Sophos Firewall Update - SFOS v18.0 MR4

Sophos SFOS update – new features in v18.0.4

Sophos rarely releases updates before the holidays, but v18 MR4 was released on December 15 after all. You get new firewall functions and 73 bugs were fixed.

Change password

After updating to SFOS v18 MR3 , one was prompted to create a Secure Storage Master Key (SSMK) right after login. After updating to v18 MR4, the admin user will be prompted to change their password. Sophos has implemented a stronger password hash.

We have received questions from customers about whether a password change is really necessary. The password was already secure or had been changed only recently after the last security breach. Our recommendation is, “Yes, change the password.”

For a better world

If the web filter is active on the firewall, websites in which the “Internet Watch Foundation (IWF)” identifies content with child sexual abuse are automatically blocked.

Improvements for HA Cluster

Finally, with MR4, Sophos has taken care of an issue that worked up to and with MR3, but was cumbersome to set up. Also, the previous representation of HA clusters was rather unattractive in my opinion.

If you have an HA cluster, it is now possible to register both firewalls with Central from one appliance without having to change the appliance each time.

Firewall Central registration

On the Central Firewall Manager, a cluster is now also displayed better. Previously, you had two individual appliances, with one always offline in an Active/Passive cluster.

Central Firewall Manager - HA Cluster view improvements

So you always had a little shock at first sight so far and wondered why a firewall is down. 😅

If the firewall now has release v18 MR4 installed, the cluster will appear as one entry in the overview. By clicking on the green HA icon, you can see more information about the cluster.

Central Firewall Manager - HA Cluster mouseover

Scheduled updates

MR4 is now the first update that can be installed time-controlled with a v18 MR3 version. We have tested this of course and it works wonderfully. 👌

Other renewals

  • We haven’t looked much at Sophos’s Cloud Optix product yet. But XG Firewall has now received an integration for Cloud Optix so the two solutions work together – at least the firewalls that are hosted on AWS.
  • Synchronized Application Control has received a function that now cleans all applications older than 30 days on the list.
  • RADIUS authentication: Users can now be created for RADIUS in UPN format (username@domain).
  • The bugfixes mentioned at the beginning can be found in the article: Sophos v18 MR4 Release Notes
Patrizio
Patrizio

Patrizio is an experienced network specialist with a focus on Sophos firewalls, switches and access points. He supports customers or their IT department in the configuration and migration of Sophos firewalls and ensures optimal network security through clean segmentation and firewall rule management.

Subscribe Newsletter

We send out a monthly newsletter with all the blog posts for that month.