Sophos Firewall v20 MR2 includes important enhancements such as an exciting new backup and restore assistant, Active Directory SSO improvements, and Web protection optimizations.
New Backup and restore assistant
The new Sophos Firewall backup and restore assistant enables firewall configuration backups to be easily restored on a different firewall appliance with flexible interface mapping options. This makes it easy to upgrade Sophos Firewall XG Series to XGS Series, upgrade any XGS Series model to any other XGS Series model, or even migrate to or from software or virtual appliances. This also means you can easily migrate interfaces to higher-speed ports on your new or upgraded firewall.
You can also get creative and export a configuration template from a virtual appliance and then restore it on multiple hardware or virtual deployments to simplify repetitive configurations.
Easily map interfaces from the old to the new appliance
There are a few dependencies or pre-requisites to take full advantage of this new assistant:
- Backups of XG Series appliances should be made using v19.5 MR4, v20, or later.
- Backups of XGS Series appliances need to be made using this release: v20 MR2 (or later)
This video covers the prerequisites and how to use this new assistant in more detail:
Check compatible devices to restore backups
You can also check the compatibility of the appliances you plan to backup/restore and see the exact port configuration (including available flexi port modules) using a new tool that is available at: Check compatible devices to restore backups
Check the compatibility of the models you plan to backup and restore
Additional enhancements in Sophos Firewall v20 MR2:
- Active Directory Single Sign-on adds support for performing the Kerberos/NTLM handshake over HTTP or HTTPS for a more transparent SSO experience when HSTS is enforced.
- Active Directory Single Sign-on now provides improved support for high-availability failover situations.
- Web Protection performance is enhanced by reducing the system load when enforcing SafeSearch, YouTube restrictions, Google App login domain, or Azure AD tenant restrictions
- Web Protection cipher customization now enables you to strike the best balance for your network between cipher compatibility, security, and audit compliance
Issues Resolved:
- Resolves 45+ important performance, reliability, stability and security fixes.
Check out the v20.0 MR2 release notes for full details.
How to get the firmware and documentation
Sophos Firewall OS v20 MR2 is a free upgrade for all licensed Sophos Firewall customers and should be applied to all supported firewall devices as soon as possible to ensure that you have all the latest security, reliability, and performance fixes.
This firmware release will follow our standard update process. You can manually download SFOS v20 MR2 from Sophos Central and update anytime. Otherwise, it will be rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.
Sophos Firewall OS v20 MR2 is a fully supported upgrade from all previous versions of v20, v19.5 and v19.0. Please refer to the Upgrade Information tab in the release notes for more details.
Full product documentation is available online and within the product.
Keep Your Firmware Up to Date
Sophos Firewall integrates an innovative Hotfix capability that enables us to push urgent and important patches out to the firewall “over the air” to address any new zero-day vulnerability or other critical issue that arises. This enables a rapid fix to be applied without requiring any downtime normally associated with a firmware upgrade and restart. You get the benefit of important fixes being applied immediately without any manual effort on your part.
However, it’s super important to ensure your firewall firmware is kept up to date as non-urgent security fixes are often integrated into maintenance releases. Since all firmware updates are free for licensed Sophos Firewall customers, there’s no reason not to take advantage of all the great enhancements in every release.
Sincerely,
Sophos Firewall Product Team.