For firewall rules that allows access to a sensitive system (host) and where access is usually not required all the time, it would be nice to have a feature to enable them manually when needed but with a timer that disables the rule after 60 minutes or one day etc. Then it would not happen that such a rule remains open when someone forgot to disable it again. We have several rules that have been created but are only enabled when requested for system updates or support access to sensitive hosts. SSH is one of such services.
Is such a feature request known to Sophos?
Hi LHerzog,
Thank you for reaching out to Sophos Community and for the feedback.
Upon checking, there’s no such feature request; kindly contact Support to get this link to your account.
Erick Jan
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Thanks, I will. Some competitors like Sonicwall or Fortinet already have this.
Sonicwall: "once" Schedule
Fortinet: "firewall policy expiration"
Hello,
If you go to the Firewall Rules, click "During scheduled time," click Add Schedule, and select One Time, you can select a Start date, end date, and time within the same calendar for the Firewall rule to work.
I believe you want like a timer that you can set, but I believe working with the above might work for you.
Regards,
Hi emmosophos ,
thanks for your feedback - that one time schedule technically works for my need.
For the specific use-case of ours, the bad thing here (same with the competitors) is, that this requires the admin to first create the schedule outside the firewall rule in the profiles menu which is quite a lot of clicking. Only after that, you can add it to the firewall rule.
It would be much more convenient to have this available directly in the firewall rule like a timer toggle and a flexible option like "1 hour/minute(s) etc. upon save". Or even a "one time" schedule there.
You could perform this via API at your time? [Python] Getting Started with the Sophos Firewall SDK
__________________________________________________________________________________________________________________
Currently I'm not using API for Sophos Fw. Probably it's possible to do it that way. I'm unsure if this is a plus in usability. Just for this special case here. e.g. it should not be required to clean up all the "one time" schedules that have been created.