MSP Management


This looks pretty exciting. I seen in the release it mentioned it's use for MSP Partners. My question is, does that mean it's coming online in Central Partner for controlling customer firewalls (Firewalls attached to managed customer portals) or manually added to management in some other way? -- I'm guessing this would replace the current central firewall manager stuff...


If not, is this in the plans for anytime soon?


I could have all of our customer firewalls managed in our Central Admin account however I believe that would break heartbeat related function and whatnot...



  • Hey Andrew,

    Full MSP support within the partner dashboard is planned, but isn't part of this release. You can manage customers one-customer-at-a-time from your CPD login, by connecting via SSO to each customer account. Full integration into CPD is very high on our priority list, primarily because it will make it easier for partners to move away from CFM sooner. This release is step one. Step two, will be to extend groups into the partner dashboard, similar to how other Sophos products are, using Global Policies. 

  • That sounds like what I was imaging and I'm thrilled to see it coming in the near future. We grew away from CFM as it was having issues seeing new firewalls we approved for it and whatnot. It will be nice to be able to push global policies to firewalls and I suppose if there is a conflict, it will let me know (not exactly sure how that will be handled). But pushing global 'custom' Web/SSL/TLS policies to devices as our custom 'default' along with other policies will be nice.

    It will be key as these are firewalls of course, to ensure we can still edit everything manually (or at least most things) on the individual firewall. This may be obvious but I thought I'd mention it.

  • we also plan to support object/rule/settings locking, so that configuration pushed from Central can be guaranteed to work as expected, over time. That's not topmost on the roadmap, but is a high priority. Once implemented, local changes will still be possible, but by locking rules pushed by Central, and allowing them to be pinned topmost or bottom-most, there will be a clear and controlled expectation of behavior between central and local changes, as well as supported methods to override Central rules locally, if needed in special circumstances.