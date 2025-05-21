As with every Sophos Firewall release, v21.5 includes several quality-of-life enhancements that make day-to-day management easier.

Watch this video for an overview of what’s new or read on for more details:

VPN enhancements

User interface and usability enhancements: Connection types have been renamed from “site-to-site” to “policy-based,” and tunnel interfaces have been renamed to “route-based” to make these more intuitive.

Improved IP lease pool validation: Across SSLVPN, IPsec, L2TP, and PPTP remote access VPN to eliminate potential IP conflicts.

Strict profile enforcement: On IPsec profiles that exclude default values to ensure a successful handshake, eliminating potential packet fragmentation and tunnels failing to establish properly.

Route-based VPN and SD-RED scalability: Route-based VPN capacity is doubled with support for up to 3,000 tunnels. Sophos Firewalls now support up to 1,000 site-to-site RED tunnels and up to 650 SD-RED devices.

Other management enhancements

DHCP prefix delegation relaxation: Now supports /48 to /64 prefixes, improving interoperability with ISPs.

Router advertisements (RA) and the DHCPv6 server: Now enabled by default.

Resizable table columns: A long-requested feature, many firewall status and configuration screens now support resizable column widths that are retained in browser memory for subsequent visits. Many screens such as SD-WAN, NAT, SSL, Hosts and services, and site-to-site VPN, all benefit from this new feature.

Extended free text search: SD-WAN routes now enable searching by route name, ID, objects, and object values like IP addresses, domains, or other criteria. Local ACL rules also now support searching by object name and value, including content-based search.

Default configuration: By popular demand, the default firewall rules and rule group previously created when setting up a new firewall have been removed, with only the default network rule and MTA rules provided during initial setup. The default firewall rule group and the default gateway probing for custom gateways are both set to “None” by default.

New font: The Sophos Firewall user interface now sports a new lighter, cleaner, sharper, font for added readability and improved performance.

Get the What’s New Guide

Check out the What’s New Guide for a full overview of all the new enhancements in v21.5.

Get started today

Start taking advantage of this great new capability in Sophos Firewall v21.5 by participating in the early access program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.