The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The following features are available in the Sophos firewall version 2.x.
Location awareness Location awareness is a feature of Sophos Client Firewall which assigns sets of rules based on the location of the computer.
A laptop may, for example, be assigned a more restrictive set of firewall rules when it is being used out of the office, since it will not have the added protection of the network firewall. Location is detected using either DNS or default gateway
Note that wireless bridging can be disabled but as part of the device control policy, and not as part of the firewall configuration.
New configuration wizard The opening screen lets the administrator choose to continue through the wizard or to go into the advanced firewall policy editor which can be used for more granular changes.
Alert only mode This mode allows you to roll out the firewall to the entire estate and then run in alert only mode whilst all applications on the network are used and discovered. These detections will be sent back to the console and can then be used to build the policy before rolling out a 'live' policy. For more information on how to roll out in this way, refer to Administrator roll-out guidelines for Sophos firewall version 2.0.
Event notification Firewall messages are now called events, to distinguish them from the more critical alerts such as virus alerts. They now appear in the event viewer from where they can also be used as part of policy development.
Adding rules via the event viewer With the new event viewer functionality the administrator can now simply add global rules (that apply to all polices) directly from the event viewer without having to visit each policy individually.
Hidden process detection The administrator can now disable hidden process detection from the policy.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.