Sophos XG Update v17 – All new features at a glance
Soon the new SFOS will be released in version 17! I have already had a look at the release candidate and have summarized the most important new features for you here.
In this article, I’ll show you what new features SFOS v17 will bring. Currently we are still talking about the “release candidate”, but already in a few weeks the new version will be available for everyone.
6 important new features in SFOS Update v17
If you don’t feel like reading through everything, you can also watch the following video from Sophos, where the features of XG v17 are briefly presented in less than 4 minutes:
1. synchronized app control
A completely new feature is the Synchronized App Control. Until now, XG Firewall could only detect applications based on signatures. This made it possible to block them, for example, or to give them priority and allocate a guaranteed bandwidth (QoS). However, a large part of the traffic could not be classified. This included self-developed or unknown programs or applications that deliberately did not want to be noticed by not using signatures.
With v17, Sophos has now dramatically increased the ability to detect more applications. However, “Synchronized Security” is required for this function. This means that you need Sophos Central Endpoint Advanced or Intercept X for your endpoints and Sophos Central Server Protection Advanced for your servers.
With Sophos Central on the endpoints, you give your XG Firewall the ability to communicate with them. Sophos calls this the “security heartbeat.” Thus, the firewall can now ask the endpoint which processes are active on the system and the endpoint returns this data to it. This means that it is now also possible to allocate unclassified traffic. Here is another video about it:
2. manage the firewall rules
Anyone who owns an XG is currently familiar with the overview of how to manage firewall rules. It gets confusing very quickly and you had to create some kind of “grouping” via the name of the rule until now. The rules are now displayed more compactly, can be grouped and the most important information is displayed immediately in the overview. The following video shows you what this looks like:
3. policy test simulator
As in the UTM, there is now also a policy tester in the SFOS. You can thus test your firewall or web proxy rules without having to connect to the client with a remote tool. The following video shows you how the “Policy Test Simulator” works:
4. block web proxy keywords
In the past, some companies, especially schools, often felt the need to block a website as soon as a certain word could be found on it. In the new v17 you can now create a keyword list and fill it with supposedly “bad” words. If such a word appears on a website in the future, you can have this call written in the log or block the page altogether. Again, we have a video about it:
5. XG Firewall Setup Wizard
Setting up and commissioning an XG firewall was not quite as elegantly solved with the previous Setup Wizard. The process was a bit painful in parts. Fortunately, however, Sophos has worked on the setup wizard for v17 and made a few changes:
- The password must now be changed right at the beginning. This makes perfect sense, because no XG Firewall will connect to the Internet with “admin” as username and password anymore.
- From my point of view, the design has been greatly improved.
- The backup can be restored right away.
- An Internet connection is also no longer required as of now.
- The Sophos ID and license can now also be read in later. As soon as you start the appliance, you can install it with a 30-day trial license without having to reach a license server first.
If you already have an Internet connection, you have three options:
- 30 days trial license solve
- Upload UTM license file (UTM to SFOS migration)
- Enter XG license key
Take a closer look at the new Setup Wizard in this video:
6. unified log viewer
If there is a problem somewhere in the network, a look at the firewall log will help in most cases. However, the v16.5 log viewer was really big crap and you definitely realize that when you look at the new “Unified Log Viewer” now. Absolutely every little thing has gotten better! The new log viewer is my absolute favorite feature on the new v17! Check him out, you will love him!
- better clarity!
- all information in the log
- Search and filtering across all logs
- Search in older logs
Other small improvements
- New tools for NAT, IPS, Web and VPN settings
- IKEv2 VPN
- Better IPSec VPN compatibility with other systems
- Wildcard FQDN – This makes it very easy to unlock cloud services
- NAT improvements – new protocols are supported, no longer only TCP and UDP
- Email Protection – Smart Host, Greylisting and Recipient Verification
- Microsoft Azure High Availability
You can read all the new features in detail in the following datasheet from Sophos: XG Firewall : What’s New in v17
Conclusion
The new SFOS v17 convinces with completely new features, but also very important improvements of existing functions. This update now completely changes our attitude towards the XG Firewall. While we used to recommend them only for smaller projects, this is now completely different. Especially the log viewer and the new clarity of the firewall rules is essential for a clean configuration and a fast troubleshooting, which was almost impossible with larger networks until now.
Since v16 was already a huge milestone over v15, we started preferring XG over UTM for smaller projects back then. But now it’s clearly “XG First” for us, which is strictly speaking wrong, because it would be “SFOS First”. 🙂
If you own an SG Firewall with the UTM operating system, you can now equip your hardware with the new SFOS with a clear conscience. The licenses can be transferred, but the configuration cannot. However, from our point of view this is not so bad, because we already had several migrations from UTM to SFOS and in any case it does good to rethink the configuration once again from scratch.
More information about SFOS v17:
