Sophos Firewall OS v19 was released just a few months ago in April, and has already been adopted by a huge number of partners and customers who have upgraded to take advantage of the many Xstream SD-WAN and VPN enhancements.
This latest update, v19 MR1 Build 365, brings a number of additional enhancements and fixes to what is already one of our best firewall updates ever:
What’s New in SFOS v19 MR1 Build 365:
VPN and SD-WAN Enhancements:
- SSLVPN Remote Access - Static IP lease support to enable mapping of remote users with static IP addresses to improve user traceability, monitoring and visibility. This also includes static IP leases with an external Radius server.
- IPsec VPN Enhancements - includes adding default IPsec site-to-site IKEv2 policies for improved head office to branch office tunnels, eliminating manual fine tuning for re-key interval, dead peer detection (DPD) action and key negotiation. Defaults were also updated to prevent flapping of UDP connections (VoIP, Skype, RDP, Zoom, etc.). Also disabled "vpn conn-remove-tunnel-up" and enabled "vpn conn-remove-on-failover" for new configuration (but does not impact existing deployments)
- SD-RED - Now support multiple DHCP servers for RED interfaces
- SD-WAN Profiles - The Rule-ID and index column are added on the SD-WAN profile management page for easier troubleshooting
Other Enhancements:
- Anti-Malware Engine - Anti-malware engines and associated components were upgraded to full 64-bit operation to provide optimal performance and future support. Note that the secondary malware scan engine, Avira, will no longer provide detection updates for the 32-bit version after December 31, 2022. Anyone using Avira will need to upgrade to v19 MR1 or v18.5 MR5 (to be released soon) before the end of the year or switch to just using the Sophos engine.
- Synchronized Security - Improved Sophos Central Firewall Management resilience in environments with thousands of endpoint certificates being used for Synchronized Security Heartbeat.
- Email - Added an option to report a spam email as a False Positive from the quarantine release screen
- Sophos Assistant - Added an option to opt-out of the Sophos Assistant
- Additional Fixes - Over 50+ additional performance, stability and security fixes and enhancements are also included
Issues fixed in the re-release of v19 MR1:
- NC-100681 [IPS Engine] Increase in snort memory with ATP pattern updates
- NC-94019/ NC-100737 [Wireless] Inbound traffic for hosts connected on Wi-Fi SSID on Separate zone is dropped by firewall rule ID 0, and outbound traffic may experience slowness
- NC-100971 [IPsec] Migration fails from v19.0 GA to v19.0 MR1 Build 350
- NC-81131 [Reporting] Last access time is not generated when there is user present with username that has xss payload
- NC-100679 [CDB-CFR, Reporting] "INSERT INTO available_login_eventv6%" error in postgres.log causing conf partition to rise
Check out the v19 MR1 Build 365 release notes for full details.
Important Licensing Change for Future Firmware Updates:
As covered in the recent community blog post, SFOS v19 MR1 introduces a support requirement for firmware upgrades which will come into effect for customers without a valid support subscription after they've used an initial free upgrade allocation.
To summarize:
- No change for customers with a valid support subscription (about 80% of customers)
- Future action will be required by the remaining 20% who do not have a support subscription, but also no immediate change
How to Get it:
The release of v19 MR1 Build 365 follows our regular firmware release process so you can download it now from MySophos or wait until it appears in your console over the next few weeks.
Sophos Firewall OS v19 MR1 Build 365 is a fully supported upgrade from v19 GA and v19 MR1 Build 350, all previous versions of v18.5 including the latest v18.5 MR4 and v18 MR3 and later. Please refer to the Upgrade information tab in the release notes for more details.
