The following features are available in the Sophos firewall version 2.x.
Location awareness is a feature of Sophos Client Firewall which assigns sets of rules based on the location of the computer.
A laptop may, for example, be assigned a more restrictive set of firewall rules when it is being used out of the office, since it will not have the added protection of the network firewall. Location is detected using either DNS or default gateway
Note that wireless bridging can be disabled but as part of the device control policy, and not as part of the firewall configuration.
New configuration wizard
The opening screen lets the administrator choose to continue through the wizard or to go into the advanced firewall policy editor which can be used for more granular changes.
Alert only mode
This mode allows you to roll out the firewall to the entire estate and then run in alert only mode whilst all applications on the network are used and discovered. These detections will be sent back to the console and can then be used to build the policy before rolling out a 'live' policy. For more information on how to roll out in this way, refer to Administrator roll-out guidelines for Sophos firewall version 2.0.
Firewall messages are now called events, to distinguish them from the more critical alerts such as virus alerts. They now appear in the event viewer from where they can also be used as part of policy development.
Adding rules via the event viewer
With the new event viewer functionality the administrator can now simply add global rules (that apply to all polices) directly from the event viewer without having to visit each policy individually.
Hidden process detection
The administrator can now disable hidden process detection from the policy.