Sophos V18

30-04-2021 by



  1. Sophos V18
  2. Sophos V18 Nat Rules
  3. Sophos V18 Mr2

What’s New in v18 MR5:

This video outlines how to deploy an Sophos (XG) Firewall from Sophos Central using zero-touch deployment and then setup a RED site-to-site tunnel between two Sophos (XG) Firewall devices. Firewall Rules in v18. Sophos has released the longly awaited MR-3 with many good fixes in the package, read all here: RELEASE NOTES from Sophos: Enhancements in v18 MR-3. Security enhancements: Several security and hardening enhancements – including SSMK (secure storage master key) for the encryption of sensitive data. Refer KB-000040174 for more details. Sophos exam version 18Sophos XG firewall exam v 18.

VPN Enhancements

  • A huge 50% increase in concurrent IPSec VPN tunnel capacity across the line
  • Port 443 sharing between SSL VPN and the Web Application Firewall (WAF)
  • IPSec provisioning file support for remote access vis Sophos Connect v2.1

SD-WAN

Sophos V18

  • Integration with Azure Virtual WAN for a complete SD-WAN overlay network
Nat

Authentication

  • Integration with Azure Active Directory (learn more)
V18

Certificate Management and Security

Sophos V18 Nat Rules

  • Form enhancements for creating certificate signing requests and certificates
  • Enhanced security for private keys
  • Upload/download support for PEM format certificates
  • Enhanced workflows for certificate management

Synchronized Security

  • Enhanced registration and de-registration in high-availability (HA) installations
  • Missing Heartbeat enhancements to reduce notifications sent for intended/expected changes in endpoint status

Sophos Central Firewall Reporting

  • New Cloud Application (CASB) report
  • MSP Flex Pricing for MSP partners

Sophos V18 Mr2

View the full release notes on the Sophos Community Blog.

Other Recent Enhancements:

If you’re not running the latest v18 firmware on your firewall you’re missing out on a ton of new capabilities and dozens of resolved issues. In addition to the above, these capabilities have been added in other v18 maintenance releases:

Hight Availability Enhancements

  • Improved FastPath support for active-passive pairs
  • HA support in AWS using the AWS Transit Gateway
  • Setup, reliability and stability enhancements

VPN and Sophos Connect Remote Access Client

  • A huge increase in SSL VPN connection capacity (up to 3-6x)
  • Remote access IPSec policy provisioning with Sophos Connect v2.1
  • Group support for Sophos Connect which enables imports from AD/LDAP/etc.
  • New advanced options for IPSec remote access
  • Sophos Connect downloads enabled from the user portal
  • Enforcement of TLS 1.2 for SSL site-to-site and remote access VPN tunnels

Synchronized Security

Sophos V18
  • A new option for Synchronized App Control to automatically clean up discovered apps over a month old

Cloud Platform Support

  • Support for new AWS instances (C5/M5 and T3)
  • Support for cloud formation templates
  • Virtual WAN zone support on custom gateways for post deployment single arm usage
  • Nutanix and Nutanix Flow support

Sophos Central

  • Group Firewall Management via the Partner Dashboard
  • Firmware update scheduling
  • Multi-firewall reporting across firewall groups
  • Save, Schedule and Export reports from Sophos Central

Security and Authentication Enhancements

  • Stronger password hash algorithm (requires a password change)
  • Auto web-filtering of Internet Watch Foundation (IWF) identified sites containing child sexual abuse
  • Support for creating users with UPN format for RADIUS authentication

It’s Easy and Free

Of course, all these features are a free upgrade for Sophos customers and as easy as clicking to upgrade the firmware in the Firewall console or scheduling a firmware update through Sophos Central.

Upgrade to v18 today!

Now is the perfect time for your customers to upgrade. Share these excellent articles that will help your customers make the most of the many new capabilities in v18:

V18

Also check out our new and improved Sophos Community XG Firewall home page! Subscribe to the XG Blog for the latest news and releases, get expert answers to your technical questions, and find useful Community-created content in our “Recommended Reads” section! Make sure you bookmark the Selling Sophos Firewall page in the Sophos Partner Portal for easy access to all sales tools onXG Firewall.

One of the great new features in XG Firewall v18 that we covered in Part 3 of this series is the new SD-WAN Application and User/ Group based link selection capabilities. In this article, we’ll review how you can take advantage of those as a part of another new feature in XG Firewall v18 – Route Based IPsec VPN.

Route Based IPsec (RBVPN) in XG Firewall v18 enables truly dynamic IPsec site-to-site VPN tunnels. With RBVPN, network topology changes do not impact VPN policy and you no longer need to modify VPN policies if networks are added or removed from your environment, greatly simplifying VPN policy creation and management, especially in larger and more dynamic environments.

RBVPN provides full control over routing with support for static, dynamic (OSPF, BGP, RIP) and SD-WAN policy-based routes with RBVPN policies. RBVPN implementation in XG Firewall v18 also provides flexibility to setup more complex network address translation using the new NAT rule configuration such as VPN NAT overlap scenarios.

XG Firewall v18 also supports RBVPN tunnel interfaces for SD-WAN policy-based routes to support IPsec and MPLS co-existence with SD-WAN. This makes it possible to enable IPsec and MPLS (even on a non-WAN zone) to both be active at the same time with options for load balancing on VPN tunnels as well.

RBVPN is a well-accepted industry standard and interoperates nicely with other vendor’s route-based VPN tunnels making it easier to tunnel to Azure/ AWS and other cloud providers. Ultimately, Route based VPN is the preferred choice for today’s dynamic networks.

Making the Most of Route-Based IPsec VPN Tunnels in XG Firewall
This video provides a great detailed look at how to setup route-based VPN in XG Firewall v18:

Route Based VPN in XG Firewall v18 from Sophos on Vimeo.

Then, you can take full advantage of the new Synchronized SD-WAN policy-based routing for your VPN traffic, with options for user, group, application, and even Synchronized Application Control discovered app based-routing for your route-based VPN.

Synchronized SD-WAN leverages the added clarity and reliability of application identification that comes with the sharing of Synchronized Application Control information between Sophos-managed endpoints and XG Firewall. Synchronized Application Control can positively identify 100% of all networked applications, including evasive, encrypted, obscure, and custom applications and now these previously unidentified applications can also be added to SD-WAN and VPN routing. This provides a level of application routing control and reliability that other firewalls can’t match.

To use Synchronized Application Control discovered apps in your routing, when creating an application object for SD-WAN or VPN routing, you can select “Synchronized Application Control” from the technology drop-down box as show below to see all the relevant applications.

Here’s a summary of the resources available to help you make the most of the new features in XG Firewall v18, including the new route-based VPN capabilities:

If you’re new to Sophos XG Firewall, learn more about the great benefits and features XG Firewall can deliver to your network.

Selling XG Firewall
On the Sophos partner portal, we provide you with a wealth of sales assets. You may filter the list of assets by selecting a category to narrow down the results. And don’t forget to check whether there is a sales promotion available for your region. It’s worth checking back from time to time to make sure you’re not missing out on a great opportunity!





Indesign Cs5 5
Blender 2.93

Comments are closed.