Finally the update for the XG Firewall is available. There are 120 new features and a long list of optimizations and enhancements. A must for those who are already using the new Sophos Firewall OS.
What's the XG firewall anyway?
We hear this question very often. Especially customers new to Sophos don't really understand the difference between XG and SG. We have also written a blog article about this. Those who haven't yet worked with the new Sophos Firewall OS don't have to worry. So far you haven't missed a thing. I see it here a bit like the first iPhone. Good approaches, but not really usable yet. The Security Heartbeat has been the only argument for a purchase so far. But even this was only a signpost in the right direction. I still can't understand how Sophos could throw such an unfinished operating system onto the market with so many bugs. After all, we are talking about a security product here. It was always clear to us that we would only take a close look at the XG series with version 16 and support it for our customers. At least the first impression gives me the feeling that this version is really usable and I see very slowly that this could be the beginning of the end for the UTM OS. But that will take another 4-6 years.
What has been improved?
- Improved user experience, for faster and easier management
- All features of the UTM, except Sandstorm, are now also available in the Sophos Firewall OS (feature parity)
- New Security Heartbeat Capabilities
- New navigation and improved user interface
- Live Log Viewer
- Rule cloning
- Revised Secure Web Gateway (style, policy model with inheritance)
- Full email MTA with storage and forwarding capabilities
- Two factor authentication (one-time password) support
- Microsoft Azure Support
New XG features in 480 seconds:
For those who don't have that much time, here are the Highlights in 150 seconds
What will the future bring?
What many will surely be waiting for is the Sandstorm Feature, which will be on the XG until the end of the year. With the UTM Update 9.5 there is also a migration button. If you have SG hardware, you can use this button to migrate to the new Sophos Firewall OS. But Caution, if you want to go back to the UTM operating system afterwards, you can't do this with a simple click anymore. During the migration, the license and a part of the config can be taken over.
Some Sophos Firewall admins will gradually switch to the new operating system and at some point they will want to use the Security Heartbeat as well. However, this will only work with Sophos Endpoint Protection.
Unfortunately, the standard version is not sufficient. To use the Security Heartbeat you need Sophos Central Endpoint Protection Advanced.
Update: Sophos has slightly revised its endpoint portfolio. There is no longer a Standard or Advanced version. Security Heartbeat is supported in all endpoint products.
But you don't need to hurry to switch from your UTM to the new Sophos Firewall OS as quickly as possible. The UTM operating system simply does a too good job for that and is currently still our first choice.
Update: Since version 17 of the SFOS, we have relied completely on the XG Firewall and the Sophos Firewall OS for our customer projects.