Sophos Firewall v20 MR2: New Features and Improvements
Sophos has released the latest version of its firewall software, Sophos Firewall v20 MR2. This version introduces significant improvements and new features that make the firewall much easier to use and manage. In this blog post, we provide an overview of the most important new features and improvements.
Backup and Restore Wizard
One of the most helpful new features in Sophos Firewall v20 MR2 is the Backup and Restore Wizard. This wizard greatly simplifies the migration of firewall configurations to another appliance. You can now create backups from an older version (from v19.5 MR4) and restore them to a new v20 MR2 or later version. This makes the upgrade from Sophos Firewall XG to XGS Series much easier, as well as migration between different XGS Series models or to and from virtual and cloud appliances. Interfaces can now be flexibly mapped and migrated to faster ports, which is particularly useful when modernizing network infrastructure.
A special feature is the use of so-called pseudo-interfaces, which serve as placeholders for interfaces that are not needed and keep the configuration intact until it can be adjusted.
The following video explains the following points in detail:
- New backup restore features: Overview of expanded compatibility options and the removal of earlier restrictions.
- Backup and Restore Wizard: Interactive user interface for port mapping and migration of virtual interfaces.
- Practical Example: Step-by-step demonstration of restoring a backup from an XGS2100 to an XGS136.
- Compatibility Matrix and Check Tool: Aids to ensure a smooth migration.
Increased Compatibility and Flexible Restore Options
Sophos Firewall v20 MR2 also offers broader compatibility and flexible restore options. You can now restore backups from devices with different interface configurations, which increases the flexibility and adaptability of the firewall. For example, it is possible to restore backups from 6-port devices to 4-port devices and vice versa. In addition, there are no longer any restrictions on the number of ports when restoring an HA backup to a running HA cluster.
For example, if you have an XG 430 and your infrastructure requirements have changed, you can now easily move to an XGS 2100.
I am deliberately using this downgrade example because we have received feedback from some customers that the new XGS Appliances and licenses are significantly more expensive than the XG equivalents, and the promos only reduce that difference to a limited extent. So keep an eye on the End-of-Life calendar.
Sophos has created a website that makes it easier to see how compatible backups are with other appliances or VMs.
Improvements in Active Directory Single Sign-On (AD SSO)
The new version also brings improvements to Active Directory Single Sign-On (AD SSO), particularly for high-availability scenarios and HSTS support. Authentication information is now transferred to the second firewall in the event of a failover, improving resilience. In addition, the firewall now supports Kerberos/NTLM handshakes over HTTP or HTTPS, enabling a more transparent SSO experience when HSTS is enforced.
Optimizations in Web Protection
The web protection feature has also been improved in Sophos Firewall v20 MR2. System load is reduced when SafeSearch, YouTube restrictions, Google App Login Domains, or Azure AD tenant restrictions are enforced. This improves performance and makes firewall operation smoother. In addition, you can now adjust encryption settings to achieve the best balance between compatibility, security, and audit compliance.
Known Issues
Of course, new features are always accompanied by bug fixes. On the following page, you can see which bugs have been fixed or are at least known but have not yet been fixed.
