Sophos Central Firewall Manager
Guide for PartnersSophos Central Firewall ManagerDocument Date: December 2018December 2018Page 1 of 24
Guide for Partners - Sophos Central Firewall ManagerContentsChange log .3Terminology Convention .4Overview .5Prerequisites .5Compatibility Matrix .6Process - Onboarding Sophos Firewalls to CFM . 61.Log in to Sophos Central Partner . 72.Sign up for Sophos Central Firewall Manager . 93.Send Request to Manage Firewalls . 124.Approve Firewall Management Request(s) . 135.Configure Central Management Settings on Firewall . 15Push Mode . 15Fetch Mode. 176.Manage Firewalls .18Advanced Settings .20Available Resources .24Technical assistance .24December 2018Page 2 of 24
Guide for Partners - Sophos Central Firewall ManagerChange anged document name and updated the content by categorizing steps.Updated Process – Onboarding Sophos Firewalls to CFM.17-04-2018Updated screenshots for Configure Central Management Settings on Firewalland Manage Firewalls. December 2018Updated Configure Central Management settings on Firewall section.Updated Compatibility Matrix and added Compatibility Guide hyperlink.Page 3 of 24
Guide for Partners - Sophos Central Firewall ManagerTerminology ConventionTerminologySophos FirewallMySophos/MySophos portalSophos Partner PortalSophos Central PartnerDescriptionXG firewalls, SG UTM and Cyberoam appliancesrunning on SFOSPortal used by Sophos end-users to register Sophos firewallsdownload upgradesmanage subscription licensesapprove request for firewall managementPortal used by Sophos Partners to track devices and licensesmanage opportunitiesleverage sales and marketing toolsA single place for partners to go to manage thelicensing, usage, and trials for Sophos Centralproducts across their entire customer base.Also offers aggregated alerts and links directly toSophos Central Admin to provide support to theirmanaged customers and more.Sophos Central Firewall Manager/CFMFirewall Registrant or MySophosAccount UserPrimary Partner Contact or PrimaryAdministratorNon-primary Partner Contacts orNon-primary Administrator orSecondary AdministratorDecember 2018Cloud based centralized management service toconfigure and manage multiple Sophos Firewalldevices from a single console.User who has registered the firewall in MySophosaccount, either a partner or a customer.The primary point of contact of a partner registeredwith Sophos who can access Sophos Central Partner.Users registered under partner account who canaccess Partner Portal and Sophos Central Partnerexcept primary partner contact.Page 4 of 24
Guide for Partners - Sophos Central Firewall ManagerOverviewSophos Central Firewall Manager is a cloud based centralized management service whichenables Sophos Partners to configure and manage multiple Sophos Firewall devices from asingle console.As a Partner you can also: Manage and support Customers anywhere, anytimeCreate new revenue stream by offering managed services to CustomersSave on support cost, time and effortsSophos Central Firewall Manager (CFM) is currently available only to Sophos Partners and isaccessible via Sophos Central Partner. Partners can configure and manage Sophos Firewallssold by them and linked to their account in Sophos Systems. However, Evaluation hardwaredevices used for PoC purpose and Demo devices used by partners cannot be managed throughCFM.The target audience for this guide are partners/MSPs who own the device as well as managethem and partners/MSPs who manage the devices owned by customers.Prerequisites Partner must have access to Sophos Partner Portal.Sophos account manager must enable Sophos Central Partner access.Sophos Firewall must be: Registered on MySophos Accessible via InternetDecember 2018Page 5 of 24
Guide for Partners - Sophos Central Firewall ManagerCompatibility MatrixPlease refer to Compatibility Guide.Process - Onboarding Sophos Firewalls to CFMDecember 2018Page 6 of 24
Guide for Partners - Sophos Central Firewall Manager1. Log in to Sophos Central PartnerYou can access Sophos Central Partner via: Sophos Central PartnerPartner PortalSophos Central PartnerLog in using the following link and your Partner Portal nerSophos Central Partner access requires a two factor authentication (2FA). That requiresusername and password together with a piece of information only known to the Partner.December 2018Page 7 of 24
Guide for Partners - Sophos Central Firewall ManagerPartner PortalLogin to Sophos Partner Portal (http://www.sophos.com/partners) and click Manage SophosCentral to continue with 2FA process to access Sophos Central Partner.December 2018Page 8 of 24
Guide for Partners - Sophos Central Firewall Manager2. Sign up for Sophos Central Firewall Manager Go to Sophos Central – Firewalls Firewall Approvals and click Send Request. Terms and Conditions of CFM service are displayed. Click ‘I Accept’ to proceed.Only primary administrator can accept terms and conditions for partner. Sophos Systems receives your request for approval. Click Check Status to view the status of your request.December 2018Page 9 of 24
Guide for Partners - Sophos Central Firewall Manager You receive a confirmation email once the request is approved. Now you can view and manage firewalls through Sophos Central – Firewall. Firewall CustomersView list of Firewall Customers and Firewalls per Customer and track earliest licenseexpiry of firewalls. Firewall ApprovalsView and manage firewall management requests.December 2018Page 10 of 24
Guide for Partners - Sophos Central Firewall ManagerFirewalls linked with the partner account may have following status: Requests Not Sent: Shows list of firewalls not yet requested for management.Approval Pending: Firewalls requested for management but pending approval.Rejected by Customer: Firewalls requested for management but rejected bycustomer.Revoked by Customer: Managed firewalls for which customer revokedpermission.Rescinded by Partner: Managed firewalls for which partner rescindsmanagement.Approved Firewalls: Firewalls approved by customer for management.All Firewalls: List of all firewalls with status. Manage FirewallsLaunch Firewall Manager to configure and manage firewalls.December 2018Page 11 of 24
Guide for Partners - Sophos Central Firewall Manager3. Send Request to Manage Firewalls Go to Sophos Central – Firewalls Firewall Approvals to view the firewalls linkedto your partner account.Under Requests Not Sent, select the firewall device and click Request to Manageto send a request to customer asking for approval.Once you send the request, the device moves to Approval Pending from RequestsNot Sent and an email is sent to the customer notifying about this request.If a Non-Primary administrator sends a request, the primary administrator receives anotification.A firewall can be linked to only one partner account at any given point of time.If you are not able to see the firewall, contact Channel Account Manager.Notification for firewall management requestCustomer receives a notification email with a link to respond via registered MySophos account.December 2018Page 12 of 24
Guide for Partners - Sophos Central Firewall Manager4. Approve Firewall Management Request(s) Customer must login to MySophos account and go to Network Protection View Devicesto view the request(s) sent by the partner.The status and partner information of the firewall management request is displayed underSophos Central Firewall Manager access as Approval Pending.Customer can view details of the partner who initiated the firewall management request, inthe tooltip on the partner company name.Customer can take following actions: Accept Selected – To accept management request for selected firewalls. Reject Selected – To reject management request for selected firewalls. Revoke Selected – To revoke management request for selected firewalls. Accept All Awaiting Approval – To accept all management requests in a click. Reject All Awaiting Approval – To reject all management requests in a click. Revoke All Managed – To revoke all managed devices in a click.To approve the firewall management request(s), customer can either click Accept Selectedunder Central Firewall Manager Access dropdown below the device list or approve all requestsat once by clicking Accept All Awaiting Approval. Click OK to confirm the action.December 2018Page 13 of 24
Guide for Partners - Sophos Central Firewall Manager The status of the requested device changes to Managed.The partner and the customer receive an approval notification email.Notification for Firewall Management Approval The customer receives an email confirming the approval with further guidelines.The customer and partner are notified even if the request is rejected or the permissionsare revoked for an already managed device.December 2018Page 14 of 24
Guide for Partners - Sophos Central Firewall Manager5. Configure Central Management Settings on FirewallAfter approving the firewall management request(s) on MySophos, the customer needs toconfigure Central Management settings on the firewall(s). To configure these settings; Login to XG Firewall. Go to System Administration Central Management. Turn on Central Management Settings to manage your firewall using CFM.Push ModeUser should enable HTTPS Service on WAN management/WAN Zone in firewall device andcreate a firewall rule to enable it only for CFM.December 2018Page 15 of 24
Guide for Partners - Sophos Central Firewall ManagerSteps to create firewall rule: Go to Protect Firewall Add Firewall Rule.Enter a Rule Name.Select Accept as Action.Select WAN in Source Zones.Select the FQDN Host created for CFM in Source Networks and Devices. Select LAN as Destination Zones.The FQDN Host for CFM should be created with the FQDN as “use1.cfm.sophos.com”Click Save.December 2018Page 16 of 24
Guide for Partners - Sophos Central Firewall ManagerFetch ModeOnce the central management settings are configured on the firewall device, the device appearsunder the Discover notification at the top right of CFM as well as on the dashboard asFirewalls waiting for addition.December 2018Page 17 of 24
Guide for Partners - Sophos Central Firewall ManagerUser doesn’t need to enable WAN management on firewall device. All authorized CFM administrators can add devices to CFM from Discover notificationor from Firewalls waiting for addition on the dashboard.If central management settings are not configured on firewall device it appears underSystem Management Account Settings Accounts Device Inventory.Only primary administrator can access Device Inventory.6. Manage FirewallsView Firewall ApprovalsTo view list of the firewalls approved for central management go to Sophos CentralFirewalls - Firewall Approvals Approved Firewalls: The firewalls for which requests are denied/revoked by the customer appear underRejected by Customer and Revoked by Customer respectively. Partner can resendrequests for these devices.In case partner decides not to manage a device anymore and chooses to rescind it,the device appears under Rescinded by Partner.December 2018Page 18 of 24
Guide for Partners - Sophos Central Firewall ManagerLaunch Firewall ManagerGo to Manage Firewalls and click Manage. This opens the Firewall Manager in a new tab.Authorized administrator can assign the added devices(s) to other administrator(s) forconfiguration and management., which areOn dashboard, Firewalls waiting for addition displays devices under Discoverwaiting to be added. Firewalls waiting for addition appears only when devices are listed inDiscover.December 2018Page 19 of 24
Guide for Partners - Sophos Central Firewall ManagerAdvanced SettingsTo view and manage list of administrators who can access Firewall Manager go toAdministration Manage Administrators.There are two types of Administrators; Primary and Non-Primary.The Primary administrator has all the administrative privileges including allowing and denyingnon-primary administrators to access CFM and manage firewalls. Please refer to matrix tounderstand privileges associated with each administrator nistratorSign up for CFMEnable other partner users to accessCFMGrant administrative privilegesFor assigneddevices/device groupsGrant device administrator privilegesAdd device(s) to CFM from Discover orFirewalls waiting for addition ondashboardAccess Device InventoryManage Firewall ApprovalsDecember 2018For assigneddevices/device groupsPage 20 of 24
Guide for Partners - Sophos Central Firewall ManagerThe Primary administrator can grant administrator privileges to non-primary administratorsthrough Central Partner as follows:Go to Administration Manage Administrators and enable Manage Firewall for therespective admin you want to allow/deny access to manage firewalls. Go to Sophos Central – Firewalls Manage Firewalls and click Manage. On CFM console open System & Monitor.December 2018Page 21 of 24
Guide for Partners - Sophos Central Firewall Manager Go to Account Settings Administration User. Select user and edit to assign Access Profile and Accessible Device.December 2018Page 22 of 24
Guide for Partners - Sophos Central Firewall Manager To add/remove administrator or to change the Primary Administrator, contact yourChannel Account Manager. To allow another partner user to manage all the devices: Set Access Profile as Administrator for user orSet Access Profile as Device Administrator and specify all the DeviceGroups.For more details click here.December 2018Page 23 of 24
Guide for Partners - Sophos Central Firewall ManagerAvailable Resources FAQ Webinar Customer guideTechnical assistanceFor any queries, contact Sophos Customer Support using one of the following methods: Email id: support@sophos.com Telephonic support: 1-888-767-4679December 2018Page 24 of 24
Sophos Central Firewall Manager/ CFM . Cloud based centralized management service to configure and manage multiple Sophos Firewall devices from a single console. Firewall Registrant or MySophos Account User . User who has registered the firewall in MySophos account, either a partner or a customer. Primary Partner Contact or Primary Administrator
HTTPS Sophos UTM Manager IP Address 192.168.2.200 Sophos UTM (UTM01) Port 4433 Ext. IP Address 65.227.28.232 WebAdmin Port 4444 Port 4433 InternetInte Sophos UTM (UTM03) Sophos UTM (UTM04) Sophos UTM (UTM02) Sophos UTM (UTM06) Sophos UTM (UTM07) Sophos UTM (UTM05) Sophos UTM (UTM08) Customer/Of ce 1 Customer/Of ce 2 Port 4422 Gateway Manager
This section describes the Sophos products required for managed endpoint security: Sophos Enterprise Console Sophos Update Manager Sophos Endpoint Security and Control 2.1 Sophos Enterprise Console Sophos Enterprise Console is an administration tool that deploys and manages Sophos endpoint software using groups and policies.
Sophos Server Protection Sophos Email Protection EMC NetApp Sophos for Network Storage ストレージサーバー 外部用サーバー SafeGuard Sophos Anti-Virus for vShield - VDI Windows Mac Linux Windows クライアント 支店 / 支社 2 Sophos RED Sophos Wi-Fi Ac
Sophos XG Firewall v 15.01.0 – Release Notes Sophos XG Firewall Web Interface Reference and Admin Guide v17 For Sophos Customers Document Date: October 2017
This guide is intended to help you install and get up and running with Sophos iView v2. Reports for Device Type iView v2 provides reports for following device types: - Sophos Firewall OS - Sophos UTM 9 - CyberoamOS Licensing Sophos iView licenses are available in multiple tiers based on storage requirements and support terms
Sep 21, 2018 · Sophos Anti-Virus for NetApp Storage Systems 4 Before you install Sophos Anti-Virus for NetApp Storage Systems Before installing Sophos Anti-Virus for NetApp Storage Systems, you need to do the following: Install Sophos Endpoint Security and Control (antivirus component only
EventTracker: Integrating Sophos UTM 11 Figure 11 . Verify Sophos UTM Alerts 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Alerts. 3. In the Search field, type ' Sophos UTM ', and then click the Go button. Alert Management page will display all the imported Sophos UTM alerts. Figure 12 . 4.
which appear either in the Annual Book of ASTM Standards, Vol 01.05, or as reprints obtainable from ASTM. 1.2 In case of any conflict in requirements, the requirements of the purchase order, the individual material specification, and this general specification shall prevail in the sequence named. 1.3 The values stated in inch-pound units or SI units are to be regarded as the standard .
