Every maintenance release (MR) for XG Firewall v18 brings compelling new features, including a variety of performance, stability, and security enhancements. MR5 is no exception.
What’s new in v18 MR5
- A huge 50% increase in concurrent IPSec VPN tunnel capacity across the line
- Port 443 sharing between SSL VPN and the Web Application Firewall (WAF)
- IPSec provisioning file support for remote access via Sophos Connect v2.1
- Integration with Azure Virtual WAN for a complete SD-WAN overlay network
- Integration with Azure Active Directory (learn more)
Certificate management and security
- Form enhancements for creating certificate signing requests and certificates
- Enhanced security for private keys
- Upload/download support for PEM format certificates
- Enhanced workflows for certificate management
- Enhanced registration and de-registration in high-availability (HA) installations
- Missing Heartbeat enhancements to reduce notifications sent for intended/expected changes in endpoint status
Sophos Central Firewall Reporting
- New Cloud Application (CASB) report
- MSP Flex Pricing for MSP partners
View the full release notes on the Sophos Community Blog.
Other Recent Enhancements
If you’re not running the latest v18 firmware on your firewall, you’re missing out on a ton of new capabilities and dozens of resolved issues.
In addition to the above, these capabilities have been added in other v18 maintenance releases:
- Improved FastPath support for active-passive pairs
- HA support in AWS using the AWS Transit Gateway
- Setup, reliability, and stability enhancements
VPN and Sophos Connect Remote Access Client
- A huge increase in SSL VPN connection capacity (up to 3-6x)
- Remote access IPSec policy provisioning with Sophos Connect v2.1
- Group support for Sophos Connect which enables imports from AD/LDAP/etc.
- New advanced options for IPSec remote access
- Sophos Connect downloads enabled from the user portal
- Enforcement of TLS 1.2 for SSL site-to-site and remote access VPN tunnels
- A new option for Synchronized App Control to automatically clean up discovered apps over a month old
Cloud platform support
- Support for new AWS instances (C5/M5 and T3)
- Support for cloud formation templates
- Virtual WAN zone support on custom gateways for post deployment single arm usage
- Nutanix and Nutanix Flow support
- Group firewall management via the Partner Dashboard
- Firmware update scheduling
- Multi-firewall reporting across firewall groups
- Save, schedule, and export reports from Sophos Central
Security and authentication enhancements
- Stronger password hash algorithm (requires a password change)
- Auto web-filtering of Internet Watch Foundation (IWF) identified sites containing child sexual abuse
- Support for creating users with UPN format for RADIUS authentication
It’s easy and free
Of course, all these features are a free upgrade for Sophos customers and are as easy as clicking to upgrade your firmware in your firewall console or scheduling a firmware update through Sophos Central.
Upgrade to v18 today!
Now is the perfect time to upgrade. If you’re interested in learning more about what’s new in v18, check out these excellent articles that will help you make the most of the many new capabilities in v18:
- Xstream architecture, DPI engine, and TLS inspection
- Xstream TLS Inspection for a modern encrypted Internet
- FastPath Application Acceleration and SD-WAN Routing
- Zero-day threat and ransomware protection
- Network address translation (NAT)
- Route-based IPsec site-to-site VPN
- Switching to Sophos Central for Firewall Management
When is v18 MR5 going to be available?
MR5 is available now. The firmware is being rolled out automatically to all systems over several weeks, but you can access the firmware anytime to do a manual update through the Licensing Portal. Please refer to the documentation for more information on how to apply firmware updates.
For more details see: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/xg-firewall-v18-mr5-is-now-available