Skip to content

Advisory: Sophos XG Firewall: Asnarok Vulnerability - Actions required for CFM managed devices


This article outlines the remediation steps for any XG Firewall with a severed connection to Central Firewall Manager (CFM).

Note: These steps are not required for Sophos Central managed devices.

The following sections are covered:

How to identify an XG Firewall with a severed CFM connection

To identify affected devices, login to CFM and navigate to the Managed Devices page.

  1. View the status of your managed devices list
  2. Determine which firewalls require remediation by observing the red connection status icon which indicates a severed connection

Start remediation process by resetting management settings on XG Firewall

  1. Login to the affected XG Firewall admin portal
  2. Navigate to Administration > Central Management
  3. Select Off for “Manage your firewall using”
  4. Click Apply

Next steps to remediate

  1. Select On for “Manage your firewall using”
  2. Select Sophos Central Firewall Manager (CFM)
  3. Click Apply

Final remediation steps to repair the severed CFM connection

As mentioned in KBA 135412, please ensure that you have changed the device administrator account password. Once complete, then perform the following steps to supply that password to CFM.

  1. Navigate to Managed Devices > Devices > Select the appropriate device from the list

  2. Click Change Password to update with the new credentials

Previous article Advisory: Sophos Central Maintenance scheduled

More Sophos News Posts