Sophos XG Update v16 - Feature Parity with UTM Almost Achieved
Finally, the update for XG Firewall has arrived. It delivers 120 new features along with a long list of optimisations and enhancements - a must for anyone already running the new Sophos Firewall OS.
What exactly is the XG Firewall again?
We hear this question very frequently. Customers who are just becoming interested in Sophos in particular often do not really understand the difference between XG and SG. We have already written a dedicated blog post on this topic. If you have not yet taken a closer look at the new Sophos Firewall OS, there is no need to worry - you really have not missed anything so far. I tend to compare it to the first iPhone: promising ideas, but not truly usable yet. From my perspective, the Security Heartbeat has so far been the only compelling reason to buy. But even that was merely a signpost in the right direction. I still cannot understand how Sophos was able to release such an unfinished operating system with so many bugs - especially given that we are talking about a security product. For us, it was always clear that we would only take a serious look at the XG series with version 16 and support it for our customers from that point on. At least my first impression is that this version is genuinely usable, and I am slowly starting to feel that this might mark the beginning of the end for the UTM OS. That said, it will certainly take another 4-6 years.
What has been improved?
General improvements
- Improved user experience for faster and easier administration
- All UTM features - except Sandstorm - are now also available in Sophos Firewall OS (feature parity)
- New Security Heartbeat capabilities
Highlights
- New navigation and an improved user interface
- Live log viewer
- Cloning of rules
- Reworked Secure Web Gateway (look & feel, policy model with inheritance)
- Full email MTA with store-and-forward capabilities
- Two-factor authentication (one-time password) support
- Microsoft Azure support
New XG features in 480 seconds:
For anyone who does not have that much time, here are the highlights in 150 seconds
What else does the future hold?
What many people are already looking forward to is the Sandstorm feature, which is scheduled to be added to XG by the end of the year. The UTM 9.5 update will also include a migration button. If you are running SG hardware, you can use this button to migrate to the new Sophos Firewall OS. But beware: if you later decide you would like to return to the UTM operating system, you will no longer be able to do so with a single click. During migration, the licence and part of the configuration can be transferred.
Over time, a number of Sophos Firewall admins will presumably move to the new operating system, and at some point you will probably also want to take advantage of Security Heartbeat. However, this only works with the appropriate Sophos endpoint protection. Unfortunately, the Standard version is not sufficient. To use Security Heartbeat, you need Sophos Central Endpoint Protection Advanced.
Update: Sophos has slightly reworked its endpoint portfolio. There is no longer a Standard or Advanced version. Security Heartbeat is supported across all endpoint products.
There is no need to rush to move from your UTM to the new Sophos Firewall OS. The UTM operating system still performs extremely well and is currently also our first choice.
Update: Since version 17 of SFOS we have been using XG Firewall and Sophos Firewall OS exclusively in our customer projects.
