{"id":22274,"date":"2020-11-10T12:00:00","date_gmt":"2020-11-10T11:00:00","guid":{"rendered":"https:\/\/www.avanet.com\/blog\/sophos-sfos-update-new-features-in-v18-0-3-mr3\/"},"modified":"2022-07-22T14:43:44","modified_gmt":"2022-07-22T13:43:44","slug":"sophos-sfos-update-new-features-in-v18-03-mr3","status":"publish","type":"post","link":"https:\/\/www.avanet.com\/en\/blog\/sophos-sfos-update-new-features-in-v18-03-mr3\/","title":{"rendered":"Sophos SFOS update &#8211; new features in v18.0.3 MR3"},"content":{"rendered":"\n<p>Admins who have already updated their XG Firewall to 17.5 MR13 and MR14 have been waiting for this update for quite some time. But also for all others <strong>v18 MR3<\/strong> brings along 34 bugfixes and some new features.<\/p>\n\n<h2 class=\"wp-block-heading\" id=\"h-upgrade-auf-v18\">Upgrade to v18<\/h2>\n\n<p>Currently, there are still two different versions of SFOS, which are updated by Sophos. There is <strong>v17.5<\/strong> (MR6 &#8211; MR14.1) and <strong>version 18<\/strong> (MR1 and MR2).<\/p>\n\n<p>Users of an XG 85 or XG 105 cannot upgrade to v18 due to insufficient RAM. That&#8217;s why these <a href=\"https:\/\/www.avanet.com\/en\/blog\/sophos-xg-85-and-xg-105-end-of-sale\/\">firewall appliances are also end of sale<\/a> and there are corresponding successor models. For customers with these older devices, Sophos continues to keep v17.5 up to date, at least in terms of bug fixes and security updates.<\/p>\n\n<p>To benefit from the latest features, it would be advisable to switch to the new models that support v18. To make this decision easier for customers with older devices, Sophos is offering a renewal promo until the end of the year, with which you get 50% of the new firewall hardware for free. The other option would be to simply wait until 2021 Q2&#8230;.<strong>(SPOILER:<\/strong> New hardware series to be released. \ud83e\udd2b)<\/p>\n\n<p>For firewalls that support v18, however, updating has not been so easy. Until now, there was only a working migration path to version 18 for versions 17.5 MR6 to MR12. Anyone who had already installed MR13 or MR14 in the meantime was confronted with a factory reset when manually updating to v18 and lost their complete configuration.<\/p>\n\n<p>With v18 MR3 there is an update path again. Also, for our v17.5 customers, we see that the v18 update is automatically suggested on the firewall for the first time. So Sophos is confident and has gained enough experience with v18 to make the upgrade available to all customers.<\/p>\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Our experiences with v18 and v18 MR3 are also quite positive. We therefore recommend an upgrade to v18. \ud83d\ude4c<\/p><\/blockquote>\n\n<h3 class=\"wp-block-heading\" id=\"h-wieso-v18-ein-richtig-guter-release-ist\">Why v18 is a really good release?<\/h3>\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.avanet.com\/en\/blog\/sophos-sfos-v18-new-features-at-a-glance\/\">In SFOS v18 there are some new features<\/a><\/li><li><a href=\"https:\/\/www.avanet.com\/en\/blog\/sophos-central-firewall-management-features-with-sfos-v18\/\">With SFOS v18 there are new features for the Central Firewall Management<\/a><\/li><\/ul>\n\n<p>The same firewall appliance has also become a lot faster with the software upgrade to v18! \ud83d\ude80<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-performance-boost.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" data-id=\"21411\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-performance-boost-1024x576.jpg\" alt=\"Sophos Firewall OS - Performance Boost v18.0 MR3\" class=\"wp-image-21411\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-performance-boost-1024x576.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-performance-boost-64x36.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-performance-boost-300x169.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-performance-boost-600x338.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-performance-boost-768x432.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-performance-boost-1536x864.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-performance-boost-18x10.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-performance-boost.jpg 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>On the 100 series (XG 86 &#8211; XG 135), the web interface has become <strong>quite a bit faster<\/strong>, but the bottom line is still <strong>damn slow!<\/strong> \ud83d\udc0c<\/p><\/blockquote>\n\n<h2 class=\"wp-block-heading\" id=\"vpn-performance-verbesserungen\">VPN performance improvements<\/h2>\n\n<p>SSL VPN performance has been improved in v18 MR3. Many more parallel connections are now supported on the larger hardware models than with the older SFOS version.<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-2 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg86-135.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"156\" data-id=\"21412\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg86-135-1024x156.jpg\" alt=\"Sophos Firewall SFOS v18 MR3 Update SSLVPN Performance Table XG 86 - XG 135\" class=\"wp-image-21412\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg86-135-1024x156.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg86-135-64x10.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg86-135-300x46.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg86-135-600x91.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg86-135-768x117.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg86-135-1536x233.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg86-135-18x3.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg86-135.jpg 1554w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-3 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg210-330.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"182\" data-id=\"21413\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg210-330-1024x182.jpg\" alt=\"Sophos Firewall SFOS v18 MR3 Update SSLVPN Performance Table XG 210 - XG 330\" class=\"wp-image-21413\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg210-330-1024x182.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg210-330-64x11.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg210-330-300x53.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg210-330-600x107.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg210-330-768x136.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg210-330-18x3.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg210-330.jpg 1328w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-4 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg430-750.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"156\" data-id=\"21414\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg430-750-1024x156.jpg\" alt=\"Sophos Firewall SFOS v18 MR3 Update SSLVPN Performance Table XG 430 - XG 750\" class=\"wp-image-21414\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg430-750-1024x156.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg430-750-64x10.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg430-750-300x46.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg430-750-600x91.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg430-750-768x117.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg430-750-1536x233.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg430-750-18x3.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-sslvpn-performance-xg430-750.jpg 1554w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<h2 class=\"wp-block-heading\" id=\"secure-storage-master-key-ssmk\">Secure Storage Master Key (SSMK)<\/h2>\n\n<p>After performing the update and logging in as admin afterwards, the following display appears:<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-5 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-create.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"662\" data-id=\"21415\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-create-1024x662.jpg\" alt=\"Sophos Firewall - Secure Storage Master Key (SSMK)\" class=\"wp-image-21415\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-create-1024x662.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-create-64x41.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-create-300x194.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-create-600x388.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-create-768x496.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-create-18x12.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-create.jpg 1260w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<h3 class=\"wp-block-heading\" id=\"hintergrund-zu-diesen-anderungen\">Background to these changes<\/h3>\n\n<p>Sophos had a <a href=\"https:\/\/www.avanet.com\/en\/blog\/sophos-sfos-sql-injection-vulnerability-fixed\/\">vulnerability in SFOS<\/a> a few months ago. Even further back, there was the problem that the administrator password could be read from the backup files with some effort. As a result, backup encryption was also introduced. Sophos takes this matter very seriously and has therefore also made some effort to ensure that something like this does not happen again. The planned roadmap was postponed by half a year, and the security of the company&#8217;s own system was taken care of first. The incidents have shown that even a firewall, which is supposed to protect against threats, is vulnerable.<\/p>\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>The saying &#8220;100 percent certainty does not exist&#8221; does not exist without reason. Many films or series would be very boring if there were such a 100 percent certainty. \ud83d\ude0b<\/p><\/blockquote>\n\n<p>Now, with v18 MR3, the <strong>Secure Storage Master Key<\/strong> is available. This key can be created only with the admin user. This does not work with another user who has administrator rights. With the definition of this new key, important information is additionally encrypted. If you want to know exactly what happens here, you can read about it in the <a href=\"https:\/\/www.avanet.com\/assets\/sophos-security-sfos-secure-storage-faq-en.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Secure Storage document<\/a>.<\/p>\n\n<p>So create a secure password and save it securely as well.<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-6 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-set-password.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"624\" data-id=\"21416\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-set-password-1024x624.jpg\" alt=\"Sophos Firewall - Create the secure storage master key\" class=\"wp-image-21416\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-set-password-1024x624.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-set-password-64x39.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-set-password-300x183.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-set-password-600x366.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-set-password-768x468.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-set-password-18x12.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-secure-storage-master-key-set-password.jpg 1260w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<h2 class=\"wp-block-heading\" id=\"captcha-deaktivieren\">Disable captcha<\/h2>\n\n<p>The firewall login window has been equipped with a captcha since the above-mentioned vulnerability for the UserPortal and Admin login.<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-7 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-admin-loginscreen.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"721\" data-id=\"21417\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-admin-loginscreen-1024x721.jpg\" alt=\"Sophos Firewall WebAdmin login with captcha\" class=\"wp-image-21417\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-admin-loginscreen-1024x721.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-admin-loginscreen-64x45.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-admin-loginscreen-300x211.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-admin-loginscreen-600x422.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-admin-loginscreen-768x541.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-admin-loginscreen-1536x1081.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-admin-loginscreen-18x12.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-admin-loginscreen.jpg 1946w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<p>With MR3 this bot protection can be disabled. To do this, you need to log in to the firewall via SSH and switch to the console by typing &#8220;4&#8221;.<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-8 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-login.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" data-id=\"21418\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-login-1024x567.jpg\" alt=\"Sophos Firewall SSH - Device Console\" class=\"wp-image-21418\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-login-1024x567.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-login-64x35.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-login-300x166.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-login-600x332.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-login-768x425.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-login-1536x850.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-login-18x10.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-login.jpg 1769w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<p>Here you can use the following command to enable, disable or show the captcha setting for the login windows.<\/p>\n\n<pre class=\"wp-block-code\"><code>console&gt; system captcha-authentication-global enable\/disable\/show for userportal\/webadminconsole<\/code><\/pre>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-9 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-disable-captcha.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" data-id=\"21419\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-disable-captcha-1024x567.jpg\" alt=\"Sophos Firewall - disable SSH WebAdmin login captcha\" class=\"wp-image-21419\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-disable-captcha-1024x567.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-disable-captcha-64x35.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-disable-captcha-300x166.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-disable-captcha-600x332.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-disable-captcha-768x425.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-disable-captcha-1536x850.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-disable-captcha-18x10.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-ssh-disable-captcha.jpg 1769w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<h2 class=\"wp-block-heading\" id=\"device-access-warnhinweise\">Device Access Warnings<\/h2>\n\n<p>Like the upper two functions, the Device Access warnings are also intended to provide more security.<\/p>\n\n<p>Under the menu item: &#8220;Administration &gt; Device Access&#8221; you can define the access to the firewall services.<\/p>\n\n<p>Here you should proceed according to the following principle: <strong>Close everything and open consciously<\/strong>. For example, by checking the box for &#8220;Ping&#8221; or &#8220;User Portal&#8221;, you allow any computer in the world to reach your firewall via ICMP or User Portal.<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-10 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"754\" data-id=\"21420\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-1024x754.jpg\" alt=\"Sophos Firewall - secure device access WAN access\" class=\"wp-image-21420\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-1024x754.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-64x47.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-300x221.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-600x442.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-768x565.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-1536x1130.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-16x12.jpg 16w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access.jpg 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<p>Of course, you can change the settings as before. The system now issues a warning message. This should make you aware of what you are opening up to the outside world by activating a checkbox in the WAN zone.<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-11 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-warning.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"688\" data-id=\"21421\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-warning-1024x688.jpg\" alt=\"Sophos Firewall - Device Access WAN access alert\" class=\"wp-image-21421\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-warning-1024x688.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-warning-64x43.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-warning-300x201.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-warning-600x403.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-warning-768x516.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-warning-1536x1031.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-warning-18x12.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-device-access-warning.jpg 1802w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<p>It is better to use the &#8220;Local service ACL exeption rule&#8221; to define more precisely where traffic is allowed from. For example, for access to the user portal, select only your country, or for pinging, select only the IPs that may, should, must actually reach the firewall via ICMP.<\/p>\n\n<h2 class=\"wp-block-heading\" id=\"sophos-central-firewall-management\">Sophos Central Firewall Management<\/h2>\n\n<h3 class=\"wp-block-heading\" id=\"high-availability-cluster-ansicht\">High Availability Cluster View<\/h3>\n\n<p>All listeners of our podcast know that Central Firewall Manager is a product in which I see a lot of potential. You can still tell this one is in development, but v18 MR3 fixes a really unattractive thing.<\/p>\n\n<p>HA clusters are now no longer displayed as online and offline, but it is now easy to see which firewalls have been configured to form a cluster.<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-12 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"278\" data-id=\"21422\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-1024x278.jpg\" alt=\"Sophos Central Firewall Manager High Availability Cluster View\" class=\"wp-image-21422\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-1024x278.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-64x17.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-300x81.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-600x163.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-768x208.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-1536x416.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-18x5.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster.jpg 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<p>If you click with the mouse on the status display, you will be shown even more information. This shows that this device is in an active-passive cluster and that it is the Auxiliary Device.<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-13 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-bubble.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"543\" data-id=\"21423\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-bubble-1024x543.jpg\" alt=\"Sophos Central Firewall Manager High Availability Cluster View Detail\" class=\"wp-image-21423\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-bubble-1024x543.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-bubble-64x34.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-bubble-300x159.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-bubble-600x318.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-bubble-768x407.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-bubble-18x10.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-ha-cluster-bubble.jpg 1442w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<h3 class=\"wp-block-heading\" id=\"geplante-updates\">Planned updates<\/h3>\n\n<p>It is now possible to schedule firmware updates via the Central Firewall Manager. UTM admins know this from the past.<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-14 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-overview-update.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"397\" data-id=\"21424\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-overview-update-1024x397.jpg\" alt=\"Sophos Central Firewall Manager Update Option\" class=\"wp-image-21424\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-overview-update-1024x397.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-overview-update-64x25.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-overview-update-300x116.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-overview-update-600x233.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-overview-update-768x298.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-overview-update-1536x596.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-overview-update-18x7.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-overview-update.jpg 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<p>For a planned update, you can also select multiple firewalls at the same time, which is an enormous relief in larger environments.<\/p>\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Nevertheless, this feature should be taken with a grain of salt. An update can also cause problems sometimes.<\/p><\/blockquote>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-15 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-schedule-update.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"674\" data-id=\"21425\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-schedule-update-1024x674.jpg\" alt=\"Sophos Firewall OS - Central Firewall Manager Schedule Update\" class=\"wp-image-21425\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-schedule-update-1024x674.jpg 1024w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-schedule-update-64x42.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-schedule-update-300x197.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-schedule-update-600x395.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-schedule-update-768x505.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-schedule-update-1536x1010.jpg 1536w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-schedule-update-18x12.jpg 18w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-schedule-update.jpg 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/figure>\n\n<p>In the screenshot above, you can see that some updates still need to be installed in this environment. \ud83d\ude05<\/p>\n\n<p>If a firewall is in an update process, this is indicated by an animated icon in the overview. Click on it to get even more information.<\/p>\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-16 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-update-progress.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"1004\" height=\"610\" data-id=\"21426\" src=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-update-progress.jpg\" alt=\"Sophos Firewall OS - Central Firewall Manager Update Progress\" class=\"wp-image-21426\" srcset=\"https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-update-progress.jpg 1004w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-update-progress-64x39.jpg 64w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-update-progress-300x182.jpg 300w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-update-progress-600x365.jpg 600w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-update-progress-768x467.jpg 768w, https:\/\/www.avanet.com\/assets\/sophos-firewall-sfos-v18-mr3-central-firewall-manager-update-progress-18x12.jpg 18w\" sizes=\"auto, (max-width: 1004px) 100vw, 1004px\" \/><\/a><\/figure>\n<\/figure>\n\n<h2 class=\"wp-block-heading\" id=\"weitere-erneuerungen\">Other renewals<\/h2>\n\n<p>There are more features to this release, but I won&#8217;t go into them in detail. For the sake of completeness, however, I still list them:<\/p>\n\n<ul class=\"wp-block-list\"><li>Sophos Connect Client: Groups can now be added, not just individual users.<\/li><li>SFOS now also supports Nutanix AHV and Nutanix Flow infrastructure<\/li><li>AWS: Support for new instances in the AWS Cloud (C5, M5 and T3)<\/li><li>AWS: CloudFormation Templates Support<\/li><li>AWS: Support for Virtual WAN Zones on Custom Gateways<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Admins who have already updated their XG Firewall to 17.5 MR13 and MR14 have been waiting for this update for quite some time. But also for all others v18 MR3 brings along 34 bugfixes and some new features. Upgrade to v18 Currently, there are still two different versions of SFOS, which are updated by Sophos. [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":21326,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[277],"tags":[],"class_list":["post-22274","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"blocksy_meta":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts\/22274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/comments?post=22274"}],"version-history":[{"count":0,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts\/22274\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media\/21326"}],"wp:attachment":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media?parent=22274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/categories?post=22274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/tags?post=22274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}