CLI - which settings are changed?

Never had the use case of showing the altered configuration. I assume, there is no way to see this. You would (and should) do a call with the customer to get a current status and review the config. If you think, there is an issue, you should consider to change that (Security or config issue). 

Hi,

@Never had the use case ...

Realy, this is my daily/weekly business. Many of my customers are not aware about the config of a firewall. And why should the competitor document all things what they had configured? This is not the reality.

Cisco, Juniper, Fortinet, PaloAlto - all these manufacures are able to run a "sh running-config" with all current settings.

I know, Sophos is GUI driven, but there a many settings which are not reflected onto the GUI, like UDP Streamin Timeouts, and so on.

It is very unpracticable to run for EACH CLI Setting a show command. And in that case we have to compare it with the default settings.

For SOPHOS, it should be easy to produce a settingslist which differs from the defaults.

This is a neccessarry - not a feature.

THX.

Most of my customers, i talked to, have there fixed Partner. Happy you can win customers and take them under your guidelines but that seems not the case for the people i talk to. 

Agree there is always room for improvements and CLI (cish) not the best documented config. But most of your vendors have a full config interface in CLI, which SFOS does not. You have on CISH basically just config settings, which never made it into the GUI for whatever reason. 

This is a ideal situation which I never had bevore. We win many customers for some reasons. Most of this cases are "cold" takeovers.

So we have to dive into each CLI setting.

I mean, this can't be.

THX

Guenter.

you could decrypt a config and compare it with a blank appliance config of the same SFOS Version.

Decryption explained here: https://medium.com/@gmanual/sophos-xg-decrypt-backup-file-2c5bc8d6347f

This works with win32openssl-1_1_0f if you are on windows.

But I don't know where you would find console changes in that config. I found several CLI changes in the db.dump file (unencryptedconfig\unencryptedconfig~\.\\conf\backupdata\\device.backup\)

An other approach would be to study CLI Reference (Hey Sophos where is that documentation for v18?)

and execute all commands that have a show parameter. No nice work.

THX - this is very helpful.

It seems all CLI settings are stored in the tabe tblconfiguration.

Unbelivable that Sophos is not able to create a simple Tool which shows these settings in on command like, sh cli-changed-settings.

Mybe it is too simple.

It is not about "Able to create", its about the priority. Because there are other items more important right now. Sophos is currently highly investing in XDR. See: https://community.sophos.com/intercept-x-endpoint/early-access-program/b/blog/posts/xdr---detection-and-investigation-early-access-program and other tools like upcoming V19. 

As mentioned earlier, never had this query in the first place. CLI is something still under review, how to interact with this better and properly redesigning the CLI for a configuration API.