Shopping Cart

No products in the cart.

Sophos Firewall v21 MR1

Sophos Firewall v21 MR1: New functions and improvements

The new Sophos Firewall v21 MR1 version fixes bugs and adds a few new features. In this article, we present all the new features and optimizations of the current version – from extended SSL VPN functions to SD-WAN improvements.

The update is only for Sophos Firewalls of the XGS series. The XG firewalls will soon be available at the end of March 2025 End of Life.

New functions at a glance

SSL VPN and new Diffie-Hellman key sizes

A key component of the new version is the expansion of the SSL VPN functionalities. With immediate effect, Sophos Firewall v21 MR1 supports new Diffie-Hellman key sizes of 3072 and 4096 bits. This adjustment enables companies to increase the security standard even further – without making any changes to Sophos Connect or the existing SSL VPN configurations. Administrators can find the setting directly under the global settings of the firewall in the SSL VPN section.

Sophos Firewall v21 MR1 - Diffie-Hellman-Key 4096 Bit
Sophos Firewall v21 MR1 – Diffie-Hellman-Key 4096 Bit

NAT64 support via the proxy

For customers who use the explicit standard proxy, there is another innovation: thanks to the new version, IPv4 addresses can be accessed via the proxy – even if your own network only supports IPv6. This scenario, which occurs in the classic NAT64 environment, is now fully supported. This enables seamless integration and communication between the different protocols.

Optimizations for mobile modules (4G/5G)

The Sophos Firewall v21 MR1 also takes into account the challenges of using mobile modules. Connection monitoring has been improved, especially for 4G and 5G modules. Traditionally, many providers do not allow pinging to their own gateway address. In order to still obtain meaningful monitoring data, monitoring has now been switched to connections to Google. This change ensures more precise status information and supports smooth operation, even in mobile networks.

SD-WAN extensions and support optimizations

In the SD-WAN area, enhancements have been made to simplify support and administration. One example of this is the improved access for Salesforce support. Especially for installations of new SD-RED-solutions – where access can sometimes be challenging – the new functions offer more efficient support from Software Support. These adjustments not only make it easier to diagnose errors, but also help to minimize downtime.

Sources

For further information and in-depth details, we recommend the following resources:

Patrizio
Patrizio

Patrizio is an experienced network specialist with a focus on Sophos firewalls, switches and access points. He supports customers or their IT department in the configuration and migration of Sophos firewalls and ensures optimal network security through clean segmentation and firewall rule management.

Subscribe Newsletter

We send out a monthly newsletter with all the blog posts for that month.