Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 1742 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Difference Sophos Firewallmanager / Sophos Central Firewall Magager

Dr Brezner

Hey there!

We are a service provider with many Sophos XG customers. We want to manage the XGs centrally. There are two options: Sophos Firewall Manager on premises or Sophos Central Firewall Manager. Do these two products have the same feature set? Not even Sophos sales could answer this question.

Best

Matthias



This thread was automatically locked due to age.
Parents
  • +1

    In fact there are 3 tools to manage firewalls. 

    SFM/CFM are both EoS and will go EoL in a short period of time. See: https://support.sophos.com/support/s/article/KB-000035279?language=en_US#xgfirewallsoftware

    SFM/CFM are Tools (SFM on Prem - Costs, CFM in the Cloud, for free for Partners) to manage firewalls. 

    There is CM (Central Management), which will be the Product to take over both EoL Products. 

    SFM/CFM are likely the same. CFM is hosted by Sophos, SFM is hosted by the customer/Partner. Both doing the same, only the registration process is different. 

    CM is using Central as a platform and interact differently with XGs. https://www.sophos.com/en-us/lp/xg-firewall-in-central.aspx It uses the Heartbeat channel to interact with Central. There is some work to do, to migrate all features, which exists in SFM/CFM to CM. 

    Central Management needs to launch a Central Admin instance per customer. Currently there is no interaction between Partner Portal and the customer Central Admin Instance beside the SSO Login to every Central Admin instance. So if you have multiple Central Admin accounts (per customer), you need to setup the firewalls per customer. The partner management should be included by the time, CFM will go end of life. 

    CM is for free. So it can exists, even if you do not have a Central product or a Firewall subscription. Central Accounts will start with a 30 days trial for all Central products, like Endpoint, InterceptX etc. , but the CM for XG will exists, even if all products expire. 

    There are certain detail features, which are not exists in CM right now, but most of those features are on the roadmap considered to be released until the EoL of SFM/CFM. 

    The Firewall configuration part in CM needs V18 to work. So you have to upgrade your Firewall to V18, to be able to configure it. Alerts, SSO login, backups etc. will work with V17.5.

    I always recommend to start with CM, as this platform is the future to going forward. 

Reply
  • +1

    In fact there are 3 tools to manage firewalls. 

    SFM/CFM are both EoS and will go EoL in a short period of time. See: https://support.sophos.com/support/s/article/KB-000035279?language=en_US#xgfirewallsoftware

    SFM/CFM are Tools (SFM on Prem - Costs, CFM in the Cloud, for free for Partners) to manage firewalls. 

    There is CM (Central Management), which will be the Product to take over both EoL Products. 

    SFM/CFM are likely the same. CFM is hosted by Sophos, SFM is hosted by the customer/Partner. Both doing the same, only the registration process is different. 

    CM is using Central as a platform and interact differently with XGs. https://www.sophos.com/en-us/lp/xg-firewall-in-central.aspx It uses the Heartbeat channel to interact with Central. There is some work to do, to migrate all features, which exists in SFM/CFM to CM. 

    Central Management needs to launch a Central Admin instance per customer. Currently there is no interaction between Partner Portal and the customer Central Admin Instance beside the SSO Login to every Central Admin instance. So if you have multiple Central Admin accounts (per customer), you need to setup the firewalls per customer. The partner management should be included by the time, CFM will go end of life. 

    CM is for free. So it can exists, even if you do not have a Central product or a Firewall subscription. Central Accounts will start with a 30 days trial for all Central products, like Endpoint, InterceptX etc. , but the CM for XG will exists, even if all products expire. 

    There are certain detail features, which are not exists in CM right now, but most of those features are on the roadmap considered to be released until the EoL of SFM/CFM. 

    The Firewall configuration part in CM needs V18 to work. So you have to upgrade your Firewall to V18, to be able to configure it. Alerts, SSO login, backups etc. will work with V17.5.

    I always recommend to start with CM, as this platform is the future to going forward. 

Children