Central synchronization

By synchronizing with Sophos Central, you can use Security Heartbeat to enable devices on your network to share health information. Synchronized Application Control lets you detect and manage applications in your network. Additionally, you can manage your XG Firewall devices centrally through Sophos Central.

  • To turn on Security Heartbeat or Synchronized Application Control, click Register.
  • To configure Security Heartbeat, click Optional configurations and add zones to the Missing heartbeat zones field.
    Note Missing heartbeats will be detected only in these zones. If a zone is blocked by a policy but no zone is added here, the Security Heartbeat widget in the control center shows Missing.

If you turn off Security Heartbeat, Synchronized Application Control or Sophos Central management, you are still registered with your Sophos Central account.

  • To clear your registration with Sophos Central, click Deregister.

Security Heartbeat

Security Heartbeat enables XG Firewall and endpoints managed by Sophos Endpoint Protection to communicate through Sophos Central and exchange information on the endpoints’ security status, the so-called health status. XG Firewall administrators as well as Sophos Central administrators are able to define policies for network access based on the endpoints’ health status. Endpoints with security incidents can be immediately isolated thus preventing threats to spread across the network.

Endpoints authenticate through Sophos Central. For this, endpoints need to run the Sophos Endpoint Protection client which has to be provided by the Sophos Central administrator. Sophos Endpoint Protection ensures that the endpoint belongs to the organization and has permission to access the network. These endpoints send at regular intervals updates about their health status to XG Firewall which in turn applies the defined policies based on that information.

You must be registered with Sophos Central to use this feature.

The Security Heartbeat widget on the Control center page provides information about the health status of endpoints.

Configure the missing heartbeat zones when you turn on Security Heartbeat. Regulate traffic based on heartbeat information in the Advanced section of user/network firewall rules.

For Security Heartbeat to work correctly, the following conditions must be met:
  • There is no traffic routed through a VPN tunnel before the heartbeat connection has been established. Otherwise the heartbeat traffic will also be routed through the VPN tunnel. Thus the firewall cannot see the heartbeat traffic and marks the endpoint as missing. When the endpoint is in missing state, all traffic through the firewall from this endpoint is blocked.
    Note Sophos Connect can send the heartbeat messages generated by a Sophos endpoint if the connection policy allows the heartbeat messages to be sent through VPN. You can configure this in Sophos Connect Admin.
  • The endpoint must not be located behind an intermediate router. Otherwise a missing heartbeat cannot be detected which does not lead to false results and the endpoint will still share its health status.
  • The router must not be a NAT gateway. Otherwise endpoints cannot share their health status with XG Firewall.

Synchronized user ID authentication

When a user signs in to an endpoint, Security Heartbeat sends a synchronized user ID, containing the domain name and username, to XG Firewall. XG Firewall checks the user account with the configured Active Directory server and activates the user.
Note You don’t need to install an agent on the server or on user devices. XG Firewall doesn’t share or use the password.
Note Currently, the following conditions apply:
  • Works only with AD authentication
  • Works with Windows 7 and Windows 10 systems
  • Won’t recognize local users.

Synchronized Application Control

Synchronized Application Control detects application traffic in your network and automatically categorizes known applications. You can categorize and rename unknown applications. You can control application traffic based on that information. Interactive application reporting provides deep insight into network traffic.

You must be registered with Sophos Central to use this feature.

Clean up application database: XG Firewall can automatically clear applications detected before a certain time period. It then runs a daily check for these applications and deletes them in batches of 100 every five minutes. Applications are also deleted from application filter policies if they were added individually.

Manage from Sophos Central

You must be registered with Sophos Central to use this feature.

  • To configure XG Firewall to be monitored and managed from Sophos Central, click Manage from Sophos Central. The Sophos Central administrator has to accept XG Firewall before you can start managing from Sophos Central.
  • To set a firewall backup schedule, click Configure. The backup will be saved on Sophos Central.