Sophos XG Firewall v18 is now available!

Introducing the all-new Xstream Architecture

XG Firewall v18 is now available sporting the all-new Xstream Architecture delivering extreme new levels of visibility, protection and performance.

XG Firewall v18 Highlights:

  • Xstream SSL Inspection. Get unprecedented visibility into your encrypted traffic flows, support for TLS 1.3 without downgrading, powerful policy tools, and extreme performance.
  • AI-powered Threat Intelligence. Extend your protection against zero-day threats and emerging ransomware variants with multiple best-in-class machine learning models and unmatched insights into suspicious files entering your network
  • Application Acceleration. Optimize network performance by putting your important application traffic on the fast path through the firewall and routing it reliably out your preferred WAN connection 

Also check out our SFOS v18 playlist on YouTube to find out what's new in XG Firewall v18!

Sophos Central

XG Firewall v18 also includes support for all new central management, reporting, and deployment options launching on Sophos Central next week:

  • Group Firewall Management. Easily keep your full estate of firewalls consistent using groups that automatically keep policies, objects, and settings synchronized.
  • Central Reporting. Network activity and insights across all your firewalls are now at your fingertips in Sophos Central with several pre-packaged reports and flexible reporting tools to create your own.
  • Zero-Touch Deployment. Conveniently setup a new firewall in Sophos Central, export the config, load it on a flash drive and have your new Firewall automatically connect back to Sophos Central without having to touch it.

Other New Features and Enhancements

In addition, there are also a ton of other new features that will enhance your protection, visibility, management experience, and network versatility:

  • Synchronized SD-WAN brings the power of Synchronized Security to reliably and accurately route application and user-based traffic over your preferred WAN links
  • Firewall, NAT, and SSL Inspection rules and policies are now more powerful, flexible and easier to work with than ever before
  • Plug-and-Play high-availability (HA) makes it easier than ever to enable business continuity and added peace-of-mind - simply connect two XG Series appliances together and you’ll be up and running in no time
  • Real-time Flow Monitoring provides at a glance insights into active bandwidth consuming hosts, applications, and users
  • Expanded Notifications and Alerts ensure you never miss an important network security event whether it’s related to a threat, service, or important performance metric
  • And much more… Check out the Complete What’s New Guide for more full details.

Get it now!

As usual, this firmware update is no charge for all licensed XG Firewall customers. The firmware will be rolled-out automatically to all systems over the coming weeks but you can access the firmware anytime to do a manual update through MySophos.

For fresh installations, please find the following installer images:

Things to know before upgrading

Check out the relevant sections of the XG v18 release notes for details on:

Please also be aware that RED10 devices are not supported anymore in v18.

Making the most of your new XG Firewall features

Free Online Training

  • Available for free for all XG Firewall customers, our delta training program will help you make the most of the new features in XG Firewall v18.
  • This online program walks you through the key enhancements since v17.5 and takes about 90 minutes to complete.

Customer Resources and How-To Videos

  • Also be sure to visit the Customer Resource Center for the latest How-To Videos and links to documentation, the community forums, training and other resources.

Take advantage of Partner and Sophos Professional Services

  • To augment your local Sophos partner’s services, we offer services to help you getting up and running and make the most of your XG Firewall, including the latest capabilities in v18.
  • While Sophos Professional Services can help with any task, here are the most common services they provide:
    • XG Firewall deployment and setup
    • XG Firewall v18 DPI, FastPath and SSL Engine Optimization
    • XG Firewall Health Checks

Here are some direct links to helpful resources:

New to XG Firewall?

If you’re new to XG Firewall, see how it provides the world’s best network visibility, protection and response on the new XG Firewall website.

  • Hello FloSupport, at MySophos portal are now only updates. But I need an ISO for a new installation. When will they be available?



  • SFOS v18 is the most substantial and innovative firewall release in Sophos’ history. Kudos and thanks to everyone who played a part in getting this out!

  • Hi  - link is already given in this page click on it download the fresh image based on your platform.

  • Where are the fixes for NC-54540 and NC-51956 ? I still have issue with DPI turned on.

  • Has there been any changes from EAP3 Refresh to GA?

  • Just upgraded from 17.5MR9 to v18 - all I can say is my goodness it's fast - much better performance through the firewall than with V17.5 MR(1-9)

  • Some nice new features and improvements, but IPv6 support is still underwhelming. It's embarrassing that a sub-$100 consumer router has better IPv6 capabilities - which is what I'm having to use to get IPv6 connectivity with my ISP (IPv6 DHCP-PD).

  • I like it. It is fast. Thank you. After the issues I had with releases 17.5 MR5 - MR7. I was skeptical. But you have delivered a good release.

  • As I already suggested, when new console commands are released, please share them inside the MR or GA release notes. Reading all the time, again, the full command list is time consuming.

  • Missing WAF creation option:

    Can anyone confirm that the waf creation button is missing under: Rules and policys --> Firewall Rules --> Add Firewall Rule

    I can only choose "New Firewall Rule" and Server Access Assistant"

    It is an fresh install of the SFOS 18.0. With the Upgrade from EAP3 to GA there where some issues with SSL traffic, which was declared by the firewall as invalid traffic. After the clean install this issues are gone. Now i want to set up WAFs, but the creation button for WAF is missing...

  • WAF option now is under Action (Allow, Drop, Reject and Protect with...). I do not like this approach but they moved to "actions"

  • Too bad for anyone with XG Rev 1 hardware, no support beyond v18, won't be able to upgrade to v18.5 or higher. Even XG 115-210 Rev 2 users are screwed, some of the early rev XG hardware out there is not that old. Going to be a tough job explaining to the customer who just bought their XG hardware not that long ago that they now have to upgrade again if they want all of the benefits of the latest firmware.

  • where did you get that info? all XG rev 1?