What's new in Enterprise Console 4.5?

Hello Banter,

"very shortly" means it's still several weeks - mid-year I expect.

What are these "niggles"? Didn't take a closer look at SEC4.5/SCF2.5 (basically just checked 64-bit support) and found no glaring changes but perhaps I could give you some information. 

Christian

Hi Christian,

Thanks for your prompt reply to my post.

Forgive me if I've missed something, I'm still finding my way around SEC and the firewall setup before I deploy it to the 250 odd machines in our enterprise.

I've got a test policy which is being used by half a dozen machines in training - I've allowed traffic by default and am adding rules as I go along. Rules are being added from the View > Firewall Events, and directly into the Policy editor. One of the niggles is that its not clear which applications/events have had a rule created for them and which haven't. Even if I refresh the search criteria for events "In the last hour" with  "No application rule" my list doesn't change. So how do I know which events need further attention and probably a rule creating. This is compounded by the fact that there isnt a function or report to see the detail of the rules being applied without going into each individual rule. I'd like to see 2 things: 1, a simple function that shows me which events are not catered for in a firewall rule, and 2, a holistic view of all my rules.

Thanks again.

Hi,

Also, if a machine is moved from a group that has a firewall policy configured, but that machine does not have the firewall module installed, I would have liked it if SEC installed the firewall before it applies the policy. At the moment you need to rerun the Protect Computers wizard to install the firewall (not a show-stopper, but it would be a slicker management tool if this was automated, especially when working with the (rather good) AD synchronisation feature - move a machine between AD containers and you know that the correct Sophos components will be added/removed as necessary by SEC).

Cheers

Banter

Don't mention it!

I fear that there haven't been any significant changes in this respect. I know that this has already been requested. Also it's (still) not possible to create a rule from several events (but as this can be "dangerous" it's not easy to implement. It would be possible to indicate that a rule has been created for an event. But then you might want to create different rules from a single event. The holistic view - also something I'd wish but I think it'd require a major rewrite (whether this is justified depends on the customers). Preparing for 2.5 the focus was understandably on Win7 and 64-bit support and not on the "management experience" so to say.

Same is probably true for automated SCF installation if it's not yet on the client but set for the SyncPoint.

Though I have the feeling it has improved  - you get a manageable list of events when you start from scratch which was in my recollection not the case with SEC4.0.

Christian

Thanks Christian,

Sounds like we need to start a campaign for the 'holistic view'!

Anybody else reading this post that wants greater management visibility of what the firewall is doing - post a reply!

We might be too late for 4.5 or even 4.7, but lets get it on the feature list for 5.0 eh?

The 'manageable list of events' sounds interesting. I'll await its release with some degree of hope.

In the meantime, following discussion with my colleagues I think we're going to take a softly softly approach, follow the phased rollout guidelines, and just tighten up the inbound ports, leaving outbound open.

Cheers

Banter