Sophos Firewall AWS Auto Scaling 

Sophos Firewall with Amazon Web Services Auto Scaling is now in early access for everyone, with general availability expected in November. Special thanks to those who signed up to test early, and have already begun testing! 

Sophos Firewall now integrates the latest AWS Auto Scaling functionality via CloudFormation templates into our AWS firewall solutions.  This release enables organizations to secure workloads from inbound threats and scale automatically based on predefined workload criteria providing powerful perimeter protection for their AWS public cloud infrastructure.  Sophos Firewall integrates with the Amazon Elastic Network Load Balancer to automatically add instances to the Amazon Auto Scaling Group as performance demands increase.  Sophos Firewall provides rapid dynamic scaling with standby instances synced and ready to go online instantly as workloads increase and able to scale to millions of requests.  Sophos Firewall can also now send logs to CloudWatch. 

Sophos Firewall brings powerful protection and performance to AWS infrastructure with our XStream Architecture that includes TLS 1.3 inspection, streaming deep-packet inspection, next-gen IPS, and the latest real-time threat intelligence. 

Sophos Firewalls in AWS are centrally managed from Sophos Central, the world’s most trusted cybersecurity cloud management platform that makes managing a hybrid estate of cloud, virtual or on-prem firewalls easy.  Monitor status, update group policies, manage backups, schedule updates, orchestrate VPN connectivity, and so much more.   

How to Participate in the Early Access Program: 

 Autoscaling templates have been shared on GitHub, available for you to start testing. The templates have also been published in S3 and GitHub.  

 Auto-Scale and CloudWatch templates for EAP participants: 

• GitHub link:  https://github.com/sophos-iaas/aws-cf-templates/tree/master/xg/19.0.1.384-autoscale-eap 
• S3 link:  https://sophos-nsg-cf.s3.amazonaws.com/xg/19.0.1.384-autoscale-eap/autoscale.template 

  The CloudFormation template is not yet available in the marketplace, so one method to launch an autoscaling cluster is as follows:  

• Start at the Sophos Firewall marketplace listing: https://aws.amazon.com/marketplace/pp/prodview-ga4qvij427bvw?sr=0-2&ref_=beagle&applicationId=AWSMPContessa 
• Click Continue to Subscribe 
• Click Continue to Configure 
• Select the CloudFormation template for Sophos Standalone Firewall for AWS and click Continue to Launch 
• Choose Launch CloudFormation in the Choose Action dropdown and click Launch 
• Under Specify template, set the Amazon S3 URL to:  
  https://sophos-nsg-cf.s3.amazonaws.com/xg/19.0.1.384-autoscale-eap/autoscale.template 
  then click launch 
• Fill out the autoscaling template and follow prompts to finish launch.  
  You will need to enter your Sophos Central credentials to register the first firewall for management, and to generate API credentials for the autoscaling group to use after launch. API credentials will be used to seamlessly add and remove autoscaling nodes as they are created and destroyed, and need only Service Principal Firewall permissions to operate.  

Coming Next:

• Add support for GWLB to better support AutoScaling inspection of outbound connections.