Sophos Firewall v21 MR1 Build 272 brings a number of enhancements; as well as scalability and stability fixes to your Sophos Firewall.
VPN Enhancements
- SSL VPN now supports the key sizes 3072 and 4096 bits for the Diffie-Hellman key exchange to deliver enhanced communication security and meet compliance requirements.
- Enhanced UDP-based SSLVPN tunnel resiliency using granular dead peer detection timeout configuration.
- Improved stability for offloaded Policy-based VPN IPsec traffic that eliminates slow browsing issues.
NAT64 (IPv6 to IPv4 traffic)
- NAT64 is supported for IPv6 to IPv4 traffic in explicit proxy mode. In this mode, IPv6-only clients can access IPv4 websites. The firewall also supports IPv4 upstream proxy for IPv6-only clients.
Quality-of-life enhancements
v21 MR1 Build 272 offers some enhancements in networking, providing improved performance.
- The firewall offers enhanced cellular WAN monitoring by automatically setting "8.8.8.8" as the second probe target. This addresses the issue of ISPs blocking gateway pings, reducing the need for manual configuration.
- Added resiliency to the DHCP service which now auto-restores if it gets into an error state.
- SD-RED devices now support remote troubleshooting and diagnostics by Sophos Support.
Issues resolved in the re-release of v21 MR1 Build 272:
- NC-152963 [Firewall]: Fixed the issue discovered in the 21 MR1 Build 272 about the Let's Encrypt feature related to certificate generation/renewal and firewall rule positioning.
- NC-152641 [Base System]: After upgrading to 21 MR1 Build 272, the device stopped processing traffic due to SWAP memory configuration changes.
- NC-151389 [UI Framework]: Hotspot voucher fails to load on the User Portal page.
- NC-147793 [VPN]: Pattern update failure for SSL VPN.
- Additionally resolves 50+ important reliability, stability and security fixes.
Check out the v21 MR1 Build 272 release notes for full details.
How to get the firmware and documentation
Sophos Firewall OS v21 MR1 Build 272 is a free upgrade for all licensed Sophos Firewall customers and should be applied to all supported firewall devices as soon as possible to ensure that you have all the latest security, reliability, and performance fixes.
This firmware release will follow our standard update process. You can manually download SFOS v21 MR1 Build 272 from Sophos Central and update anytime. Otherwise, it will be rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.
Sophos Firewall OS v21 MR1 Build 272 is a fully supported upgrade from all previous versions of v20, v19.5 and the earlier v21 MR1 Build 237 release. Please refer to the Upgrade Information tab in the release notes for more details.
Full product documentation is available online and within the product.
Keep Your Firmware Up to Date
Sophos Firewall integrates an innovative Hotfix capability that enables us to push urgent and important patches out to the firewall “over the air” to address any new zero-day vulnerability or other critical issue that arises. This enables a rapid fix to be applied without requiring any downtime normally associated with a firmware upgrade and restart. You get the benefit of important fixes being applied immediately without any manual effort on your part.
However, it’s super important to ensure your firewall firmware is kept up to date as non-urgent security fixes are often integrated into maintenance releases. Since all firmware updates are free for licensed Sophos Firewall customers, there’s no reason not to take advantage of all the great enhancements in every release.
Sincerely,
Sophos Firewall Product Team.
