Schedule firmware updates - XG

Firmware Updates while i am asleep. My nightmares comes true. 

Even if this works 99% of the time, the one time is always scary. I never recommend to do this in such a manner. In my years working with both products, there were a lot of cases of failed upgrades and "calls in the morning". I would not recommend to do this at all. 

You should start to figure out a way to manage your customers via Central. Is there a reason you dont? 

Central is the key for a lot of parts in the management and the security of customers. 

The answer to your question is quite simple: Why should Sophos invest in a feature, which is already there and perfectly fine working? Sophos could build this in the Firewall, but why? If a customer wants to do this for 10 firewalls, he/she can do this in Central with one click. 

So to develop this in the firewall itself is actually a downgrade of the existing feature. 

We have many customers who have another company as their preferred partner, but come to us for firewall support for one reason or another - so we have no access to their firewalls via central?

On the one hand, i would recommend to become a security partner, not a network partner anymore. Security is not a "firewall only" matter anymore. 

About your point, you could get a superadmin account within your customer Central accounts, if they are managed by another partner in this matter. This makes more things complicated from this part. But basically the next steps in the Central Management administration is API support, which means, you could get API credentials and rebuild this feature in a API without the Partner Dashboard. 

Hello LuCar Toni,

I think the main reason why this feature is not implemented (and never will be) directly in SFOS is to try to sell Central as a product as much as possible.
At all costs, even if Sophos partners are dissatisfied .....

Regards

alda

What is the advantage of implementing the same feature again on another level? Central can already do it. 

Please read again what Ryan wrote, might you may understand the needs of your partners.

Regards

alda

Maybe some users wouldn't want to connect it to central. Are you aware of the bug that currently exists where the /conf partition fills up and once it hits 100% the box goes into failsafe? One of the fixes we have been advised is to turn on database pruning (which isn't on by default) after connecting to central.

With complexity comes risk, some users may want a clean tight environment with no cloud integration.

I would disagree on this term. From my point of view, investing in a redundant feature (for most partners/customers) is not worth the time. There are other more important features to implement than something, which is already there and which can be done for most customers. 

There might be some customers not doing it for some reason: but those are not the most partners. 

Hello Ryan,

can you share the details about the bug and that fix?

Sure, https://support.sophos.com/support/s/article/KB-000042474?language=en_US I've found this only help in some cases, in other cases you need to raise a ticket, request escalation to GES and then level 2 will apply a patch as there isn't a fix at present. Current firmware's at time of writing: 18.5.3/19.0.0

Do not allow /conf to exceed 99% or you can kiss your firewall tele bye bye (I say don't allow it - I don't know how to control it other than the methods I've mentioned)

That is actually the power of SAC (sync app ID) and its capability of creating own Apps for every app existing on the market. So if you have the situation: Small Appliance + many devices without any cleanup, this can be a result after some time, if you network is very "migrating" (means getting new apps all the time). 

Personally i never occur this situation before, but saw the issue reported by partners using SAC + small appliances. 

I would recommend to keep a cleanup nevertheless to have a better overview. An app not being used for more than 3 months seems to be outdated anyway. 

BTW: https://partnernews.sophos.com/en-us/2022/06/products/whats-new-and-whats-next-for-central-firewall-management/

BTW: https://partnernews.sophos.com/en-us/2022/06/products/whats-new-and-whats-next-for-central-firewall-management/