As most of you know, we have released the XG firmware v18 MR3 with security and hardening enhancements, including SSMK (secure storage master key) for the encryption of sensitive data. We wanted to ensure everyone is aware of the new security feature. To benefit from this new security enhancement, additional fixes, and performances, make sure to update to v18 MR3.
The secure storage master key provides extra protection for the account details stored on the XG Firewall. The key encrypts sensitive information, such as passwords, secrets, and keys, preventing unauthorized access. The accounts have access to services, such as directory services, email servers, FTP servers, and proxies. They also include user accounts stored on the XG Firewall.
You don't enter the master key when you export a configuration.
A different XG Firewall.
The current device if you reset or reimaged its firmware after exporting the configuration.
For more information, please see the Sophos Firewall OS Secure Storage FAQ.
I don't want to use a master key. This is something we don't need and will just make life more difficult for our staff who manage more than 150 different Sophos XG devices.
"Until you create the master key, scheduled backups will run but wont benefit from the extra protection"
Yet I can't click on "backup now" because it comes up with an error saying I have to create a key.
This exception is only for the scheduled backups!
Yes, I've worked that out, but it should be for manual backups as well.
Sophos should be giving us a choice, not forcing out hand to make our jobs harder.
I never got a popup to create the key. There was an alert in the alert list but when I try to set the key I just get an error "Couldn't set the secure storage master key.". Also all 19 access points are offline and despite 3 escalations within Sophos Support they still haven't got them going yet, 24 hours later, which i'm pretty sure is related to the SSMK issue (logs reporting an issue with key length).
Thank you for reaching out!
Your case has been escalated to Development under the ID NC-65133
Agreed. @Sophos, please change as an option that can be opted out of. I don't want this alert every time we log in.
Where do I create the password? I pressed skip and can't find where to enable it.
You should see the SSMK setup prompt on your next login.
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.