The product team is pleased to announce a major new update for XG Firewall v18 with several great new enhancements.
Security emphasis
Given how much working environments have changed this year, we have accelerated our product security investments, taking a more proactive approach. As a result, this new maintenance release for XG Firewall v18 includes several security and hardening enhancements to better protect your firewall and your data stored within, including SSMK (Secure Storage Master Key) for the encryption of your sensitive data.
There’s also a new CLI option to disable Captcha authentication that was previously introduced as a security hardening measure:
console> system captcha-authentication-global enable/disable/show for userportal/webadminconsole
Remote access VPN
Working from home and makes remote access VPN a vital tool for all organizations these days, and there are important enhancements to remote access VPN in this release:
- Increased SSL VPN connection capacity across our entire firewall lineup. The capacity increase depends on your Firewall model: desktop models can expect a modest increase, while rack mount units will see a 3-6x improvement in SSL VPN connection capacity. Check the latest numbers for your XG Series model. Remember that Sophos XG Firewall is the only firewall that provides remote access VPN up to the capacity of your device – at no extra charge.
- Group support for our Sophos Connect VPN client, which now enables group imports from AD/LDAP/etc. for easy setup of group access policy.
Cloud (AWS/Nutanix) enhancements
Cloud and hybrid network infrastructure continues to grow in importance, and we’re also investing heavily in public cloud support:
- Support for newer AWS instances – C5/ M5 and T3 (#)
- Support for CloudFormation Templates, removing the need to run the installation wizard in some cases (#)
- Virtual WAN Zone support on custom gateways for post deployment single arm usage
- Single-arm deployments are now possible on AWS deployments thanks to an option to assign a zone to your custom gateway objects. This allows you to create access and security rules for traffic going into those zones.
- XG Firewall is now Nutanix AHV and Nutanix Flow Ready. XG Firewall has been validated to provide two modes of operation within Nutanix AHV infrastructure. Learn more.
- Also be sure to check out Sophos Cloud Optix to enhance your security and optimize costs for your cloud environments
Central management and reporting
We are seeing rapid adoption of Sophos Central management and reporting for XG Firewall thanks to rich features that make managing all your XG Firewalls easy. It’s important to note that legacy central management and reporting platforms including CFM/SFM and iView are coming to end of life soon.
Now is the time to move to Sophos Central for your central management and reporting needs, as it offers a modern, scalable, secure platform with a great feature set and an aggressive roadmap.
What’s new:
- XG Firewalls running in an HA configuration (either A-A or A-P) can now be fully managed within Firewall Group Management
- An Audit Trail feature is now available within the Task Queue
- Central Firewall Reporting has recently added the option to save, schedule, and export reports. Learn more.
Coming soon: Next month, a couple of other great enhancements are coming to Sophos Central, including group firewall management from the Partner Dashboard that greatly simplifies multi-customer firewall management, and cross-firewall reporting for better insights into activity across your entire multi-firewall protected network.
HA and other enhancements
XG Firewall v18 MR3 also addresses a number of reported issues with high-availability deployments, SD-RED devices support, and other areas. See the release notes for a full list of fixes.
Upgrade as soon as possible
While we always encourage you to keep your firewalls up to date with the latest firmware, over the next few months we are recommending you rapidly apply maintenance releases to ensure you have all the important security, performance, and feature enhancements applied as soon as possible.
Also ensure you have automatic pattern updates enabled so that you can be assured you have the latest protection updates.
XG Firewall v18 MR3 is an easy upgrade from XG Firewall v17 (MR6+), but be sure to check supported platforms.
How to get it
As usual, this firmware update is no charge for all licensed XG Firewall customers. The firmware will be rolled out automatically to all systems over the coming weeks, but you can access the firmware anytime to do a manual update through the Licensing Portal. You can refer to this article for more information.
Learning more about upgrading to XG Firewall v18
And if you still haven’t upgraded to v18, or are still exploring many of the new features, be sure to take advantage of all the resources available, including the recent “Making the Most of XG Firewall v18” article series that covers all the great new capabilities in XG Firewall v18:
- Xstream architecture, DPI engine, and TLS inspection
- Xstream TLS Inspection for a modern encrypted Internet
- FastPath Application Acceleration and SD-WAN Routing
- Zero-day threat and ransomware protection
- Network address translation (NAT)
- Route-based IPsec site-to-site VPN