Sophos - Central SD-WAN Orchestrator now available as Early Access
Sophos
If you've ever set up more than a few VPN tunnels between different firewalls, you know how time-consuming and tedious the process can be. With Sophos Central Orchestration, connecting VPN tunnels between multiple Sophos firewalls becomes a quick and easy task.
With the new SD-WAN VPN orchestration tools in Sophos Central, you can share network resources across a distributed network with just a few clicks. Whether you need a full mesh network, a hub-and-spoke topology, or something in between, Sophos Central automatically takes care of all the necessary tunneling and firewall setup to enable your SD-WAN overlay network.
You simply select the firewalls you manage that will participate in the SD-WAN interconnection group, and then select the network resources each site will have access to. With the flip of a switch, you'll see your SD-WAN VPN overlay network come to life as all the necessary firewall access rules and tunnels are automatically created for you.
What you need to take advantage of these benefits
There are three prerequisites for Central SD-WAN VPN Orchestration:
- Participating firewalls must have SFOS v18.5 MR1 installed (hier erhältlich)
- Participating firewalls must be managed via Sophos Central (Anleitung hier)
- Participating firewalls must have a trial version or license for Central Orchestration (see below)
Central Orchestration is a new licence subscription available as a 30-day trial on all Sophos (XG) Firewall devices with SFOS. Central Orchestration is included at no extra cost in the new Xstream Protection Bundle for Sophos Firewall and is also available as a separate licence subscription.
While all Sophos (XG) Firewall licenses will be migrated to the new licensing scheme over the next few weeks, you can activate a Central Orchestration trial now (before the migration) via MySophos to start using EAP immediately:
- Log in to the MySophos portal at Sophos.com/mysophos
- Navigate to: Network protection > View devices and click the device you want to activate the trial for to open the licence details for that device
- Check the box to try Central Orchestration and click "Try Now" (see screenshot below)
- The licence update will be synchronised with the firewall within 24 hours, but you can also synchronise manually from the firewall under Administration > Licensing.
Central Firewall Reporting Advanced
The new Central Orchestration subscription license also includes Central Firewall Reporting Advanced with a 30-day data retention in Sophos Central. This allows you to take advantage of all the great new Sophos Central reports and custom reporting tools to gain deep insights into your entire inventory of firewalls or any firewall group.
You can easily extend data retention up to one year with additional storage licenses. In addition, Central Firewall Reporting Advanced also includes the Sophos XDR/MTR Connector, which enables firewall data sharing for cross-product Extended Detection and Response and Sophos 24/7 Managed Threat Response Service.
Sophos Central Firewall features coming soon
Sophos Central SD-WAN VPN Orchestration is expected to be generally available in early August, but the team is continually adding new firewall management and reporting features to Sophos Central. In the coming weeks, two additional features will be introduced to Central Orchestration that will make it even more helpful:
- Support for multiple WAN links to enable redundant tunnels across two WAN links. The current implementation only supports a single WAN link. This enhancement is expected in September.
- Improved support for NAT'd firewalls to add more scenarios for firewalls behind NAT devices to increase flexibility. This is expected to be introduced after GA.
In addition, new central management and reporting features are planned for later in the year, including:
- Improved partner dashboard inventory view
- Optimised onboarding of new firewalls for partners
- Pinning of firewall rules
- Improvements in backups and alerting
- Management APIs
- Added support for AWS regions
- Numerous usability improvements
If you are interested in a Sophos Firewall, or any other company's security solution, we are happy to offer a free initial consultation. Simply contact us via phone, email or our contact form.