Export Configuration in a human-readable format
At the moment export full configuration is easy with the new option but we need some way to export full configuration or part of it where the config. is full readable as it is possible with UTM.
This can be used for Passive Analysis too.
There are 2 reasons for human readable export of configurations.
1 - Documentation compliance.
2 - configuration comparisons
you use the first for working with external persons or providing documentation on configurations without giving physical access to the devices
I use the second so when major software version updates come along, I can reset the unit to defaults, see what may be listed as recommended configurations and then overlay other requirements on top. That way I don't miss any new features or others in version upgrades.
dont know where my new post went.
Look at https://www.autodoc.com/
AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) commented
Would this be just as an output for reading/comparing, or would you also need to edit and input the configuration back into the device?
This feature is really needed and missed with our upgrade from SG to XG
Please enable export function
Backups are backups, and their purpose is for recovery of a failed device or configuration changes.
But human readable documentation allows for compliance and also invaluable data for forward planning, working with external services, or being able to replicate a configuration to a new device when upsizing restores don't work.
Mark Payton commented
Ditto what James said. I just had our VOIP system vendor ask me for our network configuration to assist them with some configs on that system. With our previous systems, I could relatively easily generate this, but with the SOPHOS XGs, it looks as if I have to develop it all by hand.
Antonio Cienfuegos commented
Why is this not higher? There're commands that only can be configured through CLI and without a "show running config", the only way to know if X feature is configured is going through every command and you can easily miss one or more.
This is something that isn't a idea, its NECESSARY!
Develop Export Configuration of Firewall in .xls or CSV format for easy to search the documents for Auditors (Auditing Point )
W Jeff Zuercher commented
Need an easy solution to allow a readable configuration for compliance and general implementation. Thanks for the consideration
David Coombe commented
Not only can't I believe this isn't a feature, I can't believe this only has 11 votes.
Mike Roizman commented
Would really help for audits.
I can't believe this isn't a feature already.
It would make so much more sense to be able to export a list of Firewall Rules rather than having to manually type them out into a spreadsheet for an audit. It doesn't matter if it can be done through the GUI or through SSH. Any way would be great.
for me, it's not a matter of losing backups (those are automatically sent on a regular basis), but an invaluable way of having your configuration in readable format, for things like compliance or security review.
J Brunner commented
Great idea, but here's a thought, DON'T LOSE BACKUPS! If you are losing backups you have a bigger problem than a lack of documentation.
There is a need for being able to generate a human readable documentation of the configuration of the Sophos firewall.
Something that would allow the complete reconfiguration of a firewall manually in the event of lost backups.
Something that can be included in site configuration information. able to produce complete compliance documentation for customers and sites rather than massive numbers of screenshots.
something like the autodoc tool that exists for the Watchguard and Sonicwall devices
Agreed. A human readable configuration report helps with audit purposes, configuration analysis and review, configuration differences and change tracking, version control, and to make reconfiguration easier in a wipe and reload scenario where a configuration backup is just going to put the same problem back into a clean system.
Mohamad Ayache commented
what is the format of the configuration file of UTM when it is audited in nipper for example?
Frank Barton commented
So that we can better audit configuration changes, please implement a command-line (SSH), human-readable, configuration 'show' option
this would be very similar to:
cisco's 'show running-config' command
juniper's 'show configuration' commands and subcommands ('firewall', 'applications', 'security', etc.)
Palo Alto's "show config running'
This is somewhat required for PCI compliance, and other regulatory environments - our switches, routers, and other firewalls are currently being monitored this way by RANCID