Central synchronization

By synchronizing with Sophos Central, you can use Security Heartbeat to enable devices on your network to share health information. Synchronized Application Control lets you detect and manage applications in your network. Additionally, you can manage your XG Firewall devices centrally through Sophos Central.

  • To register this firewall with Sophos Central and to turn on Security Heartbeat and Synchronized Application Control, select Register.

    Note You will need to use a super admin account to register with Sophos Central.
  • To configure Security Heartbeat, select Optional configurations and add zones to the Missing heartbeat zones field.
    Note Missing heartbeats will be detected only in these zones. If a zone is blocked by a policy but no zone is added here, the Security Heartbeat widget in the control center shows Missing.

If you turn off Security Heartbeat, Synchronized Application Control or Sophos Central management, you are still registered with your Sophos Central account.

  • To clear your registration with Sophos Central, select Deregister.

Security Heartbeat

Security Heartbeat enables XG Firewall and endpoints managed by Sophos Endpoint Protection to communicate through Sophos Central and exchange information on the endpoints’ security status, the so-called health status. XG Firewall administrators as well as Sophos Central administrators are able to define policies for network access based on the endpoints’ health status. Endpoints with security incidents can be immediately isolated thus preventing threats to spread across the network.

Endpoints authenticate through Sophos Central. For this, endpoints need to run the Sophos Endpoint Protection client which has to be provided by the Sophos Central administrator. Sophos Endpoint Protection ensures that the endpoint belongs to the organization and has permission to access the network. These endpoints send at regular intervals updates about their health status to XG Firewall which in turn applies the defined policies based on that information.

Note XG Firewall will communicate with the Sophos Central IP address,, on port 8437.

To use this feature, register this firewall with Sophos Central.

The Security Heartbeat widget on the Control center page provides information about the health status of endpoints.

Configure the missing heartbeat zones when you turn on Security Heartbeat. Regulate traffic based on heartbeat information in the Advanced section of user/network firewall rules.

For Security Heartbeat to work correctly, the following conditions must be met:
  • There is no traffic routed through a VPN tunnel before the heartbeat connection has been established. Otherwise the heartbeat traffic will also be routed through the VPN tunnel. Thus the firewall cannot see the heartbeat traffic and marks the endpoint as missing. When the endpoint is in missing state, all traffic through the firewall from this endpoint is blocked.
    Note Sophos Connect can send the heartbeat messages generated by a Sophos endpoint if the connection policy allows the heartbeat messages to be sent through VPN. You can configure this in Sophos Connect Admin.
  • The endpoint must not be located behind an intermediate router. Otherwise a missing heartbeat cannot be detected which does not lead to false results and the endpoint will still share its health status.
  • The router must not be a NAT gateway. Otherwise endpoints cannot share their health status with XG Firewall.

Synchronized user ID authentication

When a user signs in to an endpoint, Security Heartbeat sends a synchronized user ID, containing the domain name and username, to XG Firewall. XG Firewall checks the user account with the configured Active Directory server and activates the user.
Note You don’t need to install an agent on the server or on user devices. XG Firewall doesn’t share or use the password.
Note Currently, the following conditions apply:
  • Works only with AD authentication
  • Works with Windows 7 and Windows 10 systems
  • Won’t recognize local users.

Synchronized Application Control

Synchronized Application Control detects application traffic in your network and automatically categorizes known applications. You can categorize and rename unknown applications. You can control application traffic based on that information. Interactive application reporting provides deep insight into network traffic.

Clean up application database: XG Firewall can automatically clear applications detected before a certain time period. It then runs a daily check for these applications and deletes them in batches of 100 every five minutes. Applications are also deleted from application filter policies if they were added individually.

To use this feature, register this firewall with Sophos Central.

Note The domain created on XG Firewall needs to be the same as the domain selected on the endpoint.

Sophos Central services

From XG Firewall, you can turn on centralized reporting, management, and configuration backup in Sophos Central. To use this feature, register this firewall with Sophos Central.

After turning on the services, a Super admin must activate them in Sophos Central.



Sophos Central services

Turn it on to configure centralized reporting, management, and configuration backup of this XG Firewall from Sophos Central.

In Sophos Central, select Global settings. Under Administration, select Registered firewall appliances to see the list of registered appliances.

Use Sophos Central reporting

Select to turn on centralized reporting.

In Sophos Central, go to Firewall management > Firewalls. Go to the firewall and select Accept services.

Use Sophos Central management

Select to turn on centralized management.

In Sophos Central, go to Firewall management > Firewalls. Go to the firewall and select Accept services.

Send configuration backup to Sophos Central

If you've selected Use Sophos Central management, select this to save configuration backups in Sophos Central.

In Sophos Central, go to Firewall management > Backup. Specify a backup schedule or generate the backup.

If XG Firewall is on 18.0 MR3 or later, you can schedule firmware upgrades from Sophos Central.

For details of centralized reporting and management, go to Sophos Central help.