Skip to content

firewallThe firewall team has been working furiously over the last several months on the latest release of XG Firewall and, after an extensive beta, we’re really pleased to announce that XG Firewall v16 is available now.

This release is a major update that includes over 120 new features and enhancements across all areas of the firewall.

It’s easier to use, with new navigation, enhanced logging and troubleshooting tools, and streamlined workflows.

It’s more powerful, with new policy tools that make it easy to build sophisticated web, email, and routing policies custom tailored to your needs.

It’s got more innovative, with new Synchronized Security features like dynamic app identification and new Security Heartbeat™ options that improve protection, response, and visibility into what’s happening on your network.

There’s a complete list of new features below, but you’ll probably prefer to see what’s new first hand: watch the full 8-minute overview video of all the major new features or see the highlights in just two minutes.

How to get it

The new XG Firewall v16 firmware is being rolled out automatically to customer systems, so keep an eye open for the firmware update notification in your firewall. However, if you’re eager to install the update sooner, you can download the firmware update from from the Community Forums (and later via MySophos) and apply it anytime. Watch this video that explains how to update your firmware.

If you’re new to XG Firewall, you can see what all the buzz is about here and you can also sign up for a 30-day free trial.

Tell us what you think

Many of the enhancements in v16 are the result of your feedback and input – so thank you very much for your help in making this a great release! But please don’t stop there. Let us know what’s on your mind by stopping by the XG Firewall Community Forums.

Need help? Have questions? Our Community has the answers.

The XG Firewall Community is also the perfect place to get all your questions answered and is staffed by members of our technical engineering team as well as some very knowledgeable expert members. There’s tons of useful content in the Knowledge Base and, soon, the new How-to Library as well (stay tuned for more on that). I think you’ll be impressed with the quality and quantity of content available there.

What’s new

Control Center and navigation

  • Enhanced Control Center widgets: Several widgets have improved flip-card views or drill-down results including Reports, Interfaces, and Security Heartbeat.
  • Navigation: Left navigation has been expanded to improve access and gain consistency with Sophos Central. Menu items are grouped logically on the left side by task or activity. Second level navigation is now tab-based, enabling quicker two-clicks-to-anywhere access to the most frequently used configuration options. (Note: final tab layout and organization is still being worked on for a subsequent beta build.)

Firewall, network and device configuration

  • Firewall hostname: You can now assign a custom hostname to your firewall.
  • Cloning: Enables easy cloning of existing firewall rules, objects and policies.
  • Policy routes: Route select traffic to a custom gateway based on source, destination or layer-4 service.
  • Firewall to firewall RED tunnels: Site-to-site RED tunnel support.
  • Country filtering improvements: Streamlined implementing country or continent-based filtering in firewall rules.
  • NAT business rule creation: Improved DNAT, Full NAT, and server load balancing rule creation.
  • DHCP server and relay: Support for concurrent DHCP Server and Relay configurations at the same time.

Authentication and diagnostics

  • Two-factor authentication: Improved access security with support for OATH-TOTP one-time passwords directly on the firewall, eliminating the need for a separate 2FA solution. Support for IPSec, SSL VPN, User Portal, and WebAdmin access. We recommend using the free Sophos Authenticator app for iOS and Android.
  • STAS (Sophos Transparent Authentication Suite) UI: STAS configuration has been added to the GUI enabling easy setup without requiring the CLI.
  • Direct live log viewer access: Open the live log viewer in a separate window directly from the Control Center using the magnifying glass at the top of any screen.
  • Live log viewer enhancements: An improved live log viewer which conveniently opens in a new window, with a 5-second refresh option, color-coded log lines, and the option to activate packet capture.

Web and email protection

  • Redesigned web policy model: Flexible new user and group policy creation and in-line editing tools with inheritance that make web policies more intuitive and easy to maintain while dramatically reducing firewall rule count in many situations.
  • Warn action: A new web filtering action in addition to Block or Allow that enables users to proceed to websites only after acknowledging a warning that the site belongs to an inappropriate or undesirable category. This option can be ideal in situations where user education, awareness, and monitoring is desired without strictly prohibiting access.
  • Unscannable content handling: Options to allow or block content that cannot be scanned due to encryption or containers.
  • Google Apps control: Limit access to a selected Google Apps domain to reduce the risk of data loss from users transferring documents to their personal Google Apps.
  • Creative Commons enforcement: Reduce the risk of exposure to inappropriate images by enforcing search engine filters for content with a Creative Commons license.
  • External URL lists: Import external URL lists that require enforcement in certain organizations or jurisdictions.
  • Email per-domain routing: Route incoming mail to the correct destination server, based on the target domain.
  • Full email MTA – store and forward support: Enable business continuity, allowing the firewall to store mail when target servers are unavailable.
  • New anti-spam features (HELO/RDNS): Added anti-spam technology to identify non-legitimate mail sending servers.
  • Email SPX Encryption reply portal: Enable recipients of SPX encrypted emails generated by the firewall to reply securely using a portal on the firewall to draft and send a response.

Synchronized Security

  • Missing Security Heartbeat: Enables the firewall to detect when a previously healthy Endpoint is generating network traffic with a missing Security Heartbeat and automatically identify the system and respond. This may be an indication that the endpoint AV has been tampered with or disabled.
  • Real-time application visibility: Enables the firewall to solicit information from the endpoint to determine the application responsible for generating uncategorized network traffic. This is valuable for gaining insights into network traffic that is unrecognized by other firewall solutions.
  • Destination-based Security Heartbeat: Enables the firewall to limit access to destinations and servers based on the status of their Heartbeat, further bolstering protection from potentially compromised systems until they can be cleaned up. Combined with regular Heartbeat policy enforcement, this can effectively isolate a compromised system completely – both inbound and outbound.

Deployment and hardware

  • Microsoft Azure platform support: Support for deployment in Microsoft Azure as a preconfigured virtual machine from the Microsoft Azure Marketplace with pay-as-you-go or bring-your-own-licensing (BYOL) options.
  • High availability enhancements: HA support for configurations using dynamic (DHCP/PPPoE) interfaces.
  • Improved Security Audit Report: Improved layout, presentation and information for the customer facing Security Audit Report provided after a TAP-mode or Inline-mode Proof-of-Concept deployment.
  • RED 15w support: Adds support for the RED 15w with integrated wireless.
  • AP 15C support: Adds support for the entry-level AP 15C ceiling mount access point.
  • 4x10G 4-Port Flexiport module support for 1U XG Series appliances

Issues addressed

  • Open issues addressed: In addition to new features, this release has closed hundreds of open issues identified since the release of v15 across all areas of the product. Check the release notes for details.
  • Vulnerabilities addressed: A number of vulnerabilities have also been closed with this release, improving the security of your Firewall

What’s next

Now, of course, we’re not done yet by any means. There’s still lots of great things we want to do, but I think you’re going to love the improvements in this release so I encourage you to check it out.



The update to XG is all well and good but it’s still nowhere near the functionality of UTM 9 for many organizations to migrate and for me, certainly, I’d prefer more resource going into 9.5 for utm. Been stuck on 9.4 for some time with no information forthcoming about 9.5 release date


Hey Michael, thanks for stopping by and sharing your thoughts. XG Firewall v16 closed most significant gaps with UTM 9. I think there were 35 UTM features added to XG (I put a list of some of them at the bottom) and there are a lot of features unique to XG as well. But we certainly understand that you still love your Sophos UTM, and we are investing in both platforms and actively working on UTM 9.5 which should be announced in a few months. So stay tuned and thanks for your ongoing support.

UTM 9 features added to XG v16:

Core and Networking:
Two-Factor Auth (OTP) Support
Rule and object cloning
Country and continent objects
Policy-based Routing
Per-Rule Routing

Web and WAF:
Warn Action
Google Apps Enforcement
Unscannable content handling
Creative Commons
3rd Party URL Lists
Cookie based Auth Caching

Full MTA / Store & Forward
SPX Reply Portal
SPX Cover Page & Header/Footer
SMTP Profiles
Domain / MX routing

Site-to-site RED Tunnels
RED 15w Support
AP 15C Support
HA support for dynamic interfaces
SH Key Access to Shell
and more!


Wow! One of the best firewall UI with awesome features that I’ve seen in recent times. I just luv v16- Great improvement over v15. Are there any plans to integrate this firewall with FireEye ?


Thanks Andy, I agree. :) We are planning to bring Sophos Sandstorm to XG Firewall very soon, which will bring cloud-based sandboxing technology that’s just as effective but simpler and more affordable than what FireEye offers.


This looks really nice! Will the community edition receive this as an update we can grab from the UI or would I need to download it to a local PC and install from there?


Hi Byron, The firmware update notification will appear automatically in your console as part of our staged release process, but if you want you can grab the update from the forums as outlined in the story above, download it to your computer and then upload it to your Firewall to get upgraded right away.


Good new feature – but believe there is issues has been fixed was in the old version ( like open vpn in mobile ) – where is the list of issues that has been fixed !!!!


hi, just download firmware for xg210 and install it manually, but it doesnt upgrade, th box still using v15, need advice how to do it.

thank you


Hi there, please watch this video and follow the steps shown to upload, select, and reboot your firewall with the new firmware… If you’re still having issues after that, I would suggest contacting support or dropping by the community forums for advice.


Has an SG to XG upgrade path or tool been released yet? There has been a lot of soon talk for quite a while…


Hi EVO, yes, SG to XG migration tools are being worked on. Of course, the priority has been to get the XG feature set up to par with SG, but now that’s done, migration tools are a higher priority.


I like it. I am was testing the first release of the XG, but the license expired. Where can I download the free home version, not the free trial. And also one thing I can’t go without is the End Point Protection in UTM 9. I love it and I think most people do too. So, will XG ever incorporate that any time soon or never? If not maybe I should stick with my UTM instead.


Hi there… glad you like it. You can download a free for home use version from our Free Tools page… And as for Endpoint, XG Firewall integrates tightly with Sophos Central Endpoint which delivers a lot more features (including Synchronized Security and Ransomware Protection with Intercept) and is actually easier to deploy and manage.


Thank you so much Chris. I just re-install the Firewall and I verified that license was not a trial. I just wish there was an easier way to change the Serial Number from trial to the home edition without having to re-install from scratch. Now it is time to learn it the new features it brings with it. I like the way everything is modulated (categorized) it makes it easier find stuff. Again thank you so much for this fine product.



Are home licensed UTM users eligible to migrate to Sophos Cloud Endpoint Protection as discussed in this KB article: and also the Sophos XG Firewall
v15.01.0 Release Notes? If not, how do UTM home users protect their endpoints with Sophos’ AV software when migrating to XG? Lastly, depending on how the two previous questions are answered, is the Security Heartbeat feature available for home users?

Thank you!


XG 16 looks ok however, we are unable to use it as it does not meet our guidance for compliance. Specifically: There doesn’t appear to be any way or receiving notification of failed logins and no way to change the default admin login name?


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!