Sophos Firewall OS v19.0 MR2 is Now Available

While many organizations have already upgraded to Sophos Firewall OS v19.5 to take advantage of all the great Xstream SD-WAN, FastPath Acceleration of TLS, High availability (HA) enhancements and quality-of-life improvements, we know many of you are possibly waiting for the first maintenance release for v19.5 before jumping in. Our team is hard at work on the first MR for v19.5, but in the meantime, we’ve released a nice update for v19.0 with MR2.

This latest update, v19.0 MR2, brings a number of additional enhancements and fixes to what is already one of our best firewall updates ever:

What’s New in SFOS v19.0 MR2:

  • Xstream SD-WAN enhancements -
    • Supports 4x more SD-WAN profiles for scaled deployment
    • Improved Gateway manageability - gateway can be now filtered based on status, IP, interface, and health check
    • Search for SD-WAN profile by name on the diagnostic screen
  • IPsec VPN enhancements -
    • Improved security heartbeat selection in remote access IPsec VPN
    • Supports disabling anti-replay protection of IPsec VPN for specific use cases
  • Email protection - Enhanced spam catch rate with SASI, now offers bulk email handling configurations for the MTA mode
  • SD-RED - Display and email the RED unlock code for the deleted RED devices to easily manage the them again
  • Zero-day protection - Intelix can now request submission of samples above the previous built-in limit of 10MB

  • Additional Fixes - Includes 100+ additional performance, stability and security fixes

Check out the v19.0 MR2 release notes for full details.

How to Get it:

The release of v19.0 MR2 follows our regular firmware release process so you can download it now from MySophos or wait until it appears in your console over the next few weeks.

Sophos Firewall OS v19.0 MR2 is a fully supported upgrade from all previous versions of v19.0 and v18.5 including the latest v18.5 MR5. Please refer to the Upgrade information tab in the release notes for more details.

Parents
  • Will 19.5 be getting a MR update anytime soon?  We only have 3 firmware updates and want to plan them for major jumps if possible.

  • Per the announcement: "CTPAT plan for Camera changes" is their stance on an MR update for 19.5.

    As for the limit of 3. I am pretty sure this is only for unlicensed firewalls. Based on your name, I am going to assume you are working for a School District. If this is the case then you should be paying for a license to get security features which means you are already eligible for these upgrades. If you are not paying for these services and using it only as a stateful firewall then I am not sure of your setup and have other concerns before worrying about the 3 firmware update limit.

    As for the stability of 19.5, I will not list how many but we have multiple locations running Sophos XG & XGS models on this firmware for over a week with the only issue being that one locked up the admin console shortly after the install. Simple restart resolved it and no issues since.

Comment
  • Per the announcement: "CTPAT plan for Camera changes" is their stance on an MR update for 19.5.

    As for the limit of 3. I am pretty sure this is only for unlicensed firewalls. Based on your name, I am going to assume you are working for a School District. If this is the case then you should be paying for a license to get security features which means you are already eligible for these upgrades. If you are not paying for these services and using it only as a stateful firewall then I am not sure of your setup and have other concerns before worrying about the 3 firmware update limit.

    As for the stability of 19.5, I will not list how many but we have multiple locations running Sophos XG & XGS models on this firmware for over a week with the only issue being that one locked up the admin console shortly after the install. Simple restart resolved it and no issues since.

Children
  • We are not 'unlicensed'.  We simply don't want to spend our limited resources to pay for the 'enhanced support' to get firmware that used to be part of our normal subscription.

    From your statement of the system locking up with the new firmware, it sounds like this is something we should avoid for the time being.  We have already been through a nightmare of instability on our firewall in the past.