Thank you for your interest in the Sophos Firewall Webinar! Please find resources, answers to the questions asked, and the link to the webinar recording below.
Webinar recording:
Sophos Firewall: Optimizing Your Security Setup
Recommended resources:
- Harvard Business Review – Firewall misconfigurations
- Sophos Firewall Brochure
- Sophos Firewall SSL/TLS Decryption Guide
- Sophos XG EOL FAQ
- Sophos SG EOL FAQ
- Sophos Firewall IPS Policies
- Sophos Firewall Multi-Factor Authentication
- Sophos Firewall Security Management and Best Practices
- Sophos Community Forum
- Sophos Techvids
Q&A
Q: Is there a reason for choosing a physical appliance over a virtual deployment?
A: At the end of the day, it's all about fitting the organization's requirements. What works well for one organization may not be the best course of action for another.
With that said, some reasons come to mind for considering a dedicated physical appliance for your firewall.
Throughput - on a shared physical host, the NIC may be being used for multiple clients, leading to reduced throughput for the firewall.
Maintenance - on a shared physical host, any maintenance of the host may result in you having to power off the firewall leading to potential network down time.
Separation of Security - If the physical host becomes compromised, so does the firewall.
Fast Path Offloading - The XGS hardware comes with a dedicated NPU for trusted traffic offloading, virtual appliances will use a single CPU for all traffic processing which increases the CPU strain compared to a physical like for like appliance.
Q: Our organization needs to retain firewall reports for longer than 7 days, currently this doesn't seem to be possible?
A: This is correct. Firewall report retention is limited based on the size of your appliance and license. Typically, 7 days of reporting can be stored in central with the Standard Protection license, while with an Xstream license it’s stored for 30 days.
Alternatively, our Central Firewall Reporting Advanced package can increase it to a full year of data retention.
Q: Do you have any recommendations on defaults for applications filtering?
A: This will depend on the organization. We do provide pre-configured policies that automatically block peer-to-peer and games. An application policy may be best for other situations.
For example, if you only use TeamViewer for remote support, create an application policy that will block other remote support applications to limit your attack surface.
Q: I have an active subscription, but V20 MR2 is not showing for me. Any idea why?
A: This is most likely to do with V20 being a staggered rollout. If you have an active support subscription, your region may not have received it yet.
Q: Do I need SFOS V20 on existing XG Firewall to upgrade to XGS to transfer the configuration?
A: Yes – they need to be on the same OS. If you can upgrade your current appliance to V20 you can do a backup and restore before you do the migration to XGS.
You can also export and then import individual elements of your Firewall configuration to the new appliance rather than copying and pasting everything.
If you have issues with this, please contact your Account Manager.
Q: How do you configure the ZTNA gateway?
A: Please follow this link for detailed instructions: Setup a Sophos Cloud gateway
Q: How do you set up Generative AI policies?
A: To take advantage of the new Generative AI signatures and block, accelerate, and/or route these applications, consult the product documentation:
- Sophos Firewall Application Control Documentation and How-to Articles
- Sophos Firewall SD-WAN Application Routing