Advisory: Sophos XG Firewall: Asnarok Vulnerability – Actions required for CFM managed devices
This article outlines the remediation steps for any XG Firewall with a severed connection to Central Firewall Manager (CFM).
Note: These steps are not required for Sophos Central managed devices.
The following sections are covered:
- How to identify an XG Firewall with a severed CFM connection
- Start remediation process by resetting management settings on XG Firewall
- Next steps to remediate
- Final remediation steps to repair the severed CFM connection
- Related information
How to identify an XG Firewall with a severed CFM connection
To identify affected devices, login to CFM and navigate to the Managed Devices page.
- View the status of your managed devices list
- Determine which firewalls require remediation by observing the red connection status icon which indicates a severed connection
Start remediation process by resetting management settings on XG Firewall
- Login to the affected XG Firewall admin portal
- Navigate to Administration > Central Management
- Select Off for “Manage your firewall using”
- Click Apply
Next steps to remediate
- Select On for “Manage your firewall using”
- Select Sophos Central Firewall Manager (CFM)
- Click Apply
Final remediation steps to repair the severed CFM connection
As mentioned in KBA 135412, please ensure that you have changed the device administrator account password. Once complete, then perform the following steps to supply that password to CFM.
- Navigate to Managed Devices > Devices > Select the appropriate device from the list
- Click Change Password to update with the new credentials