Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1020 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central Firewall Management - synchronize in both directions

Florian Mueller1

Hello,

I have an XG virtual appliance in my testlab with configured central synchronisation to my Sophos central account.

So far its working and I can manage my firewall rules from the sophos central management that are synchronisized to my virtual sophos xg appliance.

But for now its only syncing the rules from the central management to the xg appliance but not in the way from the xg to the central management.

So how can I configure that the already existings firewall rules on the xg firewall are synced to the central management automatically?

I dont found a setting to sync the firewall settings in both directions. How can I do this in the management or firewall settings?

Thanks and regards,

Florian



This thread was automatically locked due to age.
Parents
  • +1

    Central can currently Import the "current config" while creating a new group. This will reflect the current status. Working on this group, you can config the new settings on Central and sync those changes back to firewall. 

    Next step is "locking of configs" to avoid changes on Firewall.

    A sync from Firewall to Central is likely a issue, as it open new issues "What happens if you change it on the firewall, will/should it change on all other firewalls?" etc. There are several issues, therefore the next step is to lock the objects on firewall itself to avoid this mismatch. 

Reply
  • +1

    Central can currently Import the "current config" while creating a new group. This will reflect the current status. Working on this group, you can config the new settings on Central and sync those changes back to firewall. 

    Next step is "locking of configs" to avoid changes on Firewall.

    A sync from Firewall to Central is likely a issue, as it open new issues "What happens if you change it on the firewall, will/should it change on all other firewalls?" etc. There are several issues, therefore the next step is to lock the objects on firewall itself to avoid this mismatch. 

Children
  • 0 in reply to LuCar Toni

    Okay thanks for the info. The current config import with creating a new group was working.

    But on the local fw I have a few zones configured and on the cm I  only see one zone, but on the fw are 10 zones created. Why its not syncing all to  the cm?

    Also its showing the zone as a dynamic object, is that correct?

    And how can I "lock the config" on the fw, so no issues are happening when modify the config on the local fw and on the cm`?

  • 0 in reply to Florian Mueller1

    The object locking is not implemented yet and is on the roadmap for the next thing to do. 

    Zone concept is not something, you can import, because the zone concept is "per firewall". Therefore if you have a zone, you need to specify the zone via dynamic object per firewall first and then you can use the object within your firewall rule.