Products and Services PRODUCTS & SERVICES

Sophos Firewall OS v18.5 MR2 is now available and includes a number of great features enhancements, security and performance optimizations, and field reported fixes.

We encourage all customers to update their firewall to the latest firmware release to take advantage of these new features, ensure their firewall is performing optimally, and is best protected with the latest security enhancements.

What’s New in Sophos Firewall OS v18.5 MR2

  • FIPS 140-2 Level 1 Validation
    • 5 MR2 has been awarded Federal Information Processing Standards Publications (FIPS) 140-2 validation for XGS series hardware and virtual machines based on our latest Cryptographic Module
  • IPsec VPN Enhancements
    • Improved performance with the support for GCM and suite-B ciphers
    • Enhanced idle time-out support for remote access connections – maintaining connections longer
    • Routing optimization using the tunnel interface IP address for route-based IPsec masquerading (MASQ)
  • New Sophos Assistant
    • Provides an interactive guided “helping hand” for important workflows in the product to make it much easier to learn and perform common tasks
  • Credential-Free Registration for Sophos Central
    • Greatly streamlines onboarding new firewalls into Sophos Central
  • Authentication Enhancements
    • Improved MFA support for the admin account with alerts and a streamlined setup process.
    • Support for multiple group memberships in Active Directory to show all the groups a user belongs to.
  • Certificate Enhancements
    • Adds new helpful information on certificate authorities, easy identification of locally added certificates that use private keys, and easy downloading of the public part of any certificate.
  • Additional Usability and Feature Enhancements
    • Added new domains for TLS exclusion to optimize TLS performance and the end-user experience
    • Support for Cloudflare as a DDNS service provider
    • Added a new global IPS switch to enable or disable the IPS engine
    • Installation wizard enhancement that bridges only two ports by default
    • Upgraded JQuery version to 3.5.x.
  • Troubleshooting Report Enhancement
    • Improved log file handling, backend report generation, and usability enhancements

This release also contains a few enhancements for XGS Series appliance customers:

  • Xstream Flow Processor Driver update – for XGS Series 4300, 4500, 5500, and 6500 models to optimize performance on these high-end models
  • XGS Series Reimaging – a visual indication of ISO re-imaging status is now provided on the LCD display and front panel status LEDs
  • Hardware Reset on XGS 87/107 – enables a long-press of the hardware reset button to initiate a factory reset

Check out the release notes for full details.

How to get it

As usual, this software update is no charge for all licensed Sophos Firewall devices and should be applied to all supported firewall devices as soon as possible.

It will be rolled out to all connected devices over the coming days. A notification will appear on your local device or Sophos Central management console when the update is available allowing you to schedule the update at your convenience.  Otherwise, you can manually download the latest firmware from MySophos and update anytime.

Sophos Firewall OS v18.5 MR2 is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later (including the latest v18 MR6) and all previous versions of v18.5.

What’s next

The early access program for SFOS v19 is just around the – expected to start in December.  SFOS v19 introduces Xstream SD-WAN with major new enhancements to SD-WAN link performance management and routing, VPN, and networking.  Be sure to watch this space for more news on this exciting release.

Sophos ZTNA as an alternative to remote access VPN

If you’re interested in a better alternative for remote access, check out our new Zero Trust Network Access product which just started its early access program for the release candidate.  It offers much better security, easier management, and a more transparent end-user experience than remote access VPN.

Leave a Reply

Your email address will not be published. Required fields are marked *