In this release, we’re enhancing the features in Sophos Central and adding several new features to Sophos Switch.
The key addition in this release is link aggregation in Sophos Central. This feature allows customers to configure link aggregation groups (LAG) from Sophos Central. We’ve also added several new features to the Switch local UI.
Link Aggregation Group (LAG) from Sophos Central
This feature allows you to combine multiple Ethernet/SFP links into a single logical link between two network devices for greater throughput and high availability. Admins will be able to configure LAG groups from Sophos Central at the site level and switch level, along with other port settings in Sophos Central.
An admin has the option to combine two or more ethernet or SFP/SFP+ ports in a LAG port configuration and also configure different port speeds for the LAG ports. These LAG ports can be used to create VLAN configurations at the site or switch level.
Switch Local User Interface features
1. Global UI search
Global search in the switch local UI allows an admin to enter keywords in the search field and will then list all matching entries containing that keyword. Clicking on one of the search results will take you directly to the configuration page, making navigation faster and simpler.
2. MAC address filter
MAC-Address Filtering (MAF) allows you to block traffic from a specific VLAN-MAC combination. Only the unicast MAC address can be configured in a MAF entry. Multicast and broadcast addresses are not supported in this function.
3. IP source guard filter
The host IP address can restrict access permission via source validation for security issues. IP source guard is a per-interface traffic filter that permits all IP packets, except for DHCP, only when the IP address and MAC address of each packet match one of two sources of IP and MAC address bindings (DHCP snooping table and static IP source entries that you configure).
4. Cisco-compatible discovery protocol
Cisco Discovery Protocol is a layer 2 protocol developed by Cisco Systems to show device information between Cisco machines. After enabling CDP, devices can view information of connected Cisco/CDP-supported devices, send CDP packets for neighbors to recognize the Sophos switch, and further improve the convenience of management on devices manufactured by different companies.
5. Priority-Tag Packet Ingress filter
The VLAN 0 priority tagging feature enables 802.1Q Ethernet frames to be transmitted with the VLAN ID set to zero. These frames are called priority-tagged frames. Setting the VLAN ID tag to zero allows the VLAN ID tag to be ignored and the Ethernet frame to be processed according to the priority configured in the 802.1P bits of the 802.1Q Ethernet frame header. The priority-tag ingress filtering function would ignore packets with the priority-tag to defend against attack packets using VLAN 0.
5. PoE Port Reset
PoE Port Reset is used to manually reset the PoE power supply of a specific port. After PoE power is turned off (CLI CMD: power reset), power will resume after the specified ‘power reset interval’ has passed. This feature can be used from the CLI mode by setting custom power reset intervals for each port and connected PoE devices will be powered on after specific intervals.
This feature is useful if a PoE device becomes non-functional or unresponsive and allows the admin to do a power reset of their PoE device.
CENTRAL UI: Some copper port speed configurations do not match local UI for CS210-24FP/48FP models
CENTRAL UI: Switch alert count on the summary page is limited to max. 100, even when the actual alert count is more.
CENTRAL UI: Diagnostics: Switch Web UI redirect links are not navigating to the specific local web UI page
CENTRAL UI: Locally configured VLANs will not be synced to Sophos Central
LOCAL UI: Not allowed to add dashes/underscores in VLAN name
LOCAL UI: The uplink tick is not displayed when the gateway’s MAC address expires from the ARP cache
POE: Port MGMT: CLOUD UI uplink port identification is not updated in some cases
CLI: Password rules not documented/explained
CENTRAL UI: No error/failure is marked for some invalid command executions using CLI from Sophos Central or vice versa
CENTRAL UI: Port conflict detection doesn’t work when SFP ports are part of the LAG configuration
Yes, this overwriting issue is horrible! When will it be fixed?
And why do you thing all the switches at the same Site use same VLAN-config and use same ports? Haven't you thought ther might be 8-port to 48-port switches for example.
1. Does this enable ssh from central to Sw?
2. Switch config overwrite issue:
Local switch config was over written by central switch config without warning ️ . This needs to be addresses.
3. Switch vlan info should be visible in firewall.
It's available for upgrade FW 01.2.1091 (MR2)
When will this be released and what will be the firmware version?