Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1047 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central Firewall Management - synchronize in both directions

Florian Mueller1

Hello,

I have an XG virtual appliance in my testlab with configured central synchronisation to my Sophos central account.

So far its working and I can manage my firewall rules from the sophos central management that are synchronisized to my virtual sophos xg appliance.

But for now its only syncing the rules from the central management to the xg appliance but not in the way from the xg to the central management.

So how can I configure that the already existings firewall rules on the xg firewall are synced to the central management automatically?

I dont found a setting to sync the firewall settings in both directions. How can I do this in the management or firewall settings?

Thanks and regards,

Florian



This thread was automatically locked due to age.
  • 0

    Hi,

    in theory you shouldn’t be making changes on the firewall only the cm.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    okay understood. But how can I sync the existed config with all firewall rules to the cm before I begin to making changes over cm?

    Is there any possibility to push the config from the fw to the cm?

  • 0 in reply to Florian Mueller1

    You should see them when you log into cm.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    ok I see them directly when clicking into the firewalls policy settings.

    Other question; Is it no possible to push settings like VLAN or zoning configuration via cm to a firewall group? 

  • +1

    Central can currently Import the "current config" while creating a new group. This will reflect the current status. Working on this group, you can config the new settings on Central and sync those changes back to firewall. 

    Next step is "locking of configs" to avoid changes on Firewall.

    A sync from Firewall to Central is likely a issue, as it open new issues "What happens if you change it on the firewall, will/should it change on all other firewalls?" etc. There are several issues, therefore the next step is to lock the objects on firewall itself to avoid this mismatch. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Okay thanks for the info. The current config import with creating a new group was working.

    But on the local fw I have a few zones configured and on the cm I  only see one zone, but on the fw are 10 zones created. Why its not syncing all to  the cm?

    Also its showing the zone as a dynamic object, is that correct?

    And how can I "lock the config" on the fw, so no issues are happening when modify the config on the local fw and on the cm`?

  • 0 in reply to Florian Mueller1

    The object locking is not implemented yet and is on the roadmap for the next thing to do. 

    Zone concept is not something, you can import, because the zone concept is "per firewall". Therefore if you have a zone, you need to specify the zone via dynamic object per firewall first and then you can use the object within your firewall rule. 

    __________________________________________________________________________________________________________________

Cookie Information Banner