Skip to content
Avanet
Sophos Firewall v21 MR1: New Features and Improvements

Sophos Firewall v21 MR1: New Features and Improvements

24. FEBRUARY 2025

The new Sophos Firewall v21 MR1 fixes bugs and gets a few new features. In this post, we present all the innovations and optimizations of the current version – from extended SSL VPN functions to SD-WAN improvements.

The update is only for Sophos Firewalls of the XGS Series. The XG Firewalls reach their End of Life at the end of March 2025. Read more about this in the article: The time for switching to the XGS Firewall Hardware is coming soon.

New Features at a Glance

SSL VPN and new Diffie-Hellman Key Sizes

A key component of the new version is the extension of SSL VPN functionalities. The Sophos Firewall v21 MR1 now supports new Diffie-Hellman Key Sizes of 3072 and 4096 Bit. This adjustment enables companies to further increase the security standard – without making changes to Sophos Connect or existing SSL VPN configurations. Administrators can find the setting directly under the global settings of the firewall in the SSL VPN section.

Sophos Firewall v21 MR1 - Diffie-Hellman Key 4096 Bit
Sophos Firewall v21 MR1 - Diffie-Hellman Key 4096 Bit

NAT64 Support via Proxy

For customers using the explicit standard proxy, there is another innovation: Thanks to the new version, IPv4 addresses can be accessed via the proxy – even if your own network exclusively supports IPv6. This scenario, which occurs in the classic NAT64 environment, is now fully supported. This enables seamless integration and communication between the different protocols.

Optimizations for Mobile Modules (4G/5G)

The Sophos Firewall v21 MR1 also addresses the challenges of using mobile modules. Especially with 4G and 5G modules, connection monitoring has been improved. Traditionally, many providers do not allow pinging their own gateway address. To nevertheless obtain meaningful monitoring data, monitoring has now been switched to connections to Google. This change ensures more precise status information and supports smooth operation even in mobile networks.

SD-WAN Extensions and Support Optimizations

In the SD-WAN area, extensions have been made to simplify support and administration. An example of this is the improved access for Salesforce Support. Especially for installations of new SD-RED solutions – where access can sometimes be challenging – the new functions offer more efficient support from the software support. These adjustments not only facilitate error diagnosis but also help minimize downtime.

Sources

For further information and in-depth details, we recommend the following resources:

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.