This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restoring a firewall configuration

Hi,

Is there any way of restoring a firewall configuration on a local PC that has been overwritten by the transfer of a configuration from Enterprise Console?

Thanks,

Joe

:159


This thread was automatically locked due to age.
  • Guess only if you have a recent backup of  "All Users" (Application Data\Sophos\Sophos Client Firewall\Configuration.conf)

    Christian

    :165
  • While 2.0 brought a number of improvements - one of them the facility to configure firewall policies using the event viewer - some issues are still open in different areas. I will mention some of them here in a single post.

    • Checksums: it is recommended to use automatic software updates whenever possible. Being pedantic I say, using checksums precludes automatic updates. Even if I you have 7x24 SCF administration and can update the configuration within minutes there's still the problem of "outside" clients - unless you have a message relay in the DMZ.
    • Leads to the second point: Interactive mode. As Joe has found out (no malice intended) a modified policy on the client is expeditiously overwritten when a policy is changed in SEC - reverting the changes made by the user. Since you might want to use interactive mode for (at least part of) your IT staff you should never ever touch the policy assigned to them. The drawback is that they'd have to configure "global" changes manually (importing new configur ation items in merge mode).
    • Consolidating rules: it doesn't take long to end up with a plethora of rules in different parts of the configuration (and if you are not disciplined the y are conveniently named Learning Rule #nn).  

    No suggestions made at this point - I just trying to instigate some discussion

    Christian

    :181
  • Just some extra information about the circumstances. The PC is used by a member of the IT staff and he adjusts the firewall as he sits fit hence that's why he has his own configuration. The PC was being updated from Sophos 7 to Sophos 9 when the configuration was overwritten.

    This is not the first time I've mistakely overwritten a custom configuration. And I know I should have a backup, etc. but the mechanism for ensuring the configuration in Enterprise Console is a little clunky. As far as I know, and I'm happy to be corrected, I would have to remember (in my head or on some paper) the target PC has a custom configuration, go to the PC and obtain the configuration and then import it into Enterprise Console. It would be nice if Enterprise Console could do this for you. I suppose a bare minimum of an improvement might be a check by Enterprise Console to say the target PC has a custom configuration and halt the updating. Then you have the opportunity to import/backup the custom configuration or decide to overwrite it.

    Joe

    :182
  • Don't assume the guys at Sophos haven't used the brains :smileywink:. If you think it through you'll always end up with contradicting requirements. "Custom configuration" would be "interactive" mode. Once you set it for a larger group of endpoints you might get stuck . Remember - policies apply to groups and now you might face the problem how to reset this setting (without again affecting the "wrong" endpoint(s).

    In my opinion the best solution for the moment would be an additional management server. (For the hardcore hackers: unless you put the RMS configuration in your CID you can use your regular update location and get rid of SUM on the additional management server - it comes with a price though)

    Christian

    :184