Sophos Cfm

by



XG Firewall MR4 also enables great new Sophos Central Management capabilities, which is where we’ll begin: New Sophos Central Enhancements: New Partner Dashboard facilitating group policy management across the customer base – make a change once and have it automatically replicated across multiple firewalls. Advisory: Sophos XG Firewall: Asnarok Vulnerability - Actions required for CFM managed devices; Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues. Previous article ID: 135429. New Group Policy Import makes switching to Sophos Central from CFM or SFM quick and easy. With legacy SFM and CFM platforms coming to end of life soon, Sophos Central provides the ultimate platform for managing all your firewalls moving forward. If you haven’t already, now is the time to switch. Enhancements in XG Firewall v18 MR4: High. Sophos Firewall Manager (SFM), Sophos Central Firewall Manager(CFM) or Sophos Central centrally manages your Sophos Firewall (device). Central management allows you to configure keep-alive requests and to enable configuration and signature updates of the device through the firewall manager.

Pro

The product team is pleased to announce a major new update for XG Firewall v18 with several great new enhancements.

Security emphasis

Given how much working environments have changed this year, we have accelerated our product security investments, taking a more proactive approach. As a result, this new maintenance release for XG Firewall v18 includes several security and hardening enhancements to better protect your firewall and your data stored within, including SSMK (Secure Storage Master Key) for the encryption of your sensitive data.

There’s also a new CLI option to disable Captcha authentication that was previously introduced as a security hardening measure:

Remote access VPN

Working from home and makes remote access VPN a vital tool for all organizations these days, and there are important enhancements to remote access VPN in this release:

  • Increased SSL VPN connection capacity across our entire firewall lineup. The capacity increase depends on your Firewall model: desktop models can expect a modest increase, while rack mount units will see a 3-6x improvement in SSL VPN connection capacity. Check the latest numbers for your XG Series model. Remember that Sophos XG Firewall is the only firewall that provides remote access VPN up to the capacity of your device – at no extra charge.
  • Group support for our Sophos Connect VPN client, which now enables group imports from AD/LDAP/etc. for easy setup of group access policy.

Cloud (AWS/Nutanix) enhancements

Cloud and hybrid network infrastructure continues to grow in importance, and we’re also investing heavily in public cloud support:

  • Support for newer AWS instances – C5/ M5 and T3 (#)
  • Support for CloudFormation Templates, removing the need to run the installation wizard in some cases (#)
  • Virtual WAN Zone support on custom gateways for post deployment single arm usage
  • Single-arm deployments are now possible on AWS deployments thanks to an option to assign a zone to your custom gateway objects. This allows you to create access and security rules for traffic going into those zones.
  • XG Firewall is now Nutanix AHV and Nutanix Flow Ready. XG Firewall has been validated to provide two modes of operation within Nutanix AHV infrastructure. Learn more.
  • Also be sure to check out Sophos Cloud Optix to enhance your security and optimize costs for your cloud environments

Central management and reporting

We are seeing rapid adoption of Sophos Central management and reporting for XG Firewall thanks to rich features that make managing all your XG Firewalls easy. It’s important to note that legacy central management and reporting platforms including CFM/SFM and iView are coming to end of life soon.

Now is the time to move to Sophos Central for your central management and reporting needs, as it offers a modern, scalable, secure platform with a great feature set and an aggressive roadmap.

Cfm

What’s new:

  • XG Firewalls running in an HA configuration (either A-A or A-P) can now be fully managed within Firewall Group Management
  • An Audit Trail feature is now available within the Task Queue
  • Central Firewall Reporting has recently added the option to save, schedule, and export reports. Learn more.

Coming soon: Next month, a couple of other great enhancements are coming to Sophos Central, including group firewall management from the Partner Dashboard that greatly simplifies multi-customer firewall management, and cross-firewall reporting for better insights into activity across your entire multi-firewall protected network.

Sophos Cfm Meter

Sophos Cfm

HA and other enhancements

XG Firewall v18 MR3 also addresses a number of reported issues with high-availability deployments, SD-RED devices support, and other areas. See the release notes for a full list of fixes.

Upgrade as soon as possible

While we always encourage you to keep your firewalls up to date with the latest firmware, over the next few months we are recommending you rapidly apply maintenance releases to ensure you have all the important security, performance, and feature enhancements applied as soon as possible.

Also ensure you have automatic pattern updates enabled so that you can be assured you have the latest protection updates.

XG Firewall v18 MR3 is an easy upgrade from XG Firewall v17 (MR6+), but be sure to check supported platforms.

How to get it

As usual, this firmware update is no charge for all licensed XG Firewall customers. The firmware will be rolled out automatically to all systems over the coming weeks, but you can access the firmware anytime to do a manual update through the Licensing Portal. You can refer to this article for more information.

Sophos Cfm Incompatible

Learning more about upgrading to XG Firewall v18

And if you still haven’t upgraded to v18, or are still exploring many of the new features, be sure to take advantage of all the resources available, including the recent “Making the Most of XG Firewall v18” article series that covers all the great new capabilities in XG Firewall v18:

Use the local service ACL exception rule to allow access to the device’s admin services from a specified network/host.

Sophos Cfm Download

  1. Go to Administration > Device access and click Add under Local service ACL exception rule.
  2. Enter a name.
  3. Select the Rule position.
  4. Enter a description.
  5. Select the IP version from the following options:
  6. Select the Source zone to which the rule applies.
  7. Click Add new item to select source hosts (based on a network, IP address, range, or list) to which the rule applies. Click Create new to create a new source network/host.
  8. Click Add new item to select the IP address or interface-based destination hosts (example: user portal) to which the rule applies. Click Create new to create a new destination network/host.
    Note Specifying the destination host enables you to control access to a service (example: user portal) with a limited set of destination IP addresses.
  9. Click Add new item to select the admin Services to which the rule applies.
    Available options:
    • HTTPS
    • Telnet
    • SSH
    • Web proxy
    • DNS
    • Ping/Ping6
    • SSL VPN
    • User portal
    • Dynamic routing
  10. Select an Action.
  11. Click Save.