Sophos XG Firewall - New features in v17.1
Sophos Firewall

Sophos XG Firewall - New features in v17.1

Patrizio - June 7, 2018

After a series of 7 maintenance releases, Sophos has finally published SFOS 17.1, which will bring some bugfixes and new features. What new features you can look forward to, we summarize in this blog post.

New features in SFOS v17.1

Cloud Access Security Broker (CASB) – Cloud App Visibility

Sophos has set itself the goal of fighting against shadow IT and with a new in 17.1, XG will become a Cloud Access Security Broker (CASB) appliance.

In short, this function gives you an overview of all CloudApps used in your company. The Cloud Access Security Broker makes it much easier for administrators to analyze traffic. The overview of CloudApps also shows how much up- and download traffic the individual applications generate. These services can then be allowed or blocked for individual users or globally.

Synchronized Application Control

Synchronized Application Control was already introduced with version 17.0. You can find more about this in an earlier post: Sophos XG Update v17: New features overview . This feature has now been improved with 17.1. A search and a filter makes it easier to manage the often very large number of apps on users' computers. Also the allocation to the categories has been improved and you now have the possibility to remove non-relevant applications from the list.

Email Protection Enhancements

  • A user can now maintain his own blacklists and whitelists for emails or domains in the user portal.
  • Exceptions can be made for domains or email addresses so that they are not sent to Sandstorm, for example.

Firewall Enhancements

  • Rules management has been improved to increase flexibility and further optimize management. You can now double click on a firewall rule to open it and edit it faster.
  • Google's QUIC protocol can now be easily blocked. This ensures that the data traffic is scanned, as the connection then runs over TCP. We have already written KB articles about the QUIC protocol: Sophos Firewall and the QUIC protocol
  • Added flexibility in defining ACL exceptions, for example to restrict access to services such as the user portal from a single alias.

Wireless Enhancements

The channel width of the access points and the radius in the user interface can now be adjusted.

SSL VPN port option

A feature that was often requested was that the default port can be changed with the SSL VPN connection, as was the case with the UTM. With 17.1 this is now possible.

The timetable is right

With v17.1 some bugs we had to live with so far are solved. All in all, SFOS has really improved and this year (2018) we haven't implemented any new projects with UTM. We are therefore fully committed to the XG generation and see how the firewall OS gets a little better with each update. There are currently few reasons why we would not recommend XG Firewall and return to UTM. But we will probably have to live with some workarounds and bugs in the future as well.

Owners of a Sophos SG firewall who would like to switch to SFOS can do so at any time and free of charge. We have already written a Knowladge Base article about this: Install Sophos Firewall OS on a SG Appliance

More about this topic

Send Your Feedback

Share your thoughts about this article, your private queries are always welcome and greatly appreciated.

Send Feedback
All information are confidential

On our blog we regularly publish articles on various topics related to Sophos. To make sure you don't miss any articles, you can subscribe to our newsletter, and once a month you will receive an email with a summary of all articles published in the last 30 days.

Knowledge base

Do you need help with a Sophos product? Then maybe our free knowledge base can help you. We try to document most support requests in an article so that we can help as many people as possible.