Sophos SFOS v19 EAP1 - all new features at a glance

In December you can already download the SFOS v19 EAP1 update. This post gives you an overview of the new features included in EAP1.

Important: The upcoming innovations will probably tempt you to install SFOS v19 EAP1 on your firewall. Among the new features are some that we have been waiting for for a long time, and the urge to install this release can be strong.

EAP – Early Access Program

What does EAP actually mean, and should you install such a version on a production firewall? In principle, there is nothing against it, because an EAP version is also supported by Sophos. The version is largely considered stable and has been extensively tested. Nevertheless, an EAP version is not as stable as an MR release that you are notified about directly in the firewall. To install an EAP version, you have to download it manually from the Sophos website. EAPs should therefore be used with care and not installed in every environment. The final SFOS v19 release is scheduled for around Q2 2022.

Search

The navigation in the upcoming SFOS v19 will include a search bar that enables you to search for configuration areas. This certainly helps anyone moving from UTM. It can also support existing SFOS admins, because Sophos has changed the navigation in recent versions.

The search is also intended to “think along” and make intelligent suggestions. For example, if you search for “Multipath”, as it used to be called on UTM, SD-WAN is suggested. 🙂

Object search 🔥🔥🔥

The object search has been significantly improved. 🙏 Finally! For me personally, it is by far the hottest feature in v19. I can already say that even though I do not yet know all of the features still to come.

Previously, when searching for an object, you had to know exactly how the name began. On firewalls that we set up ourselves, we of course follow a naming scheme such as “IP + hostname”. But when we had to configure something on a firewall that we did not set up, the process was incredibly tedious. We often had to leave the firewall rule, search for the object, memorize the name, go back to the firewall rule and create everything again from scratch. If several admins had worked on the same system, it sometimes happened that duplicate objects were created.

To better understand the difference, take a look at the following graphic. This is what it looked like in version 18.5 and previous versions:

With the new full-text object search in version 19, many things become easier. I also noticed small UI improvements. More objects are displayed and unnecessary links that did not work anyway have been removed.

SFOS v19 object search — This is what the object search now looks like in SFOS v19.

It is also possible to search directly for a port, even if it does not appear in the name.

VPN

There is no longer a VPN menu item. Instead, the settings are split into two categories:

Remote access VPN
Site-to-site VPN

Better VPN logs in the log viewer

For troubleshooting SSL VPN, IPsec or RED, you now get considerably more information in the log viewer, without having to check the logs on the console straight away.

AES-GCM

The “AES-GCM” encryption has been added for SSL VPN and IPsec VPN. AES-GCM is an authenticated encryption mode that offers better performance than the AES-CBC used so far.

SD-WAN SLA profiles

The SD-WAN functionality enables you to work with multiple WAN connections.

Route networks, IPs or users via different WAN links based on ports or applications

With SFOS v19 you can not only check the availability of a connection but now also its quality. For this, you can use one of three predefined profiles or create your own.

You can then define rules such as: if the latency on line 1 is too high, use another line for traffic such as VoIP (provided that line has lower latency).

Under Diagnostics, you can also see the collected performance values in a chart.