New features in the XG Firewall v18 MR5 release

Sophos ProductsXG FirewallXG Firewall v18
XG Firewall v18

Every maintenance release (MR) for XG Firewall v18 brings compelling new features, including a variety of performance, stability, and security enhancements. MR5 is no exception.

What’s new in v18 MR5

VPN enhancements

  • A huge 50% increase in concurrent IPSec VPN tunnel capacity across the line
  • Port 443 sharing between SSL VPN and the Web Application Firewall (WAF)
  • IPSec provisioning file support for remote access via Sophos Connect v2.1

SD-WAN

Authentication

  • Integration with Azure Active Directory (learn more)

Certificate management and security

  • Form enhancements for creating certificate signing requests and certificates
  • Enhanced security for private keys
  • Upload/download support for PEM format certificates
  • Enhanced workflows for certificate management

Synchronized Security

  • Enhanced registration and de-registration in high-availability (HA) installations
  • Missing Heartbeat enhancements to reduce notifications sent for intended/expected changes in endpoint status

Sophos Central Firewall Reporting

  • New Cloud Application (CASB) report
  • MSP Flex Pricing for MSP partners

View the full release notes on the Sophos Community Blog.

Other Recent Enhancements

If you’re not running the latest v18 firmware on your firewall, you’re missing out on a ton of new capabilities and dozens of resolved issues.

In addition to the above, these capabilities have been added in other v18 maintenance releases:

High-availability enhancements

  • Improved FastPath support for active-passive pairs
  • HA support in AWS using the AWS Transit Gateway
  • Setup, reliability, and stability enhancements

VPN and Sophos Connect Remote Access Client

  • A huge increase in SSL VPN connection capacity (up to 3-6x)
  • Remote access IPSec policy provisioning with Sophos Connect v2.1
  • Group support for Sophos Connect which enables imports from AD/LDAP/etc.
  • New advanced options for IPSec remote access
  • Sophos Connect downloads enabled from the user portal
  • Enforcement of TLS 1.2 for SSL site-to-site and remote access VPN tunnels

Synchronized Security

  • A new option for Synchronized App Control to automatically clean up discovered apps over a month old

Cloud platform support

  • Support for new AWS instances (C5/M5 and T3)
  • Support for cloud formation templates
  • Virtual WAN zone support on custom gateways for post deployment single arm usage
  • Nutanix and Nutanix Flow support

Sophos Central

  • Group firewall management via the Partner Dashboard
  • Firmware update scheduling
  • Multi-firewall reporting across firewall groups
  • Save, schedule, and export reports from Sophos Central

Security and authentication enhancements

  • Stronger password hash algorithm (requires a password change)
  • Auto web-filtering of Internet Watch Foundation (IWF) identified sites containing child sexual abuse
  • Support for creating users with UPN format for RADIUS authentication

It’s easy and free

Of course, all these features are a free upgrade for Sophos customers and are as easy as clicking to upgrade your firmware in your firewall console or scheduling a firmware update through Sophos Central.

Upgrade to v18 today!

Now is the perfect time to upgrade. If you’re interested in learning more about what’s new in v18, check out these excellent articles that will help you make the most of the many new capabilities in v18:

Leave a Reply

Your email address will not be published.