Sophos Firewall v21 is Now Available

Sophos Firewall v21 is Now Available

New Innovations and Top Requested Features

After a very successful Early Access Program with hundreds of participants, we are extremely pleased to announce the availability of Sophos Firewall OS v21.

Sophos Firewall v21 bolsters protection and performance, scalability and resiliency, and streamlines management with several quality-of-life enhancements.  It’s a free upgrade for all Sophos Firewall customers*, and makes upgrading to our new 2nd Gen XGS Series Desktop models easy.

(* Excludes XG and SG Series hardware appliances)

Watch the brief video below for an overview of what’s new, download the What's New Guide, or read on for the full details.

Active Threat Response with 3rd Party Threat Feeds: 

  • Active Threat Response has been extended with support for third-party threat feeds to enable easier integration with 3rd party SoC providers, MSPs, industry specific security consortium
  • Now, you can easily add additional vertical or custom threat feeds to the firewall which will monitor and respond in the same automatic way – blocking any activity associated with them – across all security engines and without requiring any additional firewall rules

Setup and monitor your third-party threat feeds under the Active Threat Response menu 

  • Synchronized Security’s automated response to active threats is also extended to third-party threat feeds. Firewall presents threat analysis after corelating threat attempts with managed endpoint.

Enhanced Scalability:

Sophos Firewall v21 includes several enhancements to networking providing improved performance and scalability for many organizations:

  • Google Workspace integration via LDAP client and Google Chromebook SSO are now supported.
  • Authentication Enhancements – Performance for burst login handling is improved up to 4x for Radius SSO, STAS, and Synchronized User ID enabling the handling of thousands of simultaneous login requests even in multiple SSO environments (mix of STAS, Radius SSO, and Synchronized User ID).
  • High-Availability (HA) deployments gain added resilience and more seamless transitions for reduced down-time
  • IPsec VPN gains improved manageability, configuration and performance
  • Web protection and performance enhancements

Seamless upgrades:

Sophos Firewall v21 includes helpful features first introduced in v20 MR2 that make firewall upgrades to the latest XGS Series easy.

  • The new Sophos Firewall backup and restore assistant adds flexibility and enables firewall configuration to be easily restored on a different firewall model.
  • Port Mapping support makes it easier to upgrade to an appliance with a different port configuration
  • True zero-touch deployment and configuration from Sophos Central

Streamlined Management and Quality of Life Enhancements:

As with every Sophos Firewall release, this version includes quality-of-life enhancements that make day-to-day management easier.

  • Let’s Encrypt Certificate Support – A long-requested feature, Let's Encrypt certificate support enables the automatic deployment and renewal of certificates based on certificate signing requests (CSRs). Let’s Encrypt certificates are supported for WAF, SMTP, TLS configuration, hotspot sign-in, the Web Admin console, user portal, captive portal, VPN portal, and SPX portal.
  • Expanded Object Reference - Offers added visibility into network object references (usage) for interfaces, zones, gateways, and SD-WAN profiles. It also supports XML API support to retrieve object reference (usage) counts, offering visibility into unused objects.
  • Static Route Management - Users can clone static routes, turn them on or off, and add descriptions. There’s now a blackhole route option and support for Equal-Cost Multi-Path (ECMP) for load balancing.
  • Multiple user-experience enhancements including the Refreshed Web Admin Console, Improved Control Center with Card Views as well as VPN configuration optimization

The refreshed Sophos Firewall Control Center sports new card views and the latest design 

And many more!

Learn more - with deep dive articles and demo videos:

How to Get v21

As with every firewall release, Sophos Firewall v21 is a free upgrade for licensed Sophos Firewall (Except XG and SG series devices *) customers and should be applied to all supported firewall devices as soon as possible. This release not only contains great features and performance enhancements, but also important security fixes.

* NOTE: Sophos Firewall v21 is NOT supported on XG Series devices which are fast-approaching end-of-life. Upgrading your XG Series firewall to XGS is easy - don’t delay – upgrade today

This firmware release will follow our standard update process.

The new v21 firmware will be gradually rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience. 

Sophos Firewall v21 is a fully supported upgrade from any supported Sophos Firewall firmware version.


Firmware downloads from Sophos Central

Please note that Sophos Firewall firmware updates are now downloaded from Sophos Central. Get the full details here or follow this quick guide (below) to get the latest v21 firmware for your firewall:

  1. Login to your Sophos Central account and select “Licensing” from the drop-down menu under your account name in the top right of the Sophos Central console… 

  1. Select Firewall Licenses on the top left of this screen… 

  1. Expand the firewall device you’re interested in updating by clicking the “>” to show the licenses and firmware updates available for that device… 

  1. Click the firmware release you want to download (note there is currently an issue with downloads working in Safari so please use a different browser such as Chrome). 
  2. You can also click “Other downloads” in this same box above to access initial installers and software platform firmware updates. 

Parents
  • we have already updated a few Firewalls to 21.0 GA.

    There is (for us) a massive problem - that VLANs are no longer visible / configurable via the GUI!

    You are not able to expand a interface where VLANs are configured - either you can not see any VLAN when you press on "VLAN" in Interfaces Tab.

    This was not a problem in the EAP-Version!

    Ive already created a ticket and Support is working on it.

    So please, be aware when upgrading!!

Comment
  • we have already updated a few Firewalls to 21.0 GA.

    There is (for us) a massive problem - that VLANs are no longer visible / configurable via the GUI!

    You are not able to expand a interface where VLANs are configured - either you can not see any VLAN when you press on "VLAN" in Interfaces Tab.

    This was not a problem in the EAP-Version!

    Ive already created a ticket and Support is working on it.

    So please, be aware when upgrading!!

Children