This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Updating firewall rules from SEC overwrites local custom rules

Hi,

Is there a way to update Sophos client firewall rules centrally without overwriting the local custom rules from users?

We have set of common rules which we'd need to administer centrally, but our developers need to create custom rules, and currently they will be overwritten when we'll update the central rules.

If this is not possible, what could be the best practice? Create a group for those computers which can't comply with our central rules and not update ever any policy configured for that group.

BR,

Olli

This thread was automatically locked due to age.

0 QC over 6 years ago

Hello Olli,

a policy from the console overwrites the local changes (this is true for all policies), editing a policy causes the policy to be sent when you click OK (same as using Comply with ...) - but I'm only repeating what you have already seen.

You'd have to put them in a group for that you either don't touch the firewall policy (and be careful not to use Comply with all policies) or you create a merged policy (if this is feasible). As long as you add rules to your central policy merging the local and central policies on the endpoints might be an option (please see Merging rules and Expected behavior). Be aware that merging is rather simplistic though.

And - it's a good idea that your developers export (i.e. back up) their policy after making changes.

Christian
Cancel
Vote Up 0 Vote Down

Cancel