Option to propagate Hosts and Services definitions to all firewalls managed by same central account.

[On behalf of customer] XG allows you to block, Admin logins after X number of unsuccessful attempts from a same IP, SFM doesn't allow you to do this at the moment.

I would suggest that there is a Match Rules Option like Fortigate's Policy Lookup.

If say the XG have 1000 firewall rules, it is hard to match which rules will a particular packet will use to pass through. From this, it will help in troubleshooting and also help to check unused or misconfigured firewall rules.

Previous firewall that was synchronized to the central admin (RMA'ed unit's backup from the sophos central) shouldn't be deleted once the new device will be overwritten. There should be a way to download it all and be imported to the newly synchronized unit.

In Sophos Firewall Manager, when updating the Firmware of an XG Firewall, there is an "Apply" button, which brings up a scheduler when clicked.

This is confusing, as it seems like this button will apply the firmware immediately without warning. Please change the name of this button to "Schedule" instead of "Apply" so that it's more obvious that the firmware will be scheduled for install and not apply immediately.

Hello Team,

We have customer here requesting feature to have specify amount of back up per XG on Sophos Firewall Manager. For your assistance please. Thank You.

In SFM, a notification for when a CCL entry is created would be ideal for Change Management. Upon receiving this notification from SFM, other administrators can look back over the CCL entry and bring up potential problems for reversion as necessary when they get an alert from SFM that a firewall's configuration was changed.

In a template in Sophos Central Firewall Manager, it's currently impossible to reorder rules (neither create a new rule between two existing rules).
It's supposed that this is a basic functionality of a firewall managing system.

In the Firewall Manager (17.x.x) there is no file path option in the FTP configuration download when backing up the Firewall Manager configurations. This option is however present for the Firewall Config backups. It should be available for both.

Currently, Firewall management is not supported when central account belongs to enterprise dashboard admin due to different domain state. Looking forward to this feature will be supported at road map.

When the XG is configured via Sophos Central the local admin UI:

1) No longer shows the actual configuration of the unit - only the old config from the time administration was switched to SC.

2) The local admin UI still allows configuration changes to be made. However, these changes are not applied to the unit. There is no warning about this either.

I'd like to create custom groups and add / remove firewalls by myself. This is already possible. But why am I NOT allowed to use this group in the "Firmware Update" section?

Like in ACC/SUM it should be possible to have a scheduled reboot of an XG - vis SFM/CFM and the normal admin gui.
That could prevent additional work for admins.

Synchronized application control is an amazing feature; needing to manually categorize applications separately on every firewall isn't. Being able to have a central location for all of them would be great, as you'd be able to have your known bad/good applications available right out of the gate.

The SFM device monitor should show the status of the HA.
Also in the device information is nothing to see about the HA.

We would like the ability to configured an RSA key on a CFM template.
Very feasible for MSP's that want CLI access to all XGs they manage.

Doesn't seem hard to add...

When pushing a template, all types of configuration should not already be selected - you should have to select which items you want to push, rather than deselect those you do not want to push.
Having all items pre-selected is more likely to cause issues from human error, overwriting config with portions of templates you don't wish to utilize/push to a device.
It's a minor change that could make a big difference for our customers.