We are currently using a Sophos SG230 as Firewall / upstream router and configuration management is pure horror. Even manually backuping the configuration after every change will result in un-diffable binary changes to the backup file.
Is there a de-facto standard for routing / firewall configuration as code? I have looked at pfsense but it's quite gui bound, too. There is at least a human readable configuration file, but it's hard to group rules in semantic bundles.
Ye olde iptables - you can edit the config file direct, or have it generated frm bash/python/other or various gui apps.
UFW and firewalld might be worth a look. I think Centos comes with firewalld by default but I reverted to iptables as a temporary fix and one day I will look at switching back and learning how it's supposed to work. Honest.
We have started using the REST api:s which are becoming more common in infrastructure appliances. This works so well that a REST api now has become a core requirement when we purchase infrastructure.
Pulling config in json format for storage in svn or git makes for both easy config diffing and human readability. So does creating json codeblocks for pushing onto an appliance from svn or git.
It looks like at least some Sophos firewalls come with a REST api, maybe yours does too?
Building a working set of calls to each and every appliance can take some time. I suggest using the Postman client for exploring appliance REST methods and for storing working calls. When you have a little library containing all REST calls you want to make against the appliance, converting them to code is quickly done.
