Sophos Central Firewall-Group: Clarification needed, how do these Policys get applied

Hello,

We got many customers with fully configurated firewalls, no groups in use currently.

We want to bundle all customers into a group that contains a policy with URL-exceptions. We hope that this would only add them, and wont touch configurations(like rules and policies) in the targeted firewall that is unconfigured(default) in the Policy of the group.
sadly it isnt clear to me, based on the documentation at docs. sophos. com/central.

Could you please clarify if we are safe to deploy groups with additional URL-exeptions without risking the rest of the targeted firewall that is added to the group?

Parents
  • Central will apply configuration based on the namens. 

    Central will push the name with value to the firewall, if the name exists, it will be overwritten with the value selected in Central. If the name does not exist, it will be created.

    You can also import an existing Firewall to central (by creating a new group) and then work from there. 

    But generally speaking: Pushing a Template to a firewall will work based on Namens. 

    __________________________________________________________________________________________________________________

Reply
  • Central will apply configuration based on the namens. 

    Central will push the name with value to the firewall, if the name exists, it will be overwritten with the value selected in Central. If the name does not exist, it will be created.

    You can also import an existing Firewall to central (by creating a new group) and then work from there. 

    But generally speaking: Pushing a Template to a firewall will work based on Namens. 

    __________________________________________________________________________________________________________________

Children
  • EDIT: You are 100% correct.
    As the Sophos Supporter now told me: If you dont touch a category, it wont get applied to the targeted and configured Firewall, so no unintended overwrites.
    Thanks again!

    OLD MSG:
    Thanks a lot, this should answer my question in terms of the Rules and Policies and URL-exceptions.
    I just noticed that there are categories on the left side, like "management"(loosly translated from german to english), with the tab "admin-setting(translated aswell), these settings arent the same for every customer, do i risk overwriting these settings on the targeted firewall, because i didnt find a way to include/exclude theses categories.


    Best regards
    Fabian