Question about specific features in XG Firewall

Question

Hello, I attended a webinar today about XG Firewall and its general features and usage. During the webinar, the presenter mentioned that Sophos XG Firewall is able to know if a device has red health and then prevent it from reaching out to the internet or connecting to other devices on the network. I understand this feature as a concept because we utilize Sophos Endpoint protection in our environment, but my question is: How does XG Firewall differ in this regard from running only Endpoint protection? Doesn't Endpoint protection already provide this functionality through Auto-Isolating? What new features would XG Firewall bring to the table in a scenario such as this?

This thread was automatically locked due to age.

LuCar Toni · Accepted Answer

There are different modules active. 
 
 First the Endpoint itself can isolate everything to stop communicating with anybody anymore. So it build up a firewall to stop communication.But as the client is potentially affected, this can fail. 
 There is the HB Source/Destination firewall rules. You can use a specific state of the destination and/or source of the client/server to specific, if the client should be able to communicate. For example the client is RED, it will not be allowed to communicate through the XG Firewall to specific other hosts or WAN. 
 Then there is a lateral movement prevention. Basically XG will tell the other clients in the same broadcast domain to stop communicate with this Host. This will be done on a ARP/MAC level to make sure, no other client will communicate via Switch to the infected host. 
 
 The status (RED, Green, Yellow) can be setup by the Client or the XG Firewall. If the XG senses a ATP alert for example, it will push a new status to the client and trigger certain mechanism.

Question about specific features in XG Firewall

Top Replies