Manage Groups

A firewall template lets you do as follows:

• Apply the same settings to all your customer's firewalls in a group.
• Stop customers from changing the settings for the groups you manage. Customers can create nested groups and override specific settings in your managed groups.
• Update templates and push changes to your customers.
• Click your template name to see and manage your firewall groups on the Firewall Management - Firewalls page in Sophos Central.

Under Name, you can click the arrow next to the group name, then click the arrow next to the subgroup name to see the firewalls belonging to your customer. Click the HA icon next to the firewall to see HA details. For more information about HA details, see the "Firewalls" tab in this topic.

The icon in the Customers column shows you how many customers are in your template. Click the icon to edit customers.

You can see any warnings associated with the firewalls in your groups in the Synchronization and Management column. Click a warning to get information on what is wrong and what you need to do to fix the issue.

Add template

You can create firewall templates that consist of settings and firewall rules. You can apply these templates to groups of your customers. Click Add Template, add a template name and a description, then click Save. You can also add a template in Settings & Policies. See Firewall templates.

Manage policy

You can change the firewall policy settings and rules for an existing template.

You need to know the following about making changes:

• Your firewall is in a group that indicates it's managed by a partner in Sophos Central Admin.

The group has a two-part name. A Partner Managed Group label and the Sophos Central Partner template name.

• Firewalls in each partner-managed group automatically inherit all the settings and rules you create for the appropriate template.

To change policy settings and rules, do as follows:

1. Click the three dots next to the template you want to change and click Manage Policy.

   This opens the rules and policies for the firewall group that the template applies to.

   

2. Change the firewall rules.

   You can also add new rules or delete rules.

3. Click Back to Firewall templates when you've finished making changes.

Edit template

You can change the name and description for a template. To do this, do as follows:

1. Click the three dots next to the template you want to change and click Edit Template.
2. Amend the details and click Save.

Edit customers

You can review the customers for a template. To do this, do as follows:

1. Click the three dots next to the template you want to change and click Edit Customers.
2. Add any missing customers or remove customers if you need to.
3. Click Save.

Delete

To delete a template, click the three dots next to the template you want to change and click Delete. You need to confirm the deletion.

Customers keep the last changes saved to their firewalls. You can continue to manage the firewalls in Sophos Central Partner by assigning them to another template, or you can manage them individually in Sophos Central Admin.

You can see the following information about your customer's managed firewalls here.

• Name: The name of the customer who owns the firewalls. Click the arrow next to the customer's name to see their firewalls. Click the customer name to go to their Firewall Management - Firewalls page in Sophos Central. Click the HA icon to see details about the HA cluster. You'll see the following HA details:

  • Firewall role in the HA cluster. This can be Primary or Auxiliary.
  • Firewall node number. Example: "Node1".
  • Firewall node information. Example: "Initial primary. Holds license for customer."

  • Last status change. This is the last time the firewall node changed roles. Example: "Friday, April 14, 2023, 11:42 AM".

    Note

    The time corresponds to the local time on your browser. This may differ slightly to the time on your firewall.

  • Firewall node name: The name you gave to the firewall node.

  • High availability mode: The type of HA cluster the firewalls belong to. Example: "High Availability in Active-Passive mode".

  Here's an example of HA details for a firewall.

  

• Group: The group the firewalls are assigned to in Sophos Central.

• Synchronization & Management: The connection status of the firewalls. You can see warnings associated with a firewall in its group. Click a warning to see what's wrong and how to fix it.
• Last Backup Taken: This shows the last time the customer backed up their firewall.

• Version: The firewall's firmware version. There's an icon next to the version that shows the firewall's upgrade status. Click the icon for more information. The icons are as follows:

  Icon	Description
  	Firmware upgrade available.
  	Firmware upgrade successful.
  	Firmware upgrade failed.
  	Firmware upgrade scheduled.
  	Firmware upgrade in progress.

  Example: If you click the blue arrow icon, you'll see something like this:

  

• IP Address: The firewall's IP address.

• Model: The firewalls' model.
• Serial Number: The firewalls' serial number.

You can search for existing firewalls by Name, Serial number, Model, and Version. You'll see a Customer column when you get your search results. You can click the customer name in this column to go to their Firewall Management - Firewalls page in Sophos Central.

Access firewalls

You can access firewalls directly from Central Partner.

To do this, click the arrow next to the customer name to see their firewalls, then click the blue link in the Name column.

Connecting to the firewall may take 30 seconds or more, depending on your internet connection. When you're connected, the firewall's web admin console appears.

To go back to Central Partner, click Back to FW Management.

Upgrade firmware

You can upgrade firewall firmware immediately, or schedule upgrades.

You can schedule firmware upgrades across multiple customers.

Upgrade a firewall's firmware

1. Click Firmware upgrade at the top of the page. You'll see the following window:

   

   Note

   You can also click the three dots next to the firewall you want to upgrade or click the arrow next to the current firmware version.

2. Select the firewall you want to upgrade.

   You must upgrade the primary device if you have High Availability (HA) set up in active-passive mode. The auxiliary device is grayed out.

   For more information about upgrading HA devices, see Upgrading HA.

3. From the drop-down menu, select the firmware version you want to upgrade to.

4. Optional: Click the icon next to the firmware version to see information about it.

5. Click Choose schedule. You'll see the following window:

   

6. Select an upgrade option. You can choose from the following options:

   • Now: Upgrade the firewall immediately.
   • Custom: Choose a date and time to upgrade the firewall. The schedule runs at the local date and time of the firewall.

7. Click Save.

To see the current status of the firmware upgrade, click the Refresh button at the top of the Firewalls page.

If there's an issue migrating your firewall's configuration during the update process, we automatically roll back your firmware version. See Sophos Firewall: Automatic firmware rollback.

Upgrade multiple firewalls' firmware

To upgrade multiple firewalls at the same time, do as follows:

1. Click Firmware upgrade at the top of the page. You'll see the following window:

   

2. Select the firewalls you want to upgrade. Choose the region your firewalls are in from the drop-down menu.

   You must upgrade the primary device if you have High Availability (HA) set up in active-passive mode. The auxiliary device is grayed out.

   For more information about upgrading HA devices, see Upgrading HA.

3. From the drop-down menu, select the firmware version you want to upgrade to.

4. Optional: You can click the icon next to the firmware version to see information about it.

5. Click Choose schedule. You'll see the following window:

   

6. Select an upgrade option. You can choose from the following options:

   • Now: Upgrade the firewall immediately.
   • Custom: Choose a date and time to upgrade the firewall. The schedule runs at the local date and time of the firewall.

7. Click Save.

To see the current status of the firmware upgrade, click the Refresh button at the top of the Firewalls page.

If there's an issue migrating your firewall's configuration during the update process, we automatically roll back your firmware version. See Sophos Firewall: Automatic firmware rollback.