Skip to content
Avanet
Sophos Firewall v21 MR1: New Features and Improvements

Sophos Firewall v21 MR1: New Features and Improvements

The new Sophos Firewall v21 MR1 fixes bugs and adds several new features. In this post, we present all the changes and optimizations in the current version, from enhanced SSL VPN functionality to SD-WAN improvements.

The update is only available for Sophos Firewalls in the XGS Series. XG firewalls reach End of Life at the end of March 2025. Read more in this article: The time for switching to XGS Firewall Hardware is coming soon.

New Features at a Glance

SSL VPN and new Diffie-Hellman key sizes

A key part of the new version is the expansion of SSL VPN functionality. Sophos Firewall v21 MR1 now supports new Diffie-Hellman key sizes of 3072 and 4096 bit. This adjustment allows companies to raise their security standard further without making changes to Sophos Connect or to existing SSL VPN configurations. Administrators can find the setting directly in the firewall’s global settings under SSL VPN.

Sophos Firewall v21 MR1 - Diffie-Hellman key 4096 bit
Sophos Firewall v21 MR1 - Diffie-Hellman key 4096 bit

NAT64 Support via Proxy

For customers using the explicit standard proxy, there is another new feature: with the new version, IPv4 addresses can be reached via the proxy even if the local network only supports IPv6. This scenario, which occurs in classic NAT64 environments, is now fully supported. This enables seamless integration and communication between the different protocols.

Optimizations for Mobile Modules (4G/5G)

Sophos Firewall v21 MR1 also addresses the challenges of using mobile modules. Connection monitoring has been improved specifically for 4G and 5G modules. Many providers do not allow pings to their own gateway address. To still obtain meaningful monitoring data, monitoring has now been switched to connections to Google. This change provides more accurate status information and supports smooth operation in mobile networks.

SD-WAN enhancements and support optimizations

In the SD-WAN area, enhancements have been made to simplify support and administration. One example is improved access for Salesforce Support. Especially when installing new SD-RED solutions, where access can sometimes be challenging, the new functions allow more efficient assistance from software support. These adjustments not only make troubleshooting easier, but also help minimize downtime.

Sources

For further information and in-depth details, we recommend the following resources:

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.