Sophos Firewall v20 MR2: New Features and Improvements
Sophos has released the latest version of its firewall software, Sophos Firewall v20 MR2. This version brings significant improvements and new features that greatly simplify the use and management of the firewall. In this blog post, we provide an overview of the most important new features and improvements.
Backup and Restore Assistant
One of the most helpful new features in Sophos Firewall v20 MR2 is the Backup and Restore Assistant. This assistant greatly simplifies the migration of firewall configurations to another appliance. You can now create backups from an older version (from v19.5 MR4) and restore them to a new v20 MR2 or later version. This massively simplifies the upgrade from Sophos Firewall XG to XGS Series, as well as migration between different XGS Series models or to and from virtual and cloud appliances. Interfaces can now be flexibly assigned and migrated to faster ports, which is particularly useful when updating network infrastructure.
A special feature are the so-called pseudo-interfaces, which serve as placeholders for unneeded interfaces and keep the configuration intact until it can be adjusted.
The following video explains the following points in detail:
- New Backup Restore Functions: Overview of expanded compatibility options and the lifting of earlier restrictions.
- Backup Restore Assistant: Interactive user interface for port assignment and migration of virtual interfaces.
- Practical Example: Step-by-step demonstration of restoring a backup from an XGS2100 to an XGS136.
- Compatibility Matrix and Check Tool: Aids to ensure a smooth migration.
Increased Compatibility and Flexible Restore Options
Sophos Firewall v20 MR2 also offers broader compatibility and flexible restore options. You can now restore backups from devices with different interface configurations, which increases the flexibility and adaptability of the firewall. For example, it is possible to restore backups from 6-port devices to 4-port devices and vice versa. In addition, there are no longer any restrictions on the number of ports when restoring an HA backup to a running HA cluster.
If, for example, you have an XG 430 and the requirements for the infrastructure have changed, you can now easily switch to an XGS 2100.
I deliberately use this downgrade example because we have received feedback from some customers that the new XGS Appliances and licenses are significantly more expensive than with the XG and the promos only make them marginally cheaper. So keep an eye on the End-of-Life calendar.
Sophos has created a website that makes it easier to see how backups are compatible with other appliances or VMs.
Improvements in Active Directory Single Sign-On (AD SSO)
The new version also brings improvements in Active Directory Single Sign-On (AD SSO), particularly for high-availability scenarios and HSTS support. Now, authentication information is transferred to the second firewall in the event of a failover, which improves fault tolerance. In addition, the firewall now supports Kerberos/NTLM handshakes over HTTP or HTTPS, which enables a more transparent SSO experience when HSTS is enforced.
Optimizations in Web Protection
Web protection functionality has also been improved in Sophos Firewall v20 MR2. System load is reduced when SafeSearch, YouTube restrictions, Google App Login Domains, or Azure AD tenant restrictions are enforced. This leads to improved performance and smoother operation of the firewall. Furthermore, you can now adjust encryption settings to achieve the best balance between compatibility, security, and audit compliance.
Known Issues
Of course, in addition to new features, bugs are also fixed. On the following page, you can see which bugs have been fixed or are at least known but have not yet been fixed.
