Sophos Firewall Out-of-the-Box Response Integration Setup Primer
Lumu can be integrated with other cybersecurity solutions to streamline response processes, including Sophos Firewall.
The Sophos Firewall Out-of-the-Box integration provides two distinct modes to support the flexibility and capabilities of Sophos Firewall deployments. The Legacy mode is designed for older versions of Sophos and generates URL lists limited to Web Categories. The Enhanced mode, intended for Sophos versions 21 and above, produces IP, Domain, and URL lists that can be used as threat feeds across various firewall modules—not just web filtering.
Each mode has a specific set of features and requirements that need to be accounted for before proceeding with the setup. These will be listed below.
Sophos Legacy OOTB Integration
The Legacy mode is specifically designed to support older versions of Sophos Firewall that have limited integration capabilities. In this mode, the integration focuses solely on generating URL lists categorized under Web Categories, which aligns with the constraints and structure of earlier Sophos implementations. These lists can be used to manage access policies and enforce web filtering rules, but they do not support more advanced features such as IP or domain-based threat feeds. Legacy mode ensures backward compatibility for organizations still operating on earlier firewall versions, enabling them to benefit from basic threat intelligence without requiring a major upgrade.
You can learn more about this integration method here.
Sophos Enhanced OOTB Integration
The Enhanced mode is designed for Sophos Firewall versions 21 and above, offering enhanced functionality to take full advantage of the platform’s modern capabilities. In this mode, the integration generates comprehensive threat feeds that include IP addresses, domains, and URLs—far beyond the limited scope of traditional web category filtering. These enriched feeds can be utilized across multiple firewall modules, such as intrusion prevention, advanced threat protection, application control, and Web proxy, providing a more holistic and proactive security posture. This mode enables organizations to implement dynamic and adaptive security policies, respond more effectively to evolving threats, and leverage the full potential of their Sophos Firewall infrastructure.
You can learn more about this integration method here.
Related Articles
Sophos Enhanced Out-of-the-box Response Integration
Lumu can be integrated with other cybersecurity solutions to streamline response processes, including Sophos Firewall, and among the integration possibilities between Lumu and Sophos Firewall, we have the Enhanced OOTB Integration. The Enhanced OOTB ...Juniper SRX Firewall Out-of-the-box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Juniper SRX Firewall to receive and block adversaries detected by Lumu and improve the detection & ...Sophos Endpoint Protection Out-of-the-Box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. Requirements Sophos Central Sophos Central Account Access. API Token. You can obtain it in the API Token Management console. Lumu License An active Lumu ...WatchGuard Out-of-the-Box Response Integration
This article guides you through the integration process of WatchGuard Cloud with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations. Requirements A WatchGuard Cloud license. It can be any of the ...OPNsense Out-of-the-box Response Integration
This article guides you through the integration process of OPNsense with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations. Requirements OPNsense version 21.1 or above. An active Lumu Defender ...