Skip to content
XG Firewall v17.1
Products and Services PRODUCTS & SERVICES

XG Firewall v17.1. See clearly.

Perfect visibility, even when the outlook's cloudy.

XG Firewall v17.1 is coming, and it’s bringing Cloud Application Visibility with it – a capability that lets you see into the cloud, lighting up the shadow IT in your network’s dark corners.

Cloud Application Visibility turns XG Firewall into a Cloud Access Security Broker (CASB) device. Sitting between your users and the cloud, it monitors activity and enforces security policies, identifying and protecting data that’s at risk.


A CASB device protects your data in the cloud by delivering:

  • Visibility – providing insight into the cloud services being used to store data.
  • Compliance – ensuring data in the cloud meets residency and compliance requirements.
  • Data Security – including encryption, access control and rights management.
  • Threat Protection – stopping malicious insiders and compromised accounts.

CASB in XG Firewall v17.1

The latest version of our next-generation firewall makes it easy to see how cloud services are being used. It roots out shadow IT in the cloud, alerts you to undesirable and unauthorized behavior, and gives you the application control and traffic shaping tools you need to manage it all.


XG Firewall’s new Control Center widget gives you an at-a-glance view of your network’s new, sanctioned, unsanctioned and tolerated cloud apps.

Drill down and you’ll find a detailed report on each application, its users, traffic and level of risk. Access to traffic-shaping policies is just a click away, making it easy to get unwanted cloud application usage under control quickly.

And that’s not all…

New features in v17.1

Synchronized Application Control

We’ve made managing newly discovered applications even easier – including options to search, filter and forget them. You’ll also see that categories assigned to newly discovered apps appear in the list now, for easy reference.

Email security

Version 17.1 of XG Firewall lets you manage users with individual SMTP block and allow lists, via the User Portal. Domains or email addresses in the allow list bypass policies (except for malware or sandboxing enforcement), while emails from senders matching domains or addresses in the block list are quarantined automatically.

It also supports more flexible SMTP policy exceptions to provide parity with Sophos SG UTM.

SSL VPN port option

You’ve requested the option to customize the SSL VPN listening port, so get ready to see it in v17.1!

Firewall enhancements

Enhancements have been made to the firewall and rule management to improve flexibility, streamlining management even further.

You can now double click a firewall rule in the list to open it for editing; there’s a new option to block Google’s QUIC protocol, ensuring that all traffic uses regular HTTPS so it can be filtered and scanned; and there is now added flexibility in defining ACL exceptions, to restrict access to services like the User Portal from a single alias, for example.

Wireless enhancements

This update provides wireless networking enhancements including the option to set the channel width for wireless radios in the GUI, as well as Radius Accounting.

Arriving June 2018

XG Firewall v17.1 arrives in early June, as a free upgrade for all existing customers. To take advantage of the new Cloud Application Visibility feature you’ll need a license for the Web Protection Module in XG Firewall (or one of our value bundles).

If you’re new to XG Firewall, you can take a free 30-day trial or explore our online demo.


And what about basic functionality that’s still lacking in the GUI like defining DHCP options on a scope? Something I can do with a $50 router from our local store but XG has still yet to implement it. How about the ability to rename an interface? We have a whole block of public IPs and names like #Port2:123 gets a little confusing when trying to create rules for a specific IP – same goes for VLAN interfaces. When will these highly requested and basic features see their way to a release?


Hi Wayne, the features you mention are on the roadmap for sure. Thanks for your support and patience.


In v17.0 we can’t disable restricted Youtube mode selectively while using web proxy when Enforce SafeSearch is enabled. Will v17.1 bring granular control over Youtube restricted mode ?


In v.17.1 will SOPHOS read all the groups that the user is not AD member, or have they not corrected that?


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!