As most of you know, we have released the XG firmware v18 MR3 with security and hardening enhancements, including SSMK (secure storage master key) for the encryption of sensitive data. We wanted to ensure everyone is aware of the new security feature. To benefit from this new security enhancement, additional fixes, and performances, make sure to update to v18 MR3.
The secure storage master key provides extra protection for the account details stored on the XG Firewall. The key encrypts sensitive information, such as passwords, secrets, and keys, preventing unauthorized access. The accounts have access to services, such as directory services, email servers, FTP servers, and proxies. They also include user accounts stored on the XG Firewall.
You don't enter the master key when you export a configuration.
A different XG Firewall.
The current device if you reset or reimaged its firmware after exporting the configuration.
For more information, please see the Sophos Firewall OS Secure Storage FAQ.
Agreed. @Sophos, please change as an option that can be opted out of. I don't want this alert every time we log in.
I do not want to use this feature. By its own description, it "provides extra protection", which implies redundant and maybe unnecessary. This should be a opt in feature and not forced onto environments where it is not needed. Not allowing me to perform a manual backup without implementing this only makes administering the firewall more difficult and less useful in my environment. Please change this to an opt in feature.