UTM 9.5, including many new features you’ve asked us for, is just around the corner – and we’d like to invite you to join the beta test of the release.
This version builds on our industry-leading protection and performance, with several new features for Web Application Firewall, Sophos Sandstorm sandboxing and to make management and reporting even easier, faster and more flexible.
Here’s a brief overview of what’s new:
Web Application Firewall Enhancements
- WAF URL Redirection gives you the ability to redirect traffic for a WAF protected URL to a different backend system or URL.
- Configure minimum allowed TLS version to improve security.
- WAF protection and authentication policy templates were added for common Microsoft services for protection and authentication.
- True File Type Scanning to be able to block uploads and downloads based on MIME type.
- WAF Proxy Protocol Support to use the client IP info inside the ProxyProtocol header to make policy decisions and improve logging.
Sophos Sandstorm Enhancements
- Datacenter location selection option for Sophos Sandstorm without relying on DNS-based location detection.
- Scan exceptions for Sophos Sandstorm to exclude specific filetypes from being sent to Sophos Sandstorm analysis.
- Sandstorm activity reporting expanded to include email attachments for improved visibility
Management and Reporting Enhancements
- 64-bit PostgreSQL Database to generate reports with big datasets faster.
- Download all UTM logs in a single archive.
- Certificate Expiration Notification 30 days before expiration date via WebAdmin and e-Mail to be able to react early on certificate renewal.
- Support Access with SSH is extending the existing Support Access feature.
- SNMP Monitoring of full filesystem to integrate UTM filesystem monitoring in regular SNMP based monitoring solutions.
- RESTful API to configure Sophos UTM 9
Where to get the beta firmware and provide feedback
The full release notes along with the beta firmware files are in the UTM 9.5 Beta Forums on the Sophos Community Site, where you can also give us your feedback. As usual, we don’t recommend you run beta firmware in a production environment but we highly value and appreciate your contribution in testing the beta and helping make this release the best it can be.
We’re expecting to start rolling out the update to UTM 9.5 at the end of April, so don’t delay if you’d like to be part of the beta test – and we’d really value your input. Click here to join us in the beta test!
I’d love to see more “inline” information mouseover boxes that explain different features and config items. So many things sound very similar, or are just unclear, i think more mouseover explanatory items would be very helpful!
I mis IMAP Support.
Why can’t Sophos support IMAP in Mail-Protection as POP3?
we have problem about remote access .. we could not add domain users to remote access(PPTP) users. do not integrated with domain users
Sad to see that the new MS templates do not include Remote Desktop Web / Gateway support for server 2012 and above. I was really hoping to see a fix for this in the 9.5 release.
Hi Tim, we are looking into support for MS Remote Desktop 2012+, but currently don’t have an estimate when we will have full support added. We will also further expand the available templates over time so do keep checking in here.
New release 9.5 -again hoping for needed Feature – again disappointed.
We still miss mailadress rewriting … for incoming mails like @domain1.de to @domain2.de
It would be very nice if Sophos would be able to implement it.
I think after now waiting about 8 years for the feature to be implemented it would be time for it.
Hi Markus, thanks for your feedback! We’ve passed your comments on to the team who are looking into your feature request, but at this point in time don’t have this planned for any release yet. We are receiving a lot of very valuable feature requests and need to carefully evaluate what we are implementing.
It would be great if we can have this system be able to connect to a system like OpenVPN or NordVPN like pfsense does….