
Sophos SFOS update: New features in v18.0.4
Sophos rarely releases updates before the holidays, but on December 15, the SFOS v18 MR4 was released. You get new firewall features and 73 bugs were fixed.
Change password
After updating to v18 MR3, one was prompted to create a Secure Storage Master Key (SSMK) right after login. After updating to v18 MR4, the admin user is prompted to change their password. Sophos has implemented a stronger password hash.
We have received questions from customers asking if a password change is really necessary. They say the password is already secure or has only recently been changed after the latest vulnerability. Our recommendation is “Yes, change your password.”
For a better world
If the web filter is active on the firewall, websites in which the “Internet Watch Foundation (IWF)” identifies content with child sexual abuse are automatically blocked.
Improvements for HA Cluster
Finally, Sophos has taken care of an issue with MR4, which worked up to and with MR3, but was cumbersome to set up. Also, the previous representation of HA clusters was rather unattractive in my opinion.
If you have an HA cluster, it is now possible to register both firewalls with Central from one appliance without having to change the appliance each time.

A cluster is now also better presented on the Central Firewall Manager. Previously, you had two individual appliances, where one was always offline in an Active/Passive cluster.

So you always had a little shock at first sight and wondered why a firewall is down. 😅
If version v18 MR4 is now installed on the firewall, the cluster is displayed as one entry in the overview. By clicking on the green HA icon, you can see more information about the cluster.

Scheduled updates
MR4 is now the first update that can be installed time-controlled with a v18 MR3 version. We have tested this of course and it works like a charm. 👌
Other new features
- We haven’t looked much at Sophos’s Cloud Optix product yet. But XG Firewall has now received an integration for Cloud Optix so that the two solutions work together – at least the firewalls that are hosted on AWS.
- Synchronized Application Control has received a function that now cleans all applications older than 30 days on the list.
- RADIUS authentication: Users can now be created for RADIUS in UPN (username@domain) format.
- The bugfixes mentioned at the beginning can be found in the following post: Sophos v18 MR4 Release Notes