Please understand this is a speculative discussion to better understand XG and centralized security. All thoughts and ideas are welcome.
I have a question regarding XG and centralized security that I would like to discuss to better understand just how XG plays a role in centralized security.
I have been thinking about the centralized security and I could be wrong on this line of thought, as I understand it Sophos can isolate a computer it considers a threat by centralized security with Sophos Central. What I am trying to figure out is exactly how this happens. From how I understand it the firewall or gateway does not have all traffic sent through it on a localized subnet i.e. computer A 192.168.1.20 can talk to Computer B 192.168.1.21, however if the traffic is sent between subnets via traditional or vlan i.e. computer A 192.168.1.20 to Computer B 192.168.2.21 then the firewall or gateway would be used. Meaning that the firewall can not isolate a device completely since not all traffic on a lan would travel through it if said devices were on the same subnet. Only traffic between separate subnets or to the outside internet could be blocked via the firewall. That being said the Sophos Central on the computer itself could block all traffic, but really this would require no intervention from the firewall to do so since everything can be blocked on the device itself. To add to this as an extra measure of security all other computers with Sophos central could be told ignore traffic from said device and the firewall could essentially block all internet or subnet traffic on that level as well.
Please share your thoughts!!!
This thread was automatically locked due to age.
