Sophos Firewall v20 MR2: New features and improvements
Sophos has released the latest version of its firewall software, Sophos Firewall v20 MR2.
This version brings significant improvements and new features that make the firewall much easier to use and manage.
In this blog post, we provide an overview of the most important new features and improvements.
Content
Backup and restore wizard
One of the most helpful new features in Sophos Firewall v20 MR2 is the Backup and Restore Wizard. This wizard makes it much easier to migrate firewall configurations to another appliance. You can now create backups from an older version (from v19.5 MR4) and restore them to a new v20 MR2 or later version. This massively simplifies the upgrade from Sophos Firewall XG to XGS Series, as well as the migration between different XGS Series models or to and from virtual and cloud appliances. Interfaces can now be flexibly mapped and migrated to faster ports, which is particularly useful when upgrading network infrastructure.
A special function is the so-called pseudo-interfaces, which serve as placeholders for interfaces that are not required and keep the configuration intact until it can be adapted.
The following video explains the following points in detail:
- New backup restore functions: Overview of the extended compatibility options and the removal of previous restrictions.
- Backup Restore Wizard: Interactive user interface for port mapping and migration of virtual interfaces.
- Practical example: Step-by-step demonstration of restoring a backup from an XGS2100 to an XGS136.
- Compatibility matrix and compatibility check tool: Tools to ensure a smooth migration.
Increased compatibility and flexible recovery options
Sophos Firewall v20 MR2 also offers broader compatibility and flexible restore options. You can now restore backups from devices with different interface configurations, which increases the flexibility and adaptability of the firewall. For example, it is possible to restore backups from devices with 6 ports to devices with 4 ports and vice versa. In addition, there are no longer any restrictions on the number of ports when restoring an HA backup to a running HA cluster.
For example, if you have an XG 430 and your infrastructure requirements have changed, you can now easily switch to an XGS 2100.
I deliberately use this downgrade example because we have received feedback from some customers that the new XGS appliances and licenses are a lot more expensive than the XG and the promos only make this cheaper to a limited extent. So keep an eye on the End-of-Life calendar.
Sophos has created a web page that just makes it easier to see how the backups are compatible with other appliances or VMs.
Improvements to Active Directory Single Sign-On (AD SSO)
The new version also brings improvements in the area of Active Directory Single Sign-On (AD SSO), particularly for high-availability scenarios and support for HSTS. The authentication information is now transferred to the second firewall in the event of a failover, which improves reliability. In addition, the firewall now supports Kerberos/NTLM handshakes over HTTP or HTTPS, enabling a more transparent SSO experience when HSTS is enforced.
Optimizations in web protection
The web protection feature has also been improved in Sophos Firewall v20 MR2. The system load is reduced when SafeSearch, YouTube restrictions, Google App Login Domains or Azure AD tenant restrictions are enforced. This leads to improved performance and smoother operation of the firewall. In addition, you can now customize the encryption settings to achieve the best balance between compatibility, security and audit compliance.
Know Issues
Of course, in addition to new features, bugs are always being fixed. On the following page you can see which bugs have been fixed or are at least known but have not yet been fixed.