Improve Granularity of Central Firewall Interaction
At the moment when when registering an XG firewall to Sophos central the only option is to enable central management or not.
If central management is not enabled then we get a limited selection of alerts in central for the firewall, i.e. lost comms between XG and central.
Typically in our deployments we do not want the firewall to be manageable via cloud service through central, particularly in higher security networks we permit local management only over our internal WAN or VPN links.
Some level of granularity in between nothing or everything would be fantastic.
For example a completely read-only central monitoring configuration would be great.
It's highly desirable for us to be able to see firewall health, status, and logging information in central including:
connected and live users
PSU and environmental status
It would also be desirable for encrypted configuration backups to be pushed to central giving the option of recovery or template based initial deployment though enabling a management level of access temporarily.