- The XG Firewall v18 Early Access Program will have multiple phases over the coming months, with some features, noted in the What’s New Overview, delivered as part of later EAP phases. We hope you are as excited about this new XG Firewall release as we are. 0 members are here.
- This video outlines how to deploy an Sophos (XG) Firewall from Sophos Central using zero-touch deployment and then setup a RED site-to-site tunnel between two Sophos (XG) Firewall devices. Firewall Rules in v18.
What’s New in v18 MR5:
VPN Enhancements
A full walkthrough on setting up Sophos XG V18 from a fresh install to basic deployment very quickly. This will teach you what rules and settings are import.
- A huge 50% increase in concurrent IPSec VPN tunnel capacity across the line
- Port 443 sharing between SSL VPN and the Web Application Firewall (WAF)
- IPSec provisioning file support for remote access vis Sophos Connect v2.1
SD-WAN
- Integration with Azure Virtual WAN for a complete SD-WAN overlay network
Authentication
- Integration with Azure Active Directory (learn more)
Certificate Management and Security
- Form enhancements for creating certificate signing requests and certificates
- Enhanced security for private keys
- Upload/download support for PEM format certificates
- Enhanced workflows for certificate management
Synchronized Security
- Enhanced registration and de-registration in high-availability (HA) installations
- Missing Heartbeat enhancements to reduce notifications sent for intended/expected changes in endpoint status
Sophos Central Firewall Reporting
- New Cloud Application (CASB) report
- MSP Flex Pricing for MSP partners
View the full release notes on the Sophos Community Blog.
Other Recent Enhancements:
If you’re not running the latest v18 firmware on your firewall you’re missing out on a ton of new capabilities and dozens of resolved issues. In addition to the above, these capabilities have been added in other v18 maintenance releases:
Hight Availability Enhancements
- Improved FastPath support for active-passive pairs
- HA support in AWS using the AWS Transit Gateway
- Setup, reliability and stability enhancements
VPN and Sophos Connect Remote Access Client
- A huge increase in SSL VPN connection capacity (up to 3-6x)
- Remote access IPSec policy provisioning with Sophos Connect v2.1
- Group support for Sophos Connect which enables imports from AD/LDAP/etc.
- New advanced options for IPSec remote access
- Sophos Connect downloads enabled from the user portal
- Enforcement of TLS 1.2 for SSL site-to-site and remote access VPN tunnels
Synchronized Security
- A new option for Synchronized App Control to automatically clean up discovered apps over a month old
Cloud Platform Support
- Support for new AWS instances (C5/M5 and T3)
- Support for cloud formation templates
- Virtual WAN zone support on custom gateways for post deployment single arm usage
- Nutanix and Nutanix Flow support
Sophos Central
- Group Firewall Management via the Partner Dashboard
- Firmware update scheduling
- Multi-firewall reporting across firewall groups
- Save, Schedule and Export reports from Sophos Central
Security and Authentication Enhancements
- Stronger password hash algorithm (requires a password change)
- Auto web-filtering of Internet Watch Foundation (IWF) identified sites containing child sexual abuse
- Support for creating users with UPN format for RADIUS authentication
It’s Easy and Free
Of course, all these features are a free upgrade for Sophos customers and as easy as clicking to upgrade the firmware in the Firewall console or scheduling a firmware update through Sophos Central.
Upgrade to v18 today!
Now is the perfect time for your customers to upgrade. Share these excellent articles that will help your customers make the most of the many new capabilities in v18:
Also check out our new and improved Sophos Community XG Firewall home page! Subscribe to the XG Blog for the latest news and releases, get expert answers to your technical questions, and find useful Community-created content in our “Recommended Reads” section! Make sure you bookmark the Selling Sophos Firewall page in the Sophos Partner Portal for easy access to all sales tools onXG Firewall.
XG Firewall v18 includes several performance gains that will breathe new life into customer networks enabling them to handle more traffic and better secure it. If you haven’t upgraded your customers to XG Firewall v18 already, you’re going to want to do so as soon as possible to take advantage of the substantial performance benefits.
What are the gains and where do they come from?
Xg V18 Features
Consider these potential performance boosts available by upgrading to XG Firewall v18:
That’s some impressive performance improvements!
One of the most exciting enhancements to XG Firewall in v18 was the introduction of the new Xstream Architecture with it’s all new streaming DPI engine, advanced TLS 1.3 inspection solution, and Network Flow FastPath.
Let’s look at how the Xstream Architecture upgrades performance:
Trusted Traffic FastPath Acceleration:
The new Xstream Network Flow FastPath is all about performance. It directs trusted traffic that doesn’t require security scanning onto the fast lane through the system. This not only minimizes latency and accelerates application traffic through the firewall, it also has the added benefit of not engaging the DPI engine for deep-packet inspection of trusted traffic.
The impact of fastpathing is up to a 5x improvement in firewall traffic throughput! Of course, with a blend of real-world traffic mixes, not all applications qualify for trusted traffic FastPath acceleration, but if a substantial portion of traffic can be accelerated on the FastPath, it can increase the firewall’s security scanning capacity while allowing more trusted traffic. That’s a win-win.
Sophos Xg V18 Sd-wan
Be sure to see how to make the most of the Network Flow FastPath on your network to see how this works and how to set it up optimally.
Xg V18 Guide
TLS Inspection Speed:
The new Xstream TLS inspection solution also brings a tremendous boost in decrypting and inspecting encrypted traffic flows with up to a 2x improvement in performance. And when you combine the added performance with the very granular and easy to manage TLS inspection policies, you can be sure XG Firewall is only inspecting traffic that really needs it, and now do it faster than ever.
See how to make the most of Xstream TLS Inspection on XG Firewall.
IMIX Traffic Performance:
Internet Mix or IMIX is an often used reference in measuring typical real-world internet network traffic performance making it a good metric to consider when looking at performance.
The new Xstream Architecture in XG Firewall v18 also brings a substantial boost in performance to this important metric. On our mid-range models, the gains are over 100% with the average across the XG Series line being a 57% improvement in performance. This is all thanks to optimizations in the packet processing flow, DPI engine, and Network Flow FastPath. It’s an incredible real-world improvement in traffic processing performance.
Xg Firewall V18 Mr1
Other common traffic performance measurements also benefit from the Xstream Architecture in v18 including raw firewall performance, IPS, AV, Application Control and malware protection.
Get the latest XG Firewall Brochure to see the latest performance metrics and how the XG Series models stack up.
Xg V18 Mr2
SSL VPN Capacity:
Further optimizations to our SSL engine in XG Firewall v18 MR3 bring some dramatic improvements to remote access SSL VPN capacity with up to 6x the number of connections possible on our higher-end appliances. Increases are more modest at the entry-level, but on a typical mid-range device like the XG 310 the capacity has tripled! This is great news for everyone managing a remote workforce these days.
Check out the other great enhancements with remote-access VPN.
Upgrade Today:
Xg V18 Waf
If you haven’t already, upgrade your customers to XG Firewall v18 today – it’s a free performance boost – and there’s a ton of great new protection and networking features.
Be sure to take advantage of all the resources available, including the recent “Making the Most of XG Firewall v18” article series that covers all the great new capabilities in XG Firewall v18: