Hi all,
Sophas has just released it, and finally they did fix this:
New Backup and restore assistant
Release notes:Sophos Firewall OS v20 MR2 is Now Available – Release Notes & News – Sophos Firewall – Sophos Community
Sophos Firewall v20 MR2 includes important enhancements such as an exciting new backup and restore assistant, Active Directory SSO improvements, and Web protection optimizations.
New Backup and restore assistant
The new Sophos Firewall backup and restore assistant enables firewall configuration backups to be easily restored on a different firewall appliance with flexible interface mapping options. This makes it easy to upgrade Sophos Firewall XG Series to XGS Series, upgrade any XGS Series model to any other XGS Series model, or even migrate to or from software or virtual appliances. This also means you can easily migrate interfaces to higher-speed ports on your new or upgraded firewall.
You can also get creative and export a configuration template from a virtual appliance and then restore it on multiple hardware or virtual deployments to simplify repetitive configurations.
Easily map interfaces from the old to the new appliance
There are a few dependencies or pre-requisites to take full advantage of this new assistant:
- Backups of XG Series appliances should be made using v19.5 MR4, v20, or later.
- Backups of XGS Series appliances need to be made using this release: v20 MR2 (or later)
This video covers the prerequisites and how to use this new assistant in more detail:
Check compatible devices to restore backups
You can also check the compatibility of the appliances you plan to backup/restore and see the exact port configuration (including available flexi port modules) using anew tool that is available at: Check compatible devices to restore backups
Check the compatibility of the models you plan to backup and restore
Additional enhancements in Sophos Firewall v20 MR2:
- Active Directory Single Sign-on adds support for performing the Kerberos/NTLM handshake over HTTP or HTTPS for a more transparent SSO experience when HSTS is enforced.
- Active Directory Single Sign-on now provides improved support for high-availability failover situations.
- Web Protection performance is enhanced by reducing the system load when enforcing SafeSearch, YouTube restrictions, Google App login domain, or Azure AD tenant restrictions
- Web Protection cipher customization now enables you to strike the best balance for your network between cipher compatibility, security, and audit compliance
Issues Resolved:
- Resolves 45+ important performance, reliability, stability and security fixes.