Sophos Firewall OS v21 MR1 brings several scalability, resiliency, and stability enhancements to your Sophos Firewall.

What’s new

SSL VPN – Now supports key sizes of 3072 or 4096 bits for the Diffie-Hellman key exchange to enhance secure communication and compliance requirements. Enhanced UDP-based SSLVPN tunnel resiliency has also been added using a granular dead peer detection timeout configuration.

– Now supports key sizes of 3072 or 4096 bits for the Diffie-Hellman key exchange to enhance secure communication and compliance requirements. Enhanced UDP-based SSLVPN tunnel resiliency has also been added using a granular dead peer detection timeout configuration. IPsec VPN – Improved stability for offloaded policy-based VPN IPsec traffic that eliminates slow browsing issues.

– Improved stability for offloaded policy-based VPN IPsec traffic that eliminates slow browsing issues. NAT64 – The firewall enables IPv6-only clients to access IPv4 websites through an explicit proxy. Also added support for an IPv4 upstream proxy for IPv6-only clients.

– The firewall enables IPv6-only clients to access IPv4 websites through an explicit proxy. Also added support for an IPv4 upstream proxy for IPv6-only clients. DHCP – Implemented added resiliency to the DHCP service which now auto-restores if it gets into an error state.

– Implemented added resiliency to the DHCP service which now auto-restores if it gets into an error state. Cellular WAN – The firewall now offers enhanced cellular WAN monitoring by automatically setting “8.8.8.8” as the second probe target. This addresses the issue of ISPs blocking gateway pings, reducing the need for manual configuration.

– The firewall now offers enhanced cellular WAN monitoring by automatically setting “8.8.8.8” as the second probe target. This addresses the issue of ISPs blocking gateway pings, reducing the need for manual configuration. SD-RED support – SD-RED devices now support remote troubleshooting and diagnostics by Sophos Support.

How to get the firmware and documentation

Sophos Firewall OS v21 MR1 is a free upgrade for all licensed Sophos Firewall customers – including XGS Series, cloud, virtual, and software firewalls.

Note: XG Series devices are soon to be end-of-life and need to be upgraded to XGS Series devices immediately and are not supported by v21 or v21 MR1.

This firmware release will follow our standard update process. You can manually download SFOS v21 MR1 from Sophos Central and update any time. Otherwise, it will be rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.

You should update your Sophos Firewall firmware at your earliest opportunity.

Sophos Firewall OS v21 MR1 is a fully supported upgrade from all previous versions of v21, v20, v19.5 and v19.0. Please refer to the Upgrade Information tab in the release notes for more details.

Full product documentation is available online and within the product.