Homepage » Blog » Sophos Firewall » Sophos XG Update v17 – New features overview
Sophos Firewall - SFOS Update v17

Sophos XG Update v17 – New features overview

New SFOS will soon be released in version 17! I was already able to take a look at the release candidate and summarized its most important new updates here.

In this article I will show you what new features SFOS v17 will bring. Currently we are still talking about the "release candidate", but already in a few weeks the new version will be available for everyone.

6 important features in SFOS Update v17

If you don't want to read through all of this, check out the following Sophos video, where the XG v17 features are introduced in less than 4 minutes:

1. Synchronized App Control

A completely new feature is Synchronized App Control. XG Firewall has only been able to detect applications using signatures so far but, for example, with this you can block or even grant a guaranteed bandwidth (QoS). However, a large part of the traffic could not be classified. These included self-developed or unknown programs or applications that were deliberately not being perceived by using signatures.

With v17, Sophos has now drastically increased the ability to detect more applications. However, this feature requires "Synchronized Security". This means that you need Sophos Central Endpoint Advanced or Intercept X for your endpoints and Sophos Central Server Protection Advanced for your servers.

With Sophos Central on the endpoints, you give your XG Firewall the ability to communicate with them. Sophos calls this the "security heartbeat". This means that the firewall can now ask the endpoint which processes are active on the system and the endpoint returns this data to it. This means that it is now also possible to allocate unclassified traffic. Here is a video about this:

2. manage the firewall rules

Anyone who owns an XG is currently familiar with the overview of how to manage firewall rules. It quickly becomes confusing and until now you had to create a kind of "grouping" via the name of the rule. The rules are now displayed more compactly, can be grouped and the most important information is displayed immediately in the overview. The following video shows you what this looks like:

3. Policy Test Simulator

As in the UTM, there is now also a policy tester in the SFOS. This allows you to test your firewall or web proxy rules without having to connect to the client with a remote tool. The following video shows you how the "Policy Test Simulator" works:

4. Blocking Web-proxy Keywords

In the past, some companies, especially schools, often felt the need to block a website as soon as a certain word could be found on it. In the new v17, you can now create a keyword list and fill it with supposedly "bad" words. Should such a word appear on a website in the future, you can have this call written in the log or block the page altogether. Again, we have a video about this:

5. XG Firewall Setup Wizard

It wasn't quite elegantly solved to set up and run a XG firewall with previous setup wizard. The process was a bit painful. Luckily, Sophos worked for the v17 on the setup wizard and made a few changes:

  • The password must now be changed right at the beginning. This makes sense, because no XG Firewall connects to the Internet with "admin" as username and password anymore.
  • Design was vigorously prettied up from my point of view.
  • Backup can be restored immediately.
  • Internet connection is now no longer required.
  • The Sophos ID and license can now be imported later. Once you start the appliance, you can install it with a 30 day trial license without first having to reach a license server first.

If you already have an Internet connection, there are three possibilities:

  1. 30 days test license
  2. Upload UTM license files (UTM to SFOS migration)
  3. Entering XG License key

Check out the new setup wizard in this video:

6. Unified Log Viewer

If there is a problem somewhere in the network, a look into the log of the firewall already helps in most cases. However, the log viewer of v16.5 was really crap and you definitely realize that when you look at the new "Unified Log Viewer". Absolutely every little thing has gotten better! The new log viewer is my absolute favorite feature of the new v17! Check it out, you will love it!

  • better clarity!
  • all log information
  • Search and filter across all logs
  • Search in older logs

More minor improvements

  • New tools for NAT, IPS, Web and VPN settings
  • IKEv2 VPN
  • Better IPSec VPN compatibility with other systems
  • Wildcard FQDN - This makes it easy to unblock cloud services
  • NAT improvements - New protocols are supported, no longer just TCP and UDP
  • Email Protection - Smart Host, Greylisting and Recipient Verification
  • Microsoft Azure High Availability

You can find all the innovations in detail in the following Sophos data sheet: XG Firewall : What's New in v17

Bottom line

New SFOS v17 shows completely new features, but also very important improvements of existing functions. This update changes our attitude towards XG Firewall completely. We would recommended this only for smaller projects, but this looks completely different, above all because of the Log Viewer and new clarity of the firewall rules, that is essential for clean configuration and fast troubleshooting, which was almost impossible with larger networks so far.

Since v16 was already a huge milestone compared to v15, we already started to prefer XG over UTM for smaller projects back then. But now it's clearly "XG First" for us, which is strictly speaking wrong, because it would be "SFOS First" 🙂 .

You can now equip your hardware now with the new SFOS with a clear conscience, if you have a SG firewall with the UTM operating system. Licenses can be accepted, but the configuration not. This is not so bad from our point of view, because we already had several migrations from UTM to SFOS and in any case it is so good to rethink the configuration once again from scratch.


More information about SFOS v17:

Shopping Cart
Scroll to Top