Sophos XG Update v17 - New features overview
Sophos Firewall

Sophos XG Update v17 - New features overview

Patrizio - October 16, 2017

New SFOS will soon be released in version 17! I was already able to take a look at the release candidate and summarized its most important new updates here.

I will describe these new updates from SFOS v17 in this article. We are currently describing the release candidate, but the new version will be available to everyone already within a few weeks.

6 important features in SFOS Update v17

If you don't want to read through all of this, check out the following Sophos video, where the XG v17 features are introduced in less than 4 minutes:

1. Synchronized App Control

A completely new feature is Synchronized App Control. XG Firewall has only been able to detect applications using signatures so far but, for example, with this you can block or even grant a guaranteed bandwidth (QoS). However, a large part of the traffic could not be classified. These included self-developed or unknown programs or applications that were deliberately not being perceived by using signatures.

Sophos has the possibility to recognize more applications with the v17, which is a drastic increase. However, synchronized security is required for this function. This means for you that you need "Sophos Central Endpoint Advanced" or "Intercept X" for your endpoints and "Sophos Central Server Protection Advanced" for your servers.

You give the possibility to your XG Firewall to communicate with them with Sophos Central on the endpoints. Sophos calls this the "Security Heartbeat". This allows the firewall to ask the endpoint which processes are active on the system and the endpoint returns that data and it is now also possible to assign unclassified traffic. There is also a video about it here:

2. Managing firewall rules

If you own an XG, you are currently aware of how to manage firewall rules. It's very confusing and you needed to create a kind of "grouping" by the name of the rule. The rules are now displayed more compact, can be grouped together and the most important information is displayed in the overview. The following video shows you how this looks:

3. Policy Test Simulator

There is now also a policy tester at SFOS as in the UTM. You can test your firewall or web proxy rules without having to connect to the client with a remote tool. The following video shows you how the "Policy Test Simulator" works:

4. Blocking Web-proxy Keywords

Some companies, especially schools, often needed to block a website as soon as a particular word could be found. You can now create a keyword list and fill it with supposedly "bad" words in the new v17. If then in the future such a word appears on a web page, one can write this call into the log or block the page altogether completely. There's a video about it again:

5. XG Firewall Setup Wizard

It wasn't quite elegantly solved to set up and run a XG firewall with previous setup wizard. The process was a bit painful. Luckily, Sophos worked for the v17 on the setup wizard and made a few changes:

  • Password must be changed right from the start. This makes sense, since no XG firewall is connected with "admin" as username and password with the Internet.
  • Design was vigorously prettied up from my point of view.
  • Backup can be restored immediately.
  • Internet connection is now no longer required.
  • The Sophos ID and license can now be imported later. Once you start the appliance, you can install it with a 30 day trial license without first having to reach a license server first.

If you already have an Internet connection, there are three possibilities:

  1. 30 days test license
  2. Upload UTM license files (UTM to SFOS migration)
  3. Entering XG License key

Check out the new setup wizard in this video:

6. Unified Log Viewer

If there is a problem somewhere in the network, in most cases it already helps in the log of the firewall. Log Viewer of the v16.5 was, however, really a big miss and you will definitely be aware of this when you look at the new "Unified Log Viewer". Absolutely every little detail became better! New Log Viewer is my absolute favorite feature from v17! Look for yourself, you'll love it!

  • better clarity!
  • all log information
  • Search and filter across all logs
  • Search in older logs

More minor improvements

  • New tools for NAT, IPS, Web and VPN settings
  • IKEv2 VPN
  • Better IPSec VPN compatibility with other systems
  • Wildcard FQDN - This makes it easy to unblock cloud services
  • NAT improvements - New protocols are supported, no longer just TCP and UDP
  • Email Protection - Smart Host, Greylisting and Recipient Verification
  • Microsoft Azure High Availability

You can find all the innovations in detail in the following Sophos data sheet: XG Firewall : What's New in v17


New SFOS v17 shows completely new features, but also very important improvements of existing functions. This update changes our attitude towards XG Firewall completely. We would recommended this only for smaller projects, but this looks completely different, above all because of the Log Viewer and new clarity of the firewall rules, that is essential for clean configuration and fast troubleshooting, which was almost impossible with larger networks so far.

Since the v16 was already a huge milestone against the v15, we had already started to prefer the XG over UTM for smaller projects. But now it is clear to us: "XG First", which is strictly wrong, because it would be "SFOS First". :)

You can now equip your hardware now with the new SFOS with a clear conscience, if you have a SG firewall with the UTM operating system. Licenses can be accepted, but the configuration not. This is not so bad from our point of view, because we already had several migrations from UTM to SFOS and in any case it is so good to rethink the configuration once again from scratch.

More information about SFOS v17:

Send Your Feedback

Share your thoughts about this article, your private queries are always welcome and greatly appreciated.

Send Feedback
All information are confidential

On our blog we regularly publish articles on various topics related to Sophos. To make sure you don't miss any articles, you can subscribe to our newsletter, and once a month you will receive an email with a summary of all articles published in the last 30 days.

Knowledge base

Do you need help with a Sophos product? Then maybe our free knowledge base can help you. We try to document most support requests in an article so that we can help as many people as possible.