Guest User!

You are not Sophos Staff.

Chris McCormack

The early access program for Sophos Firewall OS v19 is kicking off today delivering Xstream SD-WAN capabilities.

Earlier this year, we launched the powerful new XGS Series firewalls with dedicated Xstream Flow Processors to accelerate SD-WAN, SaaS, and cloud traffic.  We then followed that with an extremely easy way to orchestrate complex SD-WAN overlay networks in Sophos Central.  And today, we’re introducing Xstream SD-WAN.

Sophos Firewall OS v19 includes several new and exciting SD-WAN capabilities including SD-WAN profiles with multi-gateway support and performance SLA link selection, as well as performance monitoring tools, SD-WAN logging, and much more.

Xstream FastPath Acceleration of IPsec VPN tunnel traffic will also be part of SFOS v19 and is still being finalized for inclusion in the next EAP phase.

All this adds up to Xstream SD-WAN – delivering extreme new levels of networking flexibility and performance – all integrated into your firewall.

Here are the major enhancements in SFOS v19

SD-WAN

  • SD-WAN Profiles and Advanced Performance SLAs – with multiple gateway support for seamless and efficient re-routing of traffic based on WAN link performance.
  • SD-WAN monitoring – provides graphical real-time and historical monitoring of SD-WAN link performance metrics including latency, jitter, and packet loss.
  • SD-WAN Logging – integrates SD-WAN routing information into log data with a new SD-WAN log viewer module

VPN

  • VPN Management – VPN management has been reorganized and streamlined including new separate main menu items for remote access and site-to-site VPN management as well as many other intuitive changes, a new SSL remote-access setup wizard, and more.
  • VPN Performance – SSL VPN capacity is dramatically improved (up to 5x) thanks to the addition of multi-instance support, and in the next EAP phase, we will be introducing Xstream FastPath acceleration of IPsec VPN tunnel traffic.
  • VPN Operational Enhancements – include a variety of additional changes including custom policy support for IPsec RA, RBVPN, new GCM and Suite-B cipher support for IPsec, and SSL VPN enhancements.
  • VPN Logging – A new log viewer module has been added to assist in monitoring and trouble-shooting VPN connections for both remote-access and site-to-site using SSL or IPsec.
  • AWS VPC Import – You can now import your VPC configuration XML file from AWS to streamline the tunnel setup on your Sophos Firewall.

Other Enhancements

  • Web Protection – Per-connection authentication for multiple users on the same source IP address, enforcement of tenant restrictions for O365, and X-Forwarded-For Header support for up-stream load balancers and proxies.
  • System and Object Search – New search capabilities to quickly and easily find screens or features in the product, as well as enhanced object search when building firewall, NAT, TLS or routing rules that allows free text searching for any object in the system.
  • Performance, Protection, and Usability Enhancements – including scalable authentication performance (in high user-count environments), Synchronized Security enhancements for lateral movement protection, Flow Monitor interface enhancements, MFA enhancements, and log aggregation and suppression.

Check out the detailed PDF list of What’s New in the SFOS v19 Early Access Program.

Watch brief demo videos for many of the new features:

Of course, SFOS v19 also includes all the other great enhancements in SFOS v18.5 MR2 which will be popping up in your consoles as an update any day now.

Getting Started and Providing Feedback

Sophos Firewall OS v19 EAP1 (Build 244) is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later and all previous versions of v18.5 except the latest v18.5 MR2.

Please visit the SFOS v19 EAP Registration Page to get started.

Once you’re up and running, please provide feedback through your Sophos Firewall's feedback mechanism (top right of every screen on your Firewall).  Also visit our EAP Community Forums to share your experience with others.

Note: Please do not call Sophos Support for issues related to the EAP. Troubleshooting and support for all EAP versions is handled solely through the online Sophos Community EAP Forums.

Please be on the lookout for brief email surveys over the course of the EAP.  These can be extremely helpful in shaping the release, and don't worry, we value your time and will ensure they won't take long to complete. 

Related
Recommended
Parents

  • Also, to be clear, you're saying that we can only upgrade directly to the EAP from 18.5 MR1. So if we currently have 18.5 MR1 and 18.5 MR2 uploaded to our appliance and we're running MR2, we should reboot into MR1 before doing the EAP upgrade?

    Last. and I realize that this is entirely my call, but I've read that EAPs are generally usable for installations that aren't hitting edge-cases. Pretty stable, as I understand. (This has been true with Intercept X, but I've not tried it with XGS.) Any word on whether the EAP is more or less stable than usual?

  • in reply to Wayne Folta

    EAP is, as state as always, a early access to a piece of Software. You can compare it with Apple Beta Program. Feel free to use it in a productive manner, but its not officially supported by Sophos Support, instead by dedicated member of the Community and Sophos DEV. 

    Sophos is happy to assist productive setups, if you run into issues, to get "real world issues". 

  • in reply to LuCar Toni

    Right. I used the latest Apple Beta from the time MacOS X came out in (public) beta until about a year ago .So MANY years with no showstoppers. I stopped recently because I was doing a lot of video editing and while I've never had an Apple Beta get crashy on me, I had to be much more careful about combinations of AppleOS plus my video editing program, with hard deadlines leaving little room for error.)

    And it sounds to me like Sophos EAP is similarly stable, as long as you don't poke into dark corners. So I've taken the chance and so far it's working out.

    I did reboot to v18.5 MR1, then upload the EAP and it all worked quickly and without issues. On the XGS87, there's about a 30 second period after "reboot" where I think it's booting from PROM, then about 2-2.5 minutes with the blue light flashing and the port lights off, then the port lights come on and blink and I think network connectivity is up. It takes 2 more minutes (though I think I've seen up to 3 or 4 minutes) for the APX to come up and give me wireless, at which point the network is officially up.

Comment
  • in reply to LuCar Toni

    Right. I used the latest Apple Beta from the time MacOS X came out in (public) beta until about a year ago .So MANY years with no showstoppers. I stopped recently because I was doing a lot of video editing and while I've never had an Apple Beta get crashy on me, I had to be much more careful about combinations of AppleOS plus my video editing program, with hard deadlines leaving little room for error.)

    And it sounds to me like Sophos EAP is similarly stable, as long as you don't poke into dark corners. So I've taken the chance and so far it's working out.

    I did reboot to v18.5 MR1, then upload the EAP and it all worked quickly and without issues. On the XGS87, there's about a 30 second period after "reboot" where I think it's booting from PROM, then about 2-2.5 minutes with the blue light flashing and the port lights off, then the port lights come on and blink and I think network connectivity is up. It takes 2 more minutes (though I think I've seen up to 3 or 4 minutes) for the APX to come up and give me wireless, at which point the network is officially up.

Children
No Data