Bulk management of XG hosts, services, firewall rules

Central Management supports "Bulk" provisioning. In fact, if you create a object within a Group in Central, it will be distributed to all XGs within this Group. You can work with Subgroups and inherit certain configuration between the groups. 

Central Management is currently focusing on the Customer, meaning you will actually having the complete feature set of CM as a customer. 

Another approach beside API would be Import/export. https://community.sophos.com/xg-firewall/f/recommended-reads/122450/creating-xml-objects-with-notepad-for-mass-import Simply prepare the xml file and upload to all XGs. 

Central Management supports "Bulk" provisioning. In fact, if you create a object within a Group in Central, it will be distributed to all XGs within this Group. You can work with Subgroups and inherit certain configuration between the groups. 

Central Management is currently focusing on the Customer, meaning you will actually having the complete feature set of CM as a customer. 

Another approach beside API would be Import/export. https://community.sophos.com/xg-firewall/f/recommended-reads/122450/creating-xml-objects-with-notepad-for-mass-import Simply prepare the xml file and upload to all XGs. 

I've avoided the group functionality in Central due to the "Assigning a firewall to the group will apply a default configuration to the firewall. It may change the current firewall configurations" warning.  XG's here were already deployed with custom configurations at remote locations prior to the option of Firewall Management in Central so the concern is that grouping now could break them.  Your xml writeup is appreciated.

Thats not completely true. Let me explain, how CM works. CM uses a XML approach with Key value "Name". So to speak, it will check, if your "Name" Object is the same, if not, it will update it with the value of CM. For example ATP: You have Disable ATP (tick box) in CM, it is enabled on XG Webadmin. Using CM, it will remove the tick box and disable the setting. Firewalls for example will not be removed. Only added, if you have new Rules created in CM. 

A new created group is "empty". So there are no firewall rules or Objects. The only Objects are the factory default objects (for example Host objects, created by the wizard, which every XG has). 

Tick box features will be overwritten. See example ATP above.