-site VPN connection is not difficult and can be done in under 10 minutes in most cases. Where it gets exhausting is when you need to connect four or more firewalls together. Central Orchestration creates the necessary connections and firewall rules in a few seconds with just a few clicks.

Requirements on all firewalls

The following requirements must be met on all firewalls if you want to use the SD-WAN feature:

  • SFOS v18.5 MR1 or higher.
  • Central Management activated
  • Central Orchestration licence

Central Firewall Reporting Advanced

The new Central Orchestration licence also includes all the features of the Central Firewall Reporting Advanced licence. The only difference is that the data is stored on Sophos Central for only 30 days instead of 365 days. If you do need 365 days, you will need to order the Central Firewall Reporting Advanced license separately.

By storing the firewall logs on Central, you can generate online reports on one or more firewalls simultaneously. With the XDR/MTR connector, data from the firewall is then also stored in the data lake and can be queried with a valid XDR licence in the Threat Analysis Center with Live Discover. For customers with an active Managed Threat Response Advanced licence, this data is also available to the MTR team, which further increases visibility in the network.

What Sophos Central Firewall features are coming next?

Two additional features will be added to Central Orchestration in the coming months:

  • Support for multiple WAN connections: So you have a redundant VPN connection across two WAN connections.
  • Extended support for NAT'd firewalls: If the firewall is behind another NAT device, the SD-WAN setup does not currently work. However, this should be possible soon.

But also the Central Firewall Manager gets further renewals:

  • Pinning of firewall rules
  • Improvements in backups and alerts
  • Management APIs
  • Support for AWS regions
  • Usability improvements

Send Your Feedback

Share your thoughts about this article, your private queries are always welcome and greatly appreciated.

Send Feedback
All information are confidential

On our blog we regularly publish articles on various topics related to Sophos. To make sure you don't miss any articles, you can subscribe to our newsletter, and once a month you will receive an email with a summary of all articles published in the last 30 days.

Knowledge base

Do you need help with a Sophos product? Then maybe our free knowledge base can help you. We try to document most support requests in an article so that we can help as many people as possible.