Firewall reporting

By default, the firewall on an endpoint computer reports state changes, events, and errors to Sophos Enterprise Console.

Firewall state changes

The firewall regards the following as state changes:

  • Changes to the working mode
  • Changes to the software version
  • Changes to whether the firewall is configured to allow all traffic
  • Changes to whether the firewall complies with policy

When you are working in interactive mode, your firewall configuration may deliberately differ from the policy applied by Sophos Enterprise Console. In that case, you can choose not to send "differs from policy" alerts to Sophos Enterprise Console when you make changes to certain parts of your firewall configuration.

For more information, see Turn reporting of local changes on or off.

Firewall events

An event is when the endpoint computer's operating system, or an unknown application on the endpoint computer, tries to communicate with another computer over a network connection.

You can prevent the firewall from reporting events to Sophos Enterprise Console.

For more information, see Turn off reporting of unknown network traffic.