We’re extraordinarily happy to announce that Sophos Firewall v20 is now out there. This newest launch contains an revolutionary new energetic menace response functionality, a number of networking enhancements, added assist for securing your distant workforce, and lots of of your top-requested options.
Sophos Firewall v20 is a free improve for all licensed Sophos Firewall prospects.
Watch the video under for an summary of what’s new, obtain the What’s New PDF, or learn on for the complete particulars and deep-dive demo movies.
Lively Risk Response
Extending Synchronized Safety to MDR and XDR supplies a direct feed for safety analysts to share energetic menace info with the firewall, enabling it to routinely reply to energetic threats with out creating any firewall guidelines.
Dynamic Risk Feeds introduces a brand new menace feed API framework that’s simply extensible. It permits menace intelligence to be shared by the Sophos X-Ops workforce, different Sophos merchandise like MDR and XDR, and finally third-party menace feeds sooner or later.
Synchronized Safety extends the identical Crimson Heartbeat, automated response that Sophos Firewall has at all times had and applies it to MDR/XDR recognized threats. This ensures compromised hosts are usually not in a position to transfer laterally or talk out, whereas particulars together with host, consumer, and course of are available for follow-up. Synchronized Safety has additionally been enhanced with added scalability and lowered false lacking heartbeats for gadgets which are in sleep or hibernation states.
Watch the Lively Risk Response demo video.
Distant employee safety and SASE
ZTNA gateway integration makes ZTNA deployments even simpler by integrating a ZTNA gateway instantly into the firewall. This implies any group that should present distant entry to purposes hosted behind the firewall doesn’t have to deploy a separate gateway on a VM. They will merely benefit from the gateway built-in into their firewall. When mixed with our single-agent deployment on the distant system, ZTNA couldn’t probably get any simpler. It’s actually zero-touch zero belief.
Third-party SD-WAN integration makes it simple to onramp SD-WAN visitors onto Cloudflare, Akami, or Azure spine networks to benefit from their huge infrastructure, attain, and networking and safety companies.
Sophos DNS Safety is our new cloud-delivered internet safety service that shall be out there individually in early entry very quickly. It supplies a brand new Sophos-hosted area identify decision service (DNS) with compliance and security measures which are totally supported by Sophos Firewall. This service supplies an added layer of internet safety, stopping entry to recognized compromised or malicious domains throughout all ports, protocols, or purposes – each unencrypted and encrypted. Extra information on this new service is coming quickly.
Community scalability and resiliency enhancements
A brand new VPN portal supplies a containerized, hardened self-service portal for finish customers to obtain VPN purchasers and configurations, auto-provisioning, and clientless VPN bookmarks.
IPsec enhancements embody seamless HA failover, tunnel standing monitoring through SNMP, distinctive PSK assist for a similar native and distant gateway connections, and DH Group 27-30/RFC6954 assist.
SSL VPN enhancements embody FQDN (totally certified area identify) host and group assist for each distant entry and site-to-site SSL VPN.
SD-WAN scalability triples SD-WAN gateway scalability to 3072 gateways and the variety of SD-WAN profiles to 1024.
IPv6 enhancements embody DHCP prefix delegation to seamlessly combine together with your ISP and new enhancements to the dynamic routing engine now assist BGPv6 for improved IPv6 interoperability.
Watch a video overview of the VPN enhancements or the IPv6 BGPv6 and DHCPv6 capabilities.
Streamlined administration
Interface allow/disable delivers a top-requested function to simply disable or allow community interfaces on the firewall with out dropping any configuration.
Object reference lookup addresses one other top-requested function to seek out the place a given host or service object is utilized in guidelines, insurance policies, and routing.
Hello-res show assist provides elevated horizontal scalability to the administration console to benefit from high-resolution shows and scale back horizontal scrolling.
Auto-rollback on failed firmware updates reduces any disruption, together with high-availability deployments.
Backup and restore now contains the choice to revive a backup from a firewall with built-in Wi-Fi to a firewall with out Wi-Fi.
Azure AD SSO for captive portal provides assist for consumer authentication on the captive portal utilizing their Azure AD credentials.
Azure group import and RBAC add assist for a brand new import assistant for Azure AD teams and automated promotion for role-based admin adjustments.
Watch movies masking the brand new administration options and Azure AD capabilities.
Different enhancements
Net Utility Firewall (WAF) enhancements embody geo IP coverage enforcement, customized cipher configuration, and TLS model settings, in addition to improved safety with HSTS enforcement and X-Content material-Sort-Choices enforcement.
Azure Single Arm deployment assist permits the selection of a smaller occasion dimension to avoid wasting on infrastructure prices and scale back community and operational complexity.
Get extra particulars on what’s new
Obtain the complete What’s New Information for an entire overview of all the good new options and enhancements in v20.
Assessment the discharge notes and documentation.
Watch the demo video collection:
How one can get v20
As with each firewall launch, Sophos Firewall v20 is a free improve for all licensed Sophos Firewall prospects and needs to be utilized to all supported firewall gadgets as quickly as attainable. This launch not solely accommodates nice options and efficiency enhancements, but in addition vital safety fixes.
This firmware launch will observe our customary replace course of.
Please word that Sophos Firewall firmware updates are actually downloaded from Sophos Central. Get the complete particulars right here or observe the fast information under to get the newest v20 firmware on your firewall:
1. Log in to your Sophos Central account and choose “Licensing” from the drop-down menu beneath your account identify within the high proper of the Sophos Central console.
2. Choose Firewall Licenses on the highest left of this display.
3. Develop the firewall system you’re taken with updating by clicking the “>” to point out the licenses and firmware updates out there for that system.
4. Click on the firmware launch you need to obtain (word there may be presently a problem with downloads working in Safari so please use a unique browser akin to Chrome).
5. It’s also possible to click on “Different downloads” in the identical field above to entry preliminary installers and software program platform firmware updates.
The brand new v20 firmware shall be steadily rolled out to all linked gadgets over the approaching weeks. A notification will seem in your native system or Sophos Central administration console when the replace is out there, permitting you to schedule the replace at your comfort.
Sophos Firewall v20 is a completely supported improve from any supported Sophos Firewall firmware model.
Try the v20.0 GA launch notes for extra particulars, together with the recognized points checklist. Full product documentation is out there on-line and inside the product.