Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

Sophos Firewall OS v19.5 MR4 is Now Available

We launched Sophos Firewall v20 late last year, with several exciting new features.

Many organizations have already upgraded, but for those that haven’t, now is the time! They will see the v20.0 update waiting for them in Sophos Central, or in the web admin console of the firewall as soon as they login.

If you are still continuing with v19.5, we’ve released a maintenance update for v19.5 with MR4. v19.5 MR4 brings important security, performance, and reliability fixes.

What’s New in SFOS v19.5 MR4

Updated SSD firmware for select models:

  • Among the fixes, this release includes manual update of SSD firmware for a subset of the XGS 116(w), XGS 126(w), XGS 136(w), XGS 2100, XGS 2300, XGS 3100, XGS 3300, XGS 4300 and XGS 4500 to optimize performance and reliability. For more details, see KB-000045830.

VPN Enhancements:

  • Delivering stronger encryption for Phase-1 IKEv2 Tunnels for IPsec with GCM and suite-B ciphers support. Phase-2 IKEv2 tunnels already supported these ciphers.
  • Sophos Firewall is now compatible with OpenVPN 3.0 clients. Users can download the compatible configuration file from the user portal.

Logging and Reporting Enhancements:

  • Customers can customize the delimiter in syslog event messages, offering flexibility in managing log data.
  • Storage threshold for on-box reporting has been changed from 90% full to 80% full to avoid /VAR partition getting full.

Enhancement to ZTNA Gateway integration into Sophos Firewall:

  • ZTNA gateway in the firewall supports scaled deployments with up to 5000 concurrent connections. It now supports 2.5 times more connections than earlier.

Web Protection Enhancement:

  • In the web proxy we have refined the Pharming Protection feature to address a potential vulnerability arising from modifications to the destination IP address during proxy DNS resolution. With the updated behavior the firewall policy will now undergo re-evaluation using the DNS resolved IP address from Pharming Protection.

Issues resolved:

  • Resolves 65+ important performance, reliability, stability and security fixes.

Check out the v19.5 MR4 release notes for full details.

How to get the Firmware and Documentation

Sophos Firewall OS v19.5 MR4 is a free upgrade for all licensed Sophos Firewall customers and should be applied to all supported firewall devices as soon as possible to ensure that you have all the latest security, reliability and performance fixes.

This firmware release will follow our standard update process.  You can manually download SFOS v19.5 MR4 from the Sophos Central and update anytime. Get the full details here. Otherwise, it will be rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.

Sophos Firewall OS v19.5 MR4 is a fully supported upgrade from all previous versions of v19.5 and v19.0. Please refer to the Upgrade Information tab in the release notes for more details.

Full product documentation is available online and within the product.

Sincerely,

Sophos Firewall Product Team