Sophos Firewall v19.5 is Now Available

We are pleased to announce that Sophos Firewall OS v19.5 is now released and generally available.  This update to Sophos Firewall brings a number of exciting enhancements and top requested features.

What's New:

Xstream SD-WAN:

  • SD-WAN Load Balancing builds on the powerful SD-WAN capabilities introduced in v19 to add load balancing across multiple SD-WAN links for added performance and redundancy.
  • IPsec VPN Capacity is also significantly increased enabling up to double the number of concurrent tunnels depending on your XGS Series model.
  • Dynamic Routing with OSPFv3 (IPv6) which has been one of our top requested features bringing enhanced routing, flexibility, security, and performance.

Xstream Protection and Performance

  • Xstream FastPath Acceleration of TLS encrypted traffic takes advantage of the hardware crypto capabilities in the Xstream Flow Processor to accelerate TLS encrypted traffic flows on the FastPath on the XGS 4300, 4500, 5500, and 6500. This provides added performance headroom for traffic that requires deep-packet inspection. 

High Availability

  • Several Status, Visibility and Ease-of-Use Enhancements improve the operation of high availability (HA) configurations.
  • Redundant Link Support enables your high availability devices to be connected with multiple redundant HA links to add resiliency and reliability.

Quality of Life Enhancements

  • Azure AD integration for SSO web console login offers an alternate and easier method of authentication.
  • Host and Service Object Search enables you to perform free text searches for host and service objects by name or value.
  • Enhanced .log file storage enables advanced troubleshooting.
  • Enhanced 40G Interface Support with auto-detection of advanced port configurations on XGS 5500 and 6500 models.

Get the Full List of What’s New

Download the full What’s New guide for a complete overview of all the great new features and enhancements in v19.5.

See The New Features in Action

How to get the firmware, documentation, and training

As usual, Sophos Firewall OS v19.5 is a free upgrade for all licensed Sophos Firewall customers and should be applied to all supported firewall devices as soon as possible, as it not only contains great features and performance enhancements, but also important security fixes.

This firmware release will follow our standard update process.  You can manually download SFOS v19.5 from the Licensing Portal and update anytime. Otherwise, it will be rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.

Sophos Firewall OS v19.5 is a fully supported upgrade from any v18.5 firmware as well as v19, including the recent v19 MR1 build 365 release, and the v19.5 EAP build. Please refer to the Upgrade Information tab in the release notes for more details.

Full product documentation is available online and within the product.

Update training (from v19 to v19.5) is available on the Sophos Training Portal.

Parents
  • Does the Azure AD integration allow us to use the MFA tokens we've already setup for Office365, for when we login to the firewall?

    When will we be able to use the Azure AD integration with the Sophos Connect VPN client?

  • Hi Paul,

    How users get authenticated doesn't change when integrating a firewall with Azure (as authentication is delegated to Azure AD /Microsoft). You can continue to use the MFA toke already configured.

    Next in our priority is Captive portal integration with Azure AD followed by Sophos Connect. 

    We would like to hear if you have any feedback or suggestions.

    Thank you.

    Product Management Team

  • Does this mean the Portal and Connect client will eventually not require a RADIUS/NPS server?  That would be nice.

  • Hi Joe,

    That's correct. if an organization fully leverages the Azure AD for managing identities and access (IAM), legacy solutions like LDAP/RADIUS/NPS are not required.

    Some research insights: Data show a majority of enterprise still relies on an on-premise solution (like LDAP /Active Directory) due to legacy applications dependencies and deeply integrated workflows. We see this trend will continue for a couple of years till they migrate all the applications to modern design or workaround using services like Azure App proxy. Considering this we are eventually planning (in our roadmap) to add more features and functions that can integrate with serverless authentication technologies  

Comment
  • Hi Joe,

    That's correct. if an organization fully leverages the Azure AD for managing identities and access (IAM), legacy solutions like LDAP/RADIUS/NPS are not required.

    Some research insights: Data show a majority of enterprise still relies on an on-premise solution (like LDAP /Active Directory) due to legacy applications dependencies and deeply integrated workflows. We see this trend will continue for a couple of years till they migrate all the applications to modern design or workaround using services like Azure App proxy. Considering this we are eventually planning (in our roadmap) to add more features and functions that can integrate with serverless authentication technologies  

Children
No Data