Best practice management when using more then one Sophos ecosystem product

Hi John,

This is a great question. Rodim made a great suggestion in advising you to connect with your Account Manager to get additional feedback on the points you mentioned. Our Sales Engineering team can also provide insight into this as they have a better understanding of customer environments and how Sophos' products best fit them.

The management interface you use will be heavily dependent on the features that will be most useful to you. If you need to centrally manage your APs across different locations, then Sophos Central would be the best option. If you prefer the more granular control you get using the local firewall to manage the APs, the Sophos Firewall would be best. 

If you need endpoint devices to filter allowed/blocked websites regardless of the location the device is in, it's best to use the Central Web Control Policy. If end-users are permitted to browse openly outside of the office or outside of work hours, then the Sophos Firewall can be used. 

In general, it's recommended to turn on HTTPS decryption on the endpoint side, this will alleviate some load from the firewall to allow for better performance. Our team has features in the pipeline that will allow the endpoint and firewall to coordinate where this type of scanning is done. However, I don't have information on when you can expect this due to this feature being early in its development phase. 

One feature you will want to leave enabled on the Sophos Firewall is "Zero-Day Protection," as this isn't present on the endpoint. The ML scan will be, but sandboxing isn't done on the endpoint. 

Hopefully, this provides some insight to allow you to make a more informed decision. Feel free to reply here if you have any questions or would like further clarification. 

Hi John,

This is a great question. Rodim made a great suggestion in advising you to connect with your Account Manager to get additional feedback on the points you mentioned. Our Sales Engineering team can also provide insight into this as they have a better understanding of customer environments and how Sophos' products best fit them.

The management interface you use will be heavily dependent on the features that will be most useful to you. If you need to centrally manage your APs across different locations, then Sophos Central would be the best option. If you prefer the more granular control you get using the local firewall to manage the APs, the Sophos Firewall would be best. 

If you need endpoint devices to filter allowed/blocked websites regardless of the location the device is in, it's best to use the Central Web Control Policy. If end-users are permitted to browse openly outside of the office or outside of work hours, then the Sophos Firewall can be used. 

In general, it's recommended to turn on HTTPS decryption on the endpoint side, this will alleviate some load from the firewall to allow for better performance. Our team has features in the pipeline that will allow the endpoint and firewall to coordinate where this type of scanning is done. However, I don't have information on when you can expect this due to this feature being early in its development phase. 

One feature you will want to leave enabled on the Sophos Firewall is "Zero-Day Protection," as this isn't present on the endpoint. The ML scan will be, but sandboxing isn't done on the endpoint. 

Hopefully, this provides some insight to allow you to make a more informed decision. Feel free to reply here if you have any questions or would like further clarification.