XG Firewall v17.5 early access program is now live!

Sophos ProductsEarly Access ProgramSophos CentralSynchronized Securityv17.5XG Firewall

The huge new XG Firewall 17.5 release is coming soon, but you can get access now.

The team is hard at work putting the finishing touches on our next major release of XG Firewall, and it is a huge release! XG Firewall v17.5 brings some amazing new Synchronized Security features as well as many of your most-requested features.

XG Firewall 17.5

The best part is you can start taking advantage of many of these new capabilities today, as part of the Early Access Program.

What’s new in XG Firewall v17.5

Here’s a quick overview of the key new features in v17.5:

  • Synchronized Security – lateral movement protection – extends our Security Heartbeat™ automated threat isolation to prevent any threat from moving laterally or spreading across the network, even on the same subnet. The firewall instructs all healthy endpoints to completely isolate any unhealthy endpoints.
  • Synchronized User ID – utilizes Security Heartbeat™ to greatly streamline authentication for user-based policy enforcement and reporting in any Active Domain network by eliminating the need for any kind of server or client agent.
  • Education features – such as per-user policy-based control over SafeSearch and YouTube restrictions, teacher enabled block-page overrides, and Chromebook authentication support.
  • Email features – adds Sender Policy Framework (SPF) anti-spoofing protection and a new MTA based on Exim, which closes a couple of top requested feature differences with SG Firewall.
  • IPS protection – is enhanced with greatly expanded categories enabling you to better optimize your performance and protection.
  • Management enhancements – including enhanced firewall rule grouping with automatic group assignment, and a custom column selection for the log viewer.
  • VPN and SD-WAN failover and failback – including new IPSec failover and failback controls and SD-WAN link failback options.
  • Client authentication – gets a major update with a variety of new enhancements such as per-machine deployment, a logout option, support for wake from sleep, and MAC address sharing.
  • Sophos Connect – is our new IPSec VPN Client, free for all XG Firewall customers, that makes remote VPN connections easy for users, and supports Synchronized Security.

In addition, coming in a following maintenance release we have:

  • Wireless APX access point support – provides support for the new Wave 2 access points providing faster connectivity and added scalability.
  • Airgap support – for deployments where XG Firewall can’t get updates automatically via an internet connection (due to an “airgap” or physical isolation) – XG Firewall can now be updated via USB.

Sophos Central management of XG Firewall

With v17.5, XG Firewall is also joining Sophos Central. The Early Access Program for Sophos Central Management of XG Firewall is expected to start soon.

You will be able to manage XG Firewall from within Sophos Central along with all your other Sophos Central products. And there’s a few great new features coming along with Sophos Central Management of XG Firewall:

  • Secure access and management with single-sign-on through Sophos Central from anywhere.
  • Backup management and storage for your regularly scheduled firewall backups.
  • Firmware update management to make multiple firewall updates easy.
  • Light-touch deployment to enable easy remote setup of a new firewall.

Get early access now!

Head on over to the XG Firewall Community Forums to get the v17.5 EAP firmware update, additional information on what’s new, and to share your feedback with the Sophos Product Team and the rest of the community.


Hi, how dose this Featuer Work?
Synchronized User ID – utilizes Security Heartbeat™ to greatly streamline authentication for user-based policy enforcement and reporting in any Active Domain network by eliminating the need for any kind of server or client agent.



Hi Sten, Once the user on the endpoint is authenticated to ActiveDirectory, the Sophos Endpoint will send the login information to XG Firewall via Security Heartbeat that will also authenticate the user to ActiveDirectory… no agents required. More info here: https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v17-5-early-access/f/sophos-xg-17-5-early-access/108538/sync-sec-important-announcement-on-synchronized-security-features-on-xg-v17-5-early-access


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.