With the earlier SFOS v21 MR1 build 272, we saw an isolated issue where the PPPoE interface did NOT connect if it had the special character “#” in the PPPoE username (NC-153892). We have fixed that issue and re-released another build 277. The objective of the re-release is to ensure that the upgrade to v21 MR1 does not bring any connectivity disruption when PPPoE is configured with "#" in the username. If you do not have this PPPoE configuration and are already using v21 MR1 build 272, you can continue using that or opt to upgrade to build 277.
Sophos Firewall v21 MR1 Build 277 brings a number of enhancements; as well as scalability and stability fixes to your Sophos Firewall.
VPN Enhancements
- SSL VPN now supports the key sizes 3072 and 4096 bits for the Diffie-Hellman key exchange to deliver enhanced communication security and meet compliance requirements.
- Enhanced UDP-based SSLVPN tunnel resiliency using granular dead peer detection timeout configuration.
- Improved stability for offloaded Policy-based VPN IPsec traffic that eliminates slow browsing issues.
NAT64 (IPv6 to IPv4 traffic)
- NAT64 is supported for IPv6 to IPv4 traffic in explicit proxy mode. In this mode, IPv6-only clients can access IPv4 websites. The firewall also supports IPv4 upstream proxy for IPv6-only clients.
Quality-of-life enhancements
v21 MR1 Build 277 offers some enhancements in networking, providing improved performance.
- The firewall offers enhanced cellular WAN monitoring by automatically setting "8.8.8.8" as the second probe target. This addresses the issue of ISPs blocking gateway pings, reducing the need for manual configuration.
- Added resiliency to the DHCP service which now auto-restores if it gets into an error state.
- SD-RED devices now support remote troubleshooting and diagnostics by Sophos Support.
Issues resolved:
- 1 issue resolved in v21 MR1 Build 277 (compared to v21 MR1 Build 272)
- NC-153892: PPPoE interface may not connect if it has the special character "#" in the username.
- Overall v21 MR1 resolved 55+ important reliability, stability and security fixes.
Check out the v21 MR1 Build 277 release notes for full details.
How to get the firmware and documentation
Sophos Firewall OS v21 MR1 Build 277 is a free upgrade for all licensed Sophos Firewall customers and should be applied to all supported firewall devices as soon as possible to ensure that you have all the latest security, reliability, and performance fixes.
This firmware release will follow our standard update process. You can manually download SFOS v21 MR1 Build 277 from Sophos Central and update anytime. Otherwise, it will be rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.
Sophos Firewall OS v21 MR1 Build 277 is a fully supported upgrade from all previous versions of v20, v19.5, the earlier v21 MR1 Build 237 and v21 MR1 Build 272 releases. Please refer to the Upgrade Information tab in the release notes for more details.
Full product documentation is available online and within the product.
Keep Your Firmware Up to Date
Sophos Firewall integrates an innovative Hotfix capability that enables us to push urgent and important patches out to the firewall “over the air” to address any new zero-day vulnerability or other critical issue that arises. This enables a rapid fix to be applied without requiring any downtime normally associated with a firmware upgrade and restart. You get the benefit of important fixes being applied immediately without any manual effort on your part.
However, it’s super important to ensure your firewall firmware is kept up to date as non-urgent security fixes are often integrated into maintenance releases. Since all firmware updates are free for licensed Sophos Firewall customers, there’s no reason not to take advantage of all the great enhancements in every release.
Sincerely,
Sophos Firewall Product Team.
