Sophos SFOS v19 EAP1 - Overview of all new features
Sophos Firewall

Sophos SFOS v19 EAP1 - Overview of all new features

Patrizio - December 8, 2021

Still in December, it is possible to download the update for SFOS v19 EAP1. In this post, I will give you an overview of what new features are included in EAP1.

Attention! Upcoming new features will probably tempt you to install SFOS v19 EAP1 on your firewall. Among the new features are some enhancements that we have been waiting for a long time, and the impatience to install this release can be high.

EAP — Early Access Program

What does EAP actually mean, and should one install such a version on a productive firewall? In itself, there is nothing to be said against it because an EAP version is also supported by Sophos. The version is considered stable by the majority and has also been widely tested. Nevertheless, an EAP version is not as stable as an MR release, which is directly pointed out in the firewall. An EAP version, on the other hand, must be downloaded manually from the Sophos website for installation. I would therefore use EAPs rather cautiously and not install them immediately on every environment. The final SFOS v19 will be released around Q2 2022.


Search window in the navigation

The navigation in the upcoming SFOS v19 will include a search bar to search for configuration areas. This is certainly a help for UTM newcomers. But this can also help existing SFOS admins, as Sophos has also modified the navigation at times in recent versions.

A search bar in the navigation makes it easier to find the desired settings.

The search is actually also supposed to “think” and make intelligent suggestions. For example, if you search for “multipath”, as it used to be called on the UTM, SD-WAN is suggested. 🙂

Object search 🔥🔥🔥

The object search has been greatly improved. Finally! For me, personally, by far the hottest feature in v19. I claim that even now, although I do not yet know all the features that are yet to come.

Well, so far, when searching for an object, you had to know exactly how the name starts. For firewalls, which we have set up ourselves, we naturally stick to a scheme for this, e.g., “IP + hostname”. However, if we had to configure something on a firewall that we didn't set up, it was incredibly tedious. For this, we often had to leave the firewall rule, search for the object, remember the name, go back into the firewall rule and create everything from scratch. When multiple admins were working on the same system, it also happened that duplicate objects were created.

To better understand the difference, take a look at the following graphic. This is how it used to look in version 18.5 and earlier versions:

The object search in SFOS 18.5 and earlier versions.

With the new full-text object search in version 19, many things are now easier. I also noticed small UI improvements. More objects are displayed and the unnecessary links, which didn't work anyway, have been removed.

This is how the object search now looks in SFOS v19.

It is also possible to search for a port directly, even if it is not in the name.


There is no longer a VPN item in the menu; instead, the settings have been divided into two categories:

  • Remote access VPN
  • Site-to-site VPN

Better VPN logs in Logviewer

For troubleshooting SSL VPN, IPsec or RED, you can now find much more information in Logviewer without having to check the logs on the console.


A new addition is the “AES-GCM” encryption for SSL VPN and IPsec VPN. AES-GCM is an authenticated encryption mode that offers better performance than the previously used AES-CBC.

SD-WAN SLA Profile

The SD-WAN functionality allows dealing with multiple WAN connections.

  • Route networks, IPs, or users across different WAN links based on ports or applications.

With SFOS v19, not only the availability of the connection can be checked, but now also its quality. You can use one of the three predefined profiles or create your own.

This allows you to define rules such as: If the latency on line 1 is too high, then use another line for the traffic, e.g., VoIP (as long as it has a lower latency, of course).

In the diagnosis, the collected line values are also displayed as a chart.

Send Your Feedback

Share your thoughts about this article, your private queries are always welcome and greatly appreciated.

Send Feedback
All information are confidential

On our blog we regularly publish articles on various topics related to Sophos. To make sure you don't miss any articles, you can subscribe to our newsletter, and once a month you will receive an email with a summary of all articles published in the last 30 days.

Knowledge base

Do you need help with a Sophos product? Then maybe our free knowledge base can help you. We try to document most support requests in an article so that we can help as many people as possible.