Sophos Central Firewall Manager (CFM) Upgrade

Hi XG Community,

We recently upgraded Sophos Central Firewall Manager (CFM). This update contains features and bug fixes.

Compatible SFOS versions

This upgrade supports firewalls running on the following Sophos Firewall OS (SFOS) versions:

  • SFOS v16.05 - RC-1, GA, MR-1, MR-2, MR-3, MR-4, MR-5, MR-6, MR-7
  • SFOS v16 – MR-1, MR-2, MR-3
  • SFOS v15 - GA, MR-1.1, MR-2, MR-3

 

Compatibility Matrix

 

What's new in this release

  • Manage Sandstorm configuration settings.
  • Sandstorm license covered in Device monitor and alerts.
  • Create template from firewall running on latest SFOS versions

You can now create a template in Firewall Manager by importing configurations from an XG Firewall running on SFOS version(s) released after the Firewall Manager. Refer Compatibility Document for details.

This support may not work in some cases like major workflow or structural changes in SFOS. The template created will have configuration of the features supported by the Firewall Manager.

  

Bug Fixes 

  • NCCC-5178 – VPN tunnel is not activated on firewall when a Template with VPN configured and tunnel activated is applied
  • NCCC-5235 – XG admin password changes from Firewall Manager at group level do not apply on the firewalls running on SFOS 16.05 MR-5 and MR-6
  • NCCC-5110 – While adding a device manually, CFM does not support lowercase and white spaces in the device serial number.
  • NCCC-5101 - Monitoring dashboard displays ‘Data not available’ for XG Firewalls with company name exceeding 50 characters.
  • NCCC-4930 – Version of a firewall running on SFOS v16 is displayed as null when CFM is upgraded.
  • NCCC-4775 – Message: ‘Duplicate entry not allowed’ is displayed when a Firewall Device is added in CFM and it gets monitoring data of firewall at the same time.
  • NCCC-4737 – Firewall sync stops on CFM upgrade if there are configuration changes between Firewall & CFM and communication between them breaks due to network connectivity.
  • NCCC-4686 – Device Interface details in monitoring dashboard displays incorrect information.
  • NCCC-5146 – When a user adds a host in multiple host groups in CFM and synchronizes this change with XG firewall, the host is displayed only in the last host group in which it was added.
  • NCCC-5174 – When a SSL VPN policy group added in a firewall rule on CFM is applied on a Firewall, it does not appear in the firewall
  • NCCC-5236 – When a user adds a DNAT/ Full NAT/ Load Balancing business rule in CFM and applies on XG firewall: 
    • The Create Reflexive rule gets unchecked
    • Malware Scanning section is added where Scan SMTP and Scan SMTPS are enabled.
  • NCCC-5207 – When a template is applied to XG Firewall from CFM, message in event viewer displays wrong time.
  • NCCC-5242 – In case of more than 1 SNMP community with same name but different IP addresses, imported template has some configuration missing.
  • NCCC-4747 – Translation error for Traditional Chinese language in Add Firewall wizard.
  • NCCC-4725 – Firewall Manager UI stops responding when user tries to download all the listed compatibilities at the same time.
  • NCCC-4598 – Checkbox against a firewall device on managed devices list page is disabled when this page is opened after visiting device level view of that firewall

 

Feedback

Please provide feedback and discuss this upgrade or other aspects of the product with fellow community members and Sophos staff here on the forums.

If you have any feedback on our help, manual, or any documentation (Online Help) please send it to nsg-documentations@sophos.com.