Sophos XG Update v17 - All New Features at a Glance
The time is almost here: the new SFOS will be released in version 17. I’ve already taken a look at the release candidate and summarised the key changes for you here.
In this article I’ll walk you through the new features that SFOS v17 will introduce. We’re still talking about the “Release Candidate” right now, but the final version will be available to everyone in just a few weeks.
6 important changes in the SFOS v17 update
If you don’t fancy reading everything, you can also watch the following video from Sophos, which gives you a brief overview of the XG v17 features in under four minutes:
1. Synchronized App Control
A completely new feature is Synchronized App Control. Until now, XG Firewall could identify applications only on the basis of signatures. You could then, for example, block them or prioritise them and allocate guaranteed bandwidth (QoS). However, a large proportion of traffic could not be classified. This included in‑house or unknown applications, or applications that intentionally avoid detection by not using signatures.
With v17, Sophos has massively expanded its ability to recognise more applications. This feature requires “Synchronized Security”. In practice, that means you need “Sophos Central Endpoint Advanced” or “Intercept X” on your endpoints and “Sophos Central Server Protection Advanced” on your servers.
With Sophos Central on the endpoints, you enable your XG Firewall to communicate with them. Sophos calls this the “Security Heartbeat”. The firewall can now query the endpoint to see which processes are running on the system, and the endpoint sends this data back. This finally makes it possible to classify previously unknown traffic. There’s also a video on this:
2. Managing firewall rules
Anyone who owns an XG will be familiar with the current view for managing firewall rules. It becomes cluttered very quickly and, up to now, you had to create your own form of “grouping” by building structure into the rule names. The rules are now displayed more compactly, can be grouped, and the most important information is shown directly in the overview. The following video shows what this looks like:
3. Policy Test Simulator
As with the UTM, SFOS now also includes a policy tester. You can test your firewall or web proxy rules without having to connect to the client via a remote tool. The following video shows how the “Policy Test Simulator” works:
4. Blocking web proxy keywords
Some organisations, especially schools, have often needed to block a website as soon as a specific word appears on it. In the new v17 you can now create a keyword list and populate it with supposedly “bad” words. If such a word appears on a web page in future, you can either log the access attempt or block the page outright. There’s a video for this as well:
5. XG Firewall Setup Wizard
Setting up and commissioning a XG Firewall with the previous Setup Wizard was not particularly elegant. In some parts the process was rather painful. Fortunately, Sophos has reworked the Setup Wizard for v17 and introduced a few changes:
- The password now has to be changed right at the beginning. That makes a lot of sense, because it ensures no XG Firewall connects to the internet using “admin” for both username and password.
- The design has been significantly refreshed.
- A backup can be restored immediately.
- An internet connection is no longer required.
- The Sophos ID and licence can now also be added later. As soon as you power on the appliance, you can install it with a 30‑day trial licence without first having to reach a licence server.
If you already have an internet connection, there are three options:
- Activate a 30‑day trial licence
- Upload a UTM licence file (UTM to SFOS migration)
- Enter an XG licence key
Take a closer look at the new Setup Wizard in this video:
6. Unified Log Viewer
If there’s an issue somewhere on the network, in most cases a quick look at the firewall logs is enough. However, the v16.5 Log Viewer was frankly a complete disaster, and this becomes painfully obvious once you’ve seen the new “Unified Log Viewer”. Every single aspect has improved. The new Log Viewer is my absolute favourite feature in v17. Have a look at it - you’ll love it.
- much better clarity
- all relevant information in the log
- search and filtering across all logs
- search in historical logs
Additional minor improvements
- New tools for NAT, IPS, web and VPN settings
- IKEv2 VPN
- Better IPsec VPN interoperability with other systems
- Wildcard FQDN - makes it very easy to allow access to cloud services
- NAT improvements - new protocols are supported, not just TCP and UDP
- Email Protection - smarthost, greylisting and recipient verification
- Microsoft Azure High Availability
You can find all new features in detail in the following Sophos datasheet: XG Firewall : What’s New in v17
Conclusion
The new SFOS v17 impresses with completely new features as well as important enhancements to existing capabilities. This update fundamentally changes our view of XG Firewall. Until now we would have recommended it primarily for smaller projects; that picture is now very different. In particular, the Log Viewer and the improved clarity of the firewall rule view are essential for clean configuration and fast troubleshooting - something that was practically impossible in larger networks up to now.
Since v16 was already a huge milestone compared to v15, we had already started preferring XG over UTM for smaller projects at that time. But from now on, for us it’s clearly “XG First” - which is technically not quite correct, because it should really be “SFOS First”. :)
If you’re running an SG Firewall with the UTM operating system, you can now upgrade your hardware to the new SFOS with a clear conscience. The licences can be migrated, but the configuration cannot. From our perspective, that’s not a major problem: we’ve already carried out several migrations from UTM to SFOS, and in every case it’s been beneficial to rethink and rebuild the configuration from scratch.
More information on SFOS v17:
