The Sophos Central Dashboard runs full with Warnings on IPsec Connections. Message codes 17801 and 17802. I already went through the los files of the XG (The XG does not show these Messages as warnings in the Dashboard) and found out that these messages correlate with the rekey margin. Since that does not mean that the connection is terminated or means an irregular event I do not want to see those warnings on the central Dashboard.

The result is, that critical warnings are not beeing recognized...

How can I make shure that the rekeying is not permanently combined with a warning in the central Dashboard?

When you pull an MSP report from Sophos Central XG Firewall Dashboard for MSP XG License usage, It would be an idea that the report also pulls through the company name and company contact details on the report, instead of just the rest of the address and XG Serial number. Sophos support advised that Sophos does not currently support this feature.

I think company name and company contact would be useful, so resellers easily know who your billing, instead of looking up the serial number every time to see who the XG firewall belongs to.

This was suggested as a not supported feature by Sophos XG Support to log as an Idea This is regarding service request number 03290971

I am in the process of setting up groups for my locations and just came to the realization that I should place another group in between my current top level and children. Unfortunately, this means that all of the configuration that I've already completed on the children will need to be redone on newly created groups. Thankfully, I'm early in the process, but this still represents several days of work to get them synced.

I would like to see the ability to move groups within the hierarchy, or at least provide a way to export/import or copy group policies to other groups.

With the recently disclosed firmware vulnerabilities requiring us to change the admin password on every appliance (twice in the last few months!), it would be extremely helpful to be able to select each firewall from the list, click a "reset admin password" link, and set the new password from Sophos Central. While we only have a small deployment of about 30 devices, it still takes a significant investment in time to remote into each device to change the password, apply firmware updates, etc. Central Administration should allow us to do simple tasks such as this without requiring us to log into each device interface.

I have several levels of group hierarchy configured to manage our firewalls. The top level is for the overall company, the second level is for corporate/production, and then there are third level child groups tied to location. I am creating my users at the top group level, so they can be managed centrally. I am able to create the authentication servers at the second level (production/corporate). However, it is not currently possible to set the actual authentication method at a child group level (You get an error message stating this can only be set at the top of the hierarchy). Unfortunately, it does not make sense to control the authentication methods at the overall company level as the ability to connect to a given authentication server is location dependent. Please allow each of these components (users, authentication servers, and authentication methods) to be managed at any group level in the hierarchy.

With our previous firewall vendor, we were able to configure VPN communities and then push this configuration out to all of the involved devices. In doing so, we would only have to configure a few parameters, and all of the required VPN connections would automatically be built.

In the previous case, this was controlled separate from the firewall policy. A similar method would be to have a special VPN group where you could note which devices should participate. Central would then determine all of the VPN connections that needed to be created and execute the changes necessary to bring them up.