Since the Thomas Bravo purchase Sophos has been a slow train wreck. The latest is them killing off the SUM with no real way to centrally manage XG firewalls (which are slower then UTM). What are your guy's thoughts? Are you finding a new vendor? Who are you choosing?
Ok fair point. Let me clarify my question. How can I press one button and update ALL of my firewalls? Do you know how long it takes a tech to log into the Partner Portal then move to Central then find the customer then access their portal then click on firewall then find the firewall, then update the firmware? Time it and get back to me.
In sum I can update hundreds of firewalls in under 5 clicks. There is NO comparison.
"This should not be the case on potent hardware. For example the XGS Hardware is faster compared to a SG105. The difference between UTM and SFOS is basically the way those products interact with the configuration. UTM uses a middleware, SFOS uses a database approach. Which means, the database will be queried on each and every "click" as you say. This highly rely on hardware and if you give the OS a potent hardware like XGS, it is most likely quicker compared to UTM. "
"This should not the case? So basically if you integrate a firewall within Central, it will create a token based connection and should stay there. I am not aware of any cases, which looses the connection. But for the next release, there is a easier way to integrate Central with a SFOS appliance via API credentials. "
"UTM SUM = Update all firewalls quickly
As you can see above, this is possible. "
"I basically advise partners and customer to migrate to SFOS in plenty of integrations. Therefore i know the blockers and limitations, which can come up. And for a customer with 200 firewalls for example, you should consider to revamp the entire network stack anyway. Most likely those customers run there entire config for 10 years + and there configuration is "old school", which means, there are rare security reports run, nobody knows what is going on in there network etc. Even network segmentation is not everywhere implemented in 2021. So it would be a good step to rethink there network: Like VLAN segmentation, like Firewall rules, like proxy implementation. Are you doing HTTPS decryption? If not, why not? Do you know the risk of running such networks in 2021? See: https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2021-threat-report.pdf"
"Did you look at the PSA Integrations, which are today available? https://www.sophos.com/en-us/partners/managed-service-providers/integrations.aspx"
"
I was promised over a year ago you could easily manage XG via central. Not delivered.
There were some significant changes in the last months to Central. Maybe you should take a look at it. "
Of course, there have been changes. What I believed until recently was that Sophos was MSP friendly. They are not. And it looks to me that they are not making enough of an effort to become more MSP friendly.
LuCar Toni I am sorry you stepped into this. I have been a partner for 10+ years. To ask me "have I this" and "that I that" honestly is not knowing your audience. I have talked about this until I am blue in the face. NO ONE that makes decisions is listening.
So, I am here SCREAMING to see if anyone is listening because for me to move away from Sophos now will cost me tens of thousands of dollars. And it would be interesting to see if I am the only one that complains or are there others that feel the same way.
Ok fair point. Let me clarify my question. How can I press one button and update ALL of my firewalls? Do you know how long it takes a tech to log into the Partner Portal then move to Central then find the customer then access their portal then click on firewall then find the firewall, then update the firmware? Time it and get back to me.
In sum I can update hundreds of firewalls in under 5 clicks. There is NO comparison.
Let me try again: You can use the API next quarter to do this with one click. Currently it is correct, SUM was build for a customer in mind, like Central. But SUM was also used by partners to manage there customers. Which is actually quite "problematic". Simply because you start to harvest data in one appliance for multiple customers. I know, there were some partners actually concern with this in Europe. Nevertheless, the approach in Central is differently, because Sophos now uses the context of tendants (per customers) to completely separate the instances. Now Sophos will bring together data in a partner setup. The next step is to open up API for firewall management. This means, you could simply integrate a "one button" script, which upgrades 1000 firewalls of all customers with one click. That is the plan to integrate this in the next release cycles.
"This should not be the case on potent hardware. For example the XGS Hardware is faster compared to a SG105. The difference between UTM and SFOS is basically the way those products interact with the configuration. UTM uses a middleware, SFOS uses a database approach. Which means, the database will be queried on each and every "click" as you say. This highly rely on hardware and if you give the OS a potent hardware like XGS, it is most likely quicker compared to UTM. "
So on my XGS136, i do not have any issue what so every with the integration of doing anything. Same for my SG450 and my Azure Appliance. My XG106 is quite unstable in the load, that is true.
"This should not the case? So basically if you integrate a firewall within Central, it will create a token based connection and should stay there. I am not aware of any cases, which looses the connection. But for the next release, there is a easier way to integrate Central with a SFOS appliance via API credentials. "
Oddly, maybe this is fixed with the next release for you. Because i never got approach by anybody (in this community or by any of my peers) about this issue. With the integration of API credentials, this would be easier.
"UTM SUM = Update all firewalls quickly
As you can see above, this is possible. "
See above. This is correct for the customer itself. If the customer uses 100 firewalls, he can do a single click upgrade. Login to Central, click on Firewall, click on the group, upgrade all - Now.
"I basically advise partners and customer to migrate to SFOS in plenty of integrations. Therefore i know the blockers and limitations, which can come up. And for a customer with 200 firewalls for example, you should consider to revamp the entire network stack anyway. Most likely those customers run there entire config for 10 years + and there configuration is "old school", which means, there are rare security reports run, nobody knows what is going on in there network etc. Even network segmentation is not everywhere implemented in 2021. So it would be a good step to rethink there network: Like VLAN segmentation, like Firewall rules, like proxy implementation. Are you doing HTTPS decryption? If not, why not? Do you know the risk of running such networks in 2021? See: https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2021-threat-report.pdf"
It highly depends with the integrations you are running and the amount of changes you want to do. With the Partner Portal integration (template support), you can manage multiple firewalls in multiple tentends at the same time. It will simply push the config of your firewall to all customers, you select. The question is, how much work do you do locally. If its "object pushing" that is easily possible nowadays. If you want to change this on a complex level, the question is, what is your plan as a partner.
Most MSP i know work with templates in XML format. They simple prepare everything as a XML import and deploy XML file 1 for customer "type" 1 and XML file 2 for customer type 2. Then they difference on a much broader scale between there customers. Because i see plenty of MSPs confusing MSP with reseller jobs. MSP basically should mean, as a MSP you are responsible for the configuration. When a MSP tells me, he wants to give access and full write permission to Central to his customer, this will lead likely to confusion and problems.
"Did you look at the PSA Integrations, which are today available? https://www.sophos.com/en-us/partners/managed-service-providers/integrations.aspx"
I was promised over a year ago you could easily manage XG via central. Not delivered.
There were some significant changes in the last months to Central. Maybe you should take a look at it. "
Yes.
I am not able to answer this question.
Yes, as you can integrate the API into your MSP life.
Yes, see APIs.
Of course, there have been changes. What I believed until recently was that Sophos was MSP friendly. They are not. And it looks to me that they are not making enough of an effort to become more MSP friendly.
There are currently more efforts towards MSPs to get them better integrated. I can only highly recommend to get in touch with the Sophos MSP team, if you want to discuss this further.
LuCar Toni I am sorry you stepped into this. I have been a partner for 10+ years. To ask me "have I this" and "that I that" honestly is not knowing your audience. I have talked about this until I am blue in the face. NO ONE that makes decisions is listening.
I am just here to keep you up the speed, what is going on on the solution, Sophos is offering, because Central is getting new features every 4-6 weeks. And looking at the channel, often there are things not seen. Therefore this is just a open exchange between information.
So, I am here SCREAMING to see if anyone is listening because for me to move away from Sophos now will cost me tens of thousands of dollars. And it would be interesting to see if I am the only one that complains or are there others that feel the same way.
__________________________________________________________________________________________________________________
Did you look into the Report? This one is actually from Sophos Labs. It is always about, who is responsible for the security. Looking at Amazon (AWS) and Central, there are big steps and effort to keep this secure. I am not sure, if the same kind of energy is used to keep a on premise setup up to date.
__________________________________________________________________________________________________________________
No, it was the first result on a search for "cloud data breach", you can find many more instances if you are interested.
I am not sure, if the same kind of energy is used to keep a on premise setup up to date.
And......that doesn't matter because the SUM is located inside my secure networks, not publicly accessible. That is why I prefer this setup.
Do not think, a network is secure anymore. That is the reason, companies and security provider start to highly invest into Zero Trust. Simply because this is not true anymore.
See: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophos-2021-threat-report.pdf
Because if i breach (somehow) your network layer, i can do "everything".
__________________________________________________________________________________________________________________
Brilliant work, Toni, as usual, but even you can't make a silk purse out of this pig's ear. I fear that this was a decision that the C-suite will regret not rescinding.
Cheers - Bob
Do not think, a network is secure anymore. That is the reason, companies and security provider start to highly invest into Zero Trust. Simply because this is not true anymore.
Bingo.
Then just keep using it. EOL only ends support for it. You can keep using it after EOL. Their own article even states this.
https://support.sophos.com/support/s/article/KB-000043103?language=en_US
You still have another year to look at Central and migrate to it. Not the end of the world. SUM has been a dying horse for a while.
XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | GB Ethernet x5
