Allow heartbeats from more than one Central account
Synchronized Security is a really cool idea, but the current implementation really limits what can be done; and in many cases prevents deployment of Synchronized Security.
A couple of changes could greatly expand usage:
1. Support/recognize heartbeats from more than one Sophos Central account.
As a Sophos partner, I run Sophos Endpoint on my laptop that I use at Sophos client sites.
If I deploy FW rules that use heartbeats, I effectively lock myself out.
Just because you have a heartbeat does not mean you have a heartbeat that the XG FW will acknowledge/accept.
Sophos XG clients would greatly benefit from being able acknowledge/accept heartbeats from more than one Sophos Central account. This would enable clients setting network policies that enforce all third-parties connecting to their networks must run Sophos EP.
2. Change XG FW rules to support dropping to the next FW rule if no heartbeat is detected.
Currently, if you have a FW rule with "Block request to destination with no heartbeat", it blocks and no further rule processing is done; this really limits deployment of this feature to the last FW rule above rule id 0.
XG FW rules need to include the ability to drop to the next rule if no valid heartbeat is detected.
3. Improved documentation of Synchronized Security. Currently its minimal to none with respect to explaining usage, setup and confusing English.