Sophos Firewall OS v19 is now entering the 2nd phase of the early access program (EAP) providing access to the full set of v19 features slated for general availability in April.
This latest v19 build adds a number of great new enhancements including Xstream FastPath Acceleration of IPsec VPN traffic which provides a tremendous performance boost and adds to the other Xstream SD-WAN capabilities added in EAP1.
As a reminder, here’s a complete overview of all the great new Xstream SD-WAN capabilities:
New Xstream FastPath Acceleration for IPsec Traffic
Sophos Firewall OS v18 introduced the Xstream Architecture that enables FastPath acceleration of trusted traffic flows. The new XGS Series hardware appliances added dedicated Xstream Flow Processors for hardware acceleration of trusted traffic flows. One of the great benefits of the programmable flow processor is that additional features and capabilities can be added to further improve performance.
SFOS v19 EAP2 adds IPsec VPN hardware FastPath acceleration for XGS Series appliances which automatically puts IPsec tunnel flows on the FastPath through the Xstream Flow Processor. This dramatically improves performance, moving some of the CPU-intensive processing required for IPsec tunnels to the Xstream Flow Processor such as ESP- encapsulation/encryption and decapsulation/decryption. This new feature takes full advantage of the hardware crypto capabilities within the Xstream Flow Processor and has the added benefit of freeing up CPU resources for other tasks like deep-packet inspection of traffic that needs it.
Xstream FastPath Acceleration for IPsec traffic works for both site-to-site and remote access VPN traffic, however, IPsec connections with weak cipher or auth algorithms (DES, 3DES, Two Fish, MD5) will not be off-loaded.
Other Enhancements in SFOS v19 EAP2:
- Several SD-WAN Policy Based Routing (PBR) enhancements for usability and trouble-shooting based on early EAP feedback (see image below for a list of enhancements in this area)
- Added a default object group for Internet IPv4 hosts that can be used as a network matching criteria to match all internet WAN traffic making it easy to configure SD-WAN PBRs that only apply to WAN destined traffic.
- Sydney, Australia data center option for Zero-Day Protection << Update - as of 18 February 2022, this data center is now live
- Device and management identity enhancements now show the device hostname in the browser tab and the active user ID in the upper right corner of the management console which makes managing multiple firewalls and admin accounts easier.
- Numerous performance and stability enhancements since the first EAP build
A list and side-by-side comparison of SD-WAN PBR enhancements in the latest v19 build
All the New Enhancements in v19:
For the full list of all new capabilities in v19, refer to the What’s New guide.
Watch brief demo videos for many of the new features:
- SD-WAN Profiles and Performance-based SLAs
- VPN Enhancements
- AWS VPC Setup
- New Search Features
- Per-Connection Authentication
- Multi-Factor Authentication
How to get it:
If you’re already participating in the EAP program for SFOS v19, you will see the new build available in your web-admin UI as a firmware update.
If you’re new to v19, now is the perfect time to participate in the early access program, try out the great new capabilities, and provide your feedback to help make this release the best it can be. Register here to download the early access program firmware.
Sophos Firewall OS v19 EAP2 (Build 271) is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later and all previous versions of v18.5.
How to provide feedback:
We welcome and encourage your feedback. Please use the feedback mechanism in the product on the top right of every firewall screen. You can also get assistance and interact with others in the EAP program through the community forums.
If you’re new to Sophos Firewall:
Check out how Sophos Firewall can transform your network with Xstream Protection and Performance.