{"id":6030,"date":"2023-03-13T15:29:03","date_gmt":"2023-03-13T14:29:03","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=6030"},"modified":"2023-03-13T20:27:21","modified_gmt":"2023-03-13T19:27:21","slug":"best-practices-for-securing-your-firewall","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/en-us\/2023\/03\/products\/best-practices-for-securing-your-firewall\/","title":{"rendered":"Best Practices for Securing Your Firewall"},"content":{"rendered":"

Please be sure to share these recommendations with your Sophos Firewall customers or implement them yourself if managing your customer firewalls.<\/p>\n

1. Update The Firmware with Every Release<\/h2>\n

If you only take away one thing from this article, it\u2019s this. And this recommendation doesn\u2019t just apply to firewalls, but all networking infrastructure. Most Sophos Firewall OS firmware updates include important security fixes. The best way to harden the firewall is to ensure it\u2019s running the latest firmware. For Sophos Firewall, we just released v19.5 MR1<\/a> which includes a number of great new features, a significant performance boost, and several fixes.<\/p>\n

You can always find the latest firmware release on the firewall device by simply navigating to Backup and Firmware > Firmware <\/em>(as shown below).<\/p>\n

\"\"<\/p>\n

In Sophos Central, simply click the download arrow for the firewall you want to upgrade and choose \u201cSchedule Upgrades\u201d.<\/p>\n

\"\"<\/p>\n

2. Enable Hotfixes<\/h2>\n

Occasionally, patches for vulnerabilities and other security fixes are released between regular firmware updates. This is done by applying hotfixes to the firewall automatically so its vitally important that this feature be enabled on all firewalls. While it\u2019s enabled by default, some customers and partners have disabled this. If you are one of those, it\u2019s highly recommended you go back and turn this feature on. This feature is found by navigating to Backup and Firmware > Firmware<\/em> \u2013 check that \u201cAllow automatic installation of hotfixes<\/em>\u201d is enabled (as highlighted at the bottom of the first screen shot above).<\/p>\n

3. Limit Access to Firewall Services<\/h2>\n

Sophos Firewall offers a number of ways to limit access to services that are not required to reduce exposure on the WAN. You should periodically check the device access settings and ensure that all unnecessary services are disabled (unchecked) on the WAN (see screen shot below). In particular, it\u2019s strongly recommended that you disable remote admin via HTTPS and SSH, as well as the Captive Portal and User Portal on the WAN. Use Sophos Central, VPN or ZTNA to manage firewalls remotely. See the product documentation<\/a> for instructions on how to manage device access.<\/p>\n

\"\"<\/p>\n

4. Utilize Multi-Factor Authentication and Role-Based Administration<\/h2>\n

Enable multi-factor authentication (MFA) or one-time-passwords (OTP) and enforce strong passwords to protect the firewall from unauthorized access from stolen credentials or brute force hacking attempts.\u00a0 Sophos Firewall supports a rich set of MFA authentication<\/a> options including new Azure AD single-sign-on authentication for webadmin access which can be super convenient (video<\/a> \/ documentation<\/a>).<\/p>\n

\"\"<\/p>\n

Also consider taking advantage of Sophos Firewall\u2019s granular role-based administration<\/a> profiles to limit limit access for administrators of the firewall. Provide read-only access to administrators that don\u2019t absolutely need control over various firewall functions.<\/p>\n

5. Additional Best Practices for Securing Your Network from Ransomware<\/h2>\n

While you\u2019re looking at ways to better secure your customer\u2019s networks, I suggest you take a look at our recommended best-practices for securing the broader network from the latest ransomware and other advanced threats. With Sophos Firewall, your customers are already well on their way to better protecting their network, but there may be other Sophos solutions they are overlooking that can further help secure their organization.<\/p>\n

Download the Guide<\/a> from the Sophos Partner Portal to get the full set of best practices, plus promotional materials to share this handy guide with your customers.<\/p>\n","protected":false},"excerpt":{"rendered":"

A Firewall is the heart of the network helping secure it from risks and threats. And while it\u2019s a security product, and a critically important one, it also needs to be secured.\u00a0 This article outlines some of the best practices for hardening Sophos Firewall.<\/p>\n","protected":false},"author":19,"featured_media":3000002961,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[149],"coauthors":[58],"class_list":["post-6030","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-sophos-firewall"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2021\/04\/featured-image-sophos-firewall-partner-app-icon-1600x960px.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/6030","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/comments?post=6030"}],"version-history":[{"count":2,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/6030\/revisions"}],"predecessor-version":[{"id":6046,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/6030\/revisions\/6046"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media?parent=6030"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/categories?post=6030"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/tags?post=6030"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/coauthors?post=6030"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}