Sophos Firewall v19 – Xstream SD-WAN

The early access program for Sophos Firewall OS v19 is kicking off today delivering Xstream SD-WAN capabilities.

Earlier this year, we launched the powerful new XGS Series firewalls with dedicated Xstream Flow Processors to accelerate SD-WAN, SaaS, and cloud traffic.  We then followed that with an extremely easy way to orchestrate complex SD-WAN overlay networks in Sophos Central.  And today, we’re introducing Xstream SD-WAN.

Sophos Firewall OS v19 includes several new and exciting SD-WAN capabilities including SD-WAN profiles with multi-gateway support and performance SLA link selection, as well as performance monitoring tools, SD-WAN logging, and much more.

Xstream FastPath Acceleration of IPsec VPN tunnel traffic will also be part of SFOS v19 and is still being finalized for inclusion in the next EAP phase.

All this adds up to Xstream SD-WAN – delivering extreme new levels of networking flexibility and performance – all integrated into your firewall.

Here are the major enhancements in SFOS v19

SD-WAN

• SD-WAN Profiles and Advanced Performance SLAs – with multiple gateway support for seamless and efficient re-routing of traffic based on WAN link performance.
• SD-WAN monitoring – provides graphical real-time and historical monitoring of SD-WAN link performance metrics including latency, jitter, and packet loss.
• SD-WAN Logging – integrates SD-WAN routing information into log data with a new SD-WAN log viewer module

VPN

• VPN Management – VPN management has been reorganized and streamlined including new separate main menu items for remote access and site-to-site VPN management as well as many other intuitive changes, a new SSL remote-access setup wizard, and more.
• VPN Performance – SSL VPN capacity is dramatically improved (up to 5x) thanks to the addition of multi-instance support, and in the next EAP phase, we will be introducing Xstream FastPath acceleration of IPsec VPN tunnel traffic.
• VPN Operational Enhancements – include a variety of additional changes including custom policy support for IPsec RA, RBVPN, new GCM and Suite-B cipher support for IPsec, and SSL VPN enhancements.
• VPN Logging – A new log viewer module has been added to assist in monitoring and trouble-shooting VPN connections for both remote-access and site-to-site using SSL or IPsec.
• AWS VPC Import – You can now import your VPC configuration XML file from AWS to streamline the tunnel setup on your Sophos Firewall.

Other Enhancements

• Web Protection – Per-connection authentication for multiple users on the same source IP address, enforcement of tenant restrictions for O365, and X-Forwarded-For Header support for up-stream load balancers and proxies.
• System and Object Search – New search capabilities to quickly and easily find screens or features in the product, as well as enhanced object search when building firewall, NAT, TLS or routing rules that allows free text searching for any object in the system.
• Performance, Protection, and Usability Enhancements – including scalable authentication performance (in high user-count environments), Synchronized Security enhancements for lateral movement protection, Flow Monitor interface enhancements, MFA enhancements, and log aggregation and suppression.

Check out the detailed PDF list of What’s New in the SFOS v19 Early Access Program.

Watch brief demo videos for many of the new features:

• SD-WAN Profiles and Performance-based SLAs
• VPN Enhancements
• AWS VPC Setup
• New Search Features
• Per-Connection Authentication
• Multi-Factor Authentication

Of course, SFOS v19 also includes all the other great enhancements in SFOS v18.5 MR2 which will be popping up in your consoles as an update any day now.

Getting Started and Providing Feedback

Sophos Firewall OS v19 EAP1 (Build 244) is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later and all previous versions of v18.5 except the latest v18.5 MR2.

Please visit the SFOS v19 EAP Registration Page to get started.

Once you’re up and running, please provide feedback through your Sophos Firewall's feedback mechanism (top right of every screen on your Firewall).  Also visit our EAP Community Forums to share your experience with others.

Note: Please do not call Sophos Support for issues related to the EAP. Troubleshooting and support for all EAP versions is handled solely through the online Sophos Community EAP Forums.

Please be on the lookout for brief email surveys over the course of the EAP.  These can be extremely helpful in shaping the release, and don't worry, we value your time and will ensure they won't take long to complete.