Sophos XG Update v17: New features overview
New SFOS will soon be released in version 17! I was already able to take a look at the release candidate and summarized its most important new updates here.
I will describe these new updates from SFOS v17 in this article. We are currently describing the release candidate, but the new version will be available to everyone already within a few weeks.
6 important features in SFOS Update v17
If you don’t want to read through all of this, check out the following Sophos video, where the XG v17 features are introduced in less than 4 minutes:
1. Synchronized App Control
A completely new feature is Synchronized App Control. XG Firewall has only been able to detect applications using signatures so far but, for example, with this you can block or even grant a guaranteed bandwidth (QoS). However, a large part of the traffic could not be classified. These included self-developed or unknown programs or applications that were deliberately not being perceived by using signatures.
Sophos has the possibility to recognize more applications with the v17, which is a drastic increase. However, synchronized security is required for this function. This means for you that you need “Sophos Central Endpoint Advanced” or “Intercept X” for your endpoints and “Sophos Central Server Protection Advanced” for your servers.
You give the possibility to your XG Firewall to communicate with them with Sophos Central on the endpoints. Sophos calls this the “Security Heartbeat”. This allows the firewall to ask the endpoint which processes are active on the system and the endpoint returns that data and it is now also possible to assign unclassified traffic. There is also a video about it here:
2. Managing firewall rules
If you own an XG, you are currently aware of how to manage firewall rules. It’s very confusing and you needed to create a kind of “grouping” by the name of the rule. The rules are now displayed more compact, can be grouped together and the most important information is displayed in the overview. The following video shows you how this looks:
3. Policy Test Simulator
There is now also a policy tester at SFOS as in the UTM. You can test your firewall or web proxy rules without having to connect to the client with a remote tool. The following video shows you how the “Policy Test Simulator” works:
4. Blocking Web-proxy Keywords
Some companies, especially schools, often needed to block a website as soon as a particular word could be found. You can now create a keyword list and fill it with supposedly “bad” words in the new v17. If then in the future such a word appears on a web page, one can write this call into the log or block the page altogether completely. There’s a video about it again:
5. XG Firewall Setup Wizard
It wasn’t quite elegantly solved to set up and run a XG firewall with previous setup wizard. The process was a bit painful. Luckily, Sophos worked for the v17 on the setup wizard and made a few changes:
- Password must be changed right from the start. This makes sense, since no XG firewall is connected with “admin” as username and password with the Internet.
- Design was vigorously prettied up from my point of view.
- Backup can be restored immediately.
- Internet connection is now no longer required.
- The Sophos ID and license can now be imported later. Once you start the appliance, you can install it with a 30 day trial license without first having to reach a license server first.
If you already have an Internet connection, there are three possibilities:
- 30 days test license
- Upload UTM license files (UTM to SFOS migration)
- Entering XG License key
Check out the new setup wizard in this video:
6. Unified Log Viewer
If there is a problem somewhere in the network, in most cases it already helps in the log of the firewall. Log Viewer of the v16.5 was, however, really a big miss and you will definitely be aware of this when you look at the new “Unified Log Viewer”. Absolutely every little detail became better! New Log Viewer is my absolute favorite feature from v17! Look for yourself, you’ll love it!
- better clarity!
- all log information
- Search and filter across all logs
- Search in older logs
More minor improvements
- New tools for NAT, IPS, Web and VPN settings
- IKEv2 VPN
- Better IPSec VPN compatibility with other systems
- Wildcard FQDN - This makes it easy to unblock cloud services
- NAT improvements - New protocols are supported, no longer just TCP and UDP
- Email Protection - Smart Host, Greylisting and Recipient Verification
- Microsoft Azure High Availability
You can find all the innovations in detail in the following Sophos data sheet: XG Firewall : What’s New in v17
Conclusion
New SFOS v17 shows completely new features, but also very important improvements of existing functions. This update changes our attitude towards XG Firewall completely. We would recommended this only for smaller projects, but this looks completely different, above all because of the Log Viewer and new clarity of the firewall rules, that is essential for clean configuration and fast troubleshooting, which was almost impossible with larger networks so far.
Since the v16 was already a huge milestone against the v15, we had already started to prefer the XG over UTM for smaller projects. But now it is clear to us: “XG First”, which is strictly wrong, because it would be “SFOS First”. :)
You can now equip your hardware now with the new SFOS with a clear conscience, if you have a SG firewall with the UTM operating system. Licenses can be accepted, but the configuration not. This is not so bad from our point of view, because we already had several migrations from UTM to SFOS and in any case it is so good to rethink the configuration once again from scratch.