Firewall Management in Central
Suggest, discuss, and vote on new ideas for Firewall Management in Sophos Central. Powerful enterprise and multi-customer management for Sophos XG Firewall.
-
The number of firewalls for a group should include the number of all firewalls of all its subgroups
If you use groups, subgroups, and subgroups in those, the groups will only show the number of firewalls in that group. If you only have firewalls in subgroups of subgroups, the top group and subgroup will always show (0). The number should include all firewalls in subgroups of a group, and all the firewalls in their subgroup, so a group always shows the correct number of firewalls managed by that group, be it directly or per inheritance of policies.
2 votes -
reordering, grouping and renaming of firewall rules
since SFOS 17 we are able to
- group firewall rules
- move firewall rules aswell as groups to change their position (and therefore the processing order)
- automatically assign firewall rules to the first matching group (if selected)in central firewall manager none of this is currently possible, i.e. groups are not supported and you cannot change the position of rules
in addition you cannot rename a rule after it has been created
all of this should be possible via central. In the current state rule handling is unusable for our customers.
11 votes -
Enable hosts and services import from XG's, XML, and CSV
Functionality in Central to import lists of everything found under the "hosts and services" area in XG's such as ip hosts, ip host groups, fqdn hosts, fqdn host groups, services, etc would enhance bulk management capabilities and reduce time required to deploy these. This should be possible to do from CSV + XML files and by querying managed XG's to directly import locally created hosts and services from those for deployment from Central to other XG's. Also see https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/33035827-import-fqdn-s-cidr-lists-from-csv-or-txt
1 vote -
Add the rule group option in the rules and policies
As it's possible to add groups of rules in local, it would be nice to be able to do the same directly in central...
1 vote -
Move and copy firewall groups
I am in the process of setting up groups for my locations and just came to the realization that I should place another group in between my current top level and children. Unfortunately, this means that all of the configuration that I've already completed on the children will need to be redone on newly created groups. Thankfully, I'm early in the process, but this still represents several days of work to get them synced.
I would like to see the ability to move groups within the hierarchy, or at least provide a way to export/import or copy group policies to…
8 votesThis idea is on our backlog, though not scheduled for an upcoming release. We’ll keep an eye on the feedback here, when deciding its priority
-
Central Firewall Manager Alert Policy Editing
Please allow other admins to edit the Alerts profiles in CFM. Currently, only the admin that created a Alert Profile can edit that profile.
4 votes -
Rename Objects and Description field
It would be very helpful to be able to rename objects that have been created as changes are often required. I would also suggest the addition of a description field.
5 votes -
Configure and Manage VPN Communities
With our previous firewall vendor, we were able to configure VPN communities and then push this configuration out to all of the involved devices. In doing so, we would only have to configure a few parameters, and all of the required VPN connections would automatically be built.
In the previous case, this was controlled separate from the firewall policy. A similar method would be to have a special VPN group where you could note which devices should participate. Central would then determine all of the VPN connections that needed to be created and execute the changes necessary to bring them…
5 votes -
Creation and editing of existing VPN configuration for Firewall Group
Allow creation of new VPN configurations and editing of existing VPN's.
5 votes
- Don't see your idea?
