Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/22.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=configuration-viewer

Config Studio

Sophos Firewall Config Studio is a browser-based tool, which lets you see, compare, and edit firewall configurations quickly and easily. You can see a single configuration, compare two configuration files to see the changes across firewalls or versions, and create and edit configurations.

Note

No configuration data is uploaded or shared outside your browser. All parsing, analysis, and report generation runs locally on your endpoint device, keeping your data private.

Use the tool to see, compare, edit, document, and audit Sophos Firewall configurations.

Reports and highlights

Learn about the configuration reports and key benefits.

Reports

Sophos Firewall Config Studio shows the following reports:

  • Configuration report: See all rules, policies, and settings in a single configuration.
  • Comparison report: Compare two configurations and see the added, removed, modified, and unchanged items.
  • Configuration editor: Add configurations directly or import firewall configurations and edit them in the tool. Download the configurations and import them into the firewall or copy them in API or curl formats for use with these methods.

Key benefits

The key benefits are as follows:

  • See and compare configurations: Filter, search, and review configurations. Compare configurations from the same firewall or different firewalls to identify changes.
  • Create and edit configurations: Create or edit configurations and download them for import to the firewall.
  • Analyze configurations: Find shadowed and duplicate configurations instantly. See the rules and routes that match the source and destination addresses.
  • Trace object usage: See where objects are used in a configuration to troubleshoot and plan changes.
  • Export reports in HTML: Support documentation, reviews, audits, and record‑keeping.

How to use

You must first export the Entities.xml file from your firewall and upload it to Config Studio.

Download the Entities.xml file

You must export and download the Entities.xml file as follows:

  1. In the web admin console, go to Backup & firmware > Import export.

  2. To export the configuration, select one of the following options:

    • Full configuration: Use this to report the entire configuration.
    • Selective configuration: Use this when you only need specific modules for focused comparisons.

  3. Click Download.

    An Entities.xml file is downloaded to your endpoint device.

Use Config Studio

Click the relevant tab to learn more about the required report.

To see the details of a single configuration, do as follows:

  1. To open the tool in your browser, click Sophos Firewall Config Studio.
  2. Click the Configuration report panel.

  3. Upload the Entities.xml file.

    The report lists all configurations from the file. See the example report below.

    Config Studio report.

  4. To see a module's configuration details, click the module.

  5. To check the rules and polices for source and destination match, click Policy test, enter the details, and click Run test. See an example below.

    Configuration viewer report policy test.

  6. To see where an object is used, click Usage reference.

    Configuration viewer usage reference.

  7. To analyze the report for shadowed and duplicate rules and objects, click Analyze. The firewall evaluates rules from the top. After it finds a matching rule, it stops processing additional rules. So, traffic never matches shadowed rules.

    See an example report below.

    Configuration Viewer report analyzer.

  8. To download the report, click Download as HTML.

In the comparison report, you can compare configurations from different firewalls or compare a firewall's previous and current configurations.

  1. To open the tool in your browser, click Sophos Firewall Config Studio.
  2. Click the Compare configurations panel.

  3. Upload the two Entities.xml files.

    The comparison report highlights the removed, modified, added, and unchanged configurations. See the example report below.

    Config Studio comparison report.

  4. To focus on a specific module, click All types, click Deselect all, then select the module.

    Select a module type.

  5. To check the configuration changes, click the module to expand it, then expand one of the categories on the right to show the removed (R), modified (M), or added (A) configurations.

    See an example of modified configurations below.

    An example of configuration changes.

  6. To export the report, click Export HTML in the upper-right corner.

To create, edit, and analyze firewall configurations, do as follows:

  1. To open the tool in your browser, click Sophos Firewall Config Studio.
  2. Click the Configuration editor panel.

  3. You can import or create a configuration:

    • Click Import in the upper-right corner, upload the Entities.xml file, and select an option:

      • Keep all configurations
      • Keep only editable configurations

      The report lists configurations along with an analysis of their usage and whether they duplicate another record. For more information, hover over a record's configuration analysis.

      See the example report below.

      Config Studio report.

    • Click a module on the left panel, click Bulk add or Add, and add the configurations you want.

  4. After you create or edit the configuration, you can click an option in the upper-right corner:

    • Preview: Copy or download the configuration in the following formats, then import or send the configuration to the firewall: Import XML, API Request, or cURL.
    • Download: Download the configuration in XML or TAR formats. You can import the .tar file to the firewall in Backup and restore > Import export.

Video