Sophos Xg 18

SFOS 18.0 is supported on all XG and SG appliances with at least 4 GB of RAM. With the new Xstream packet processing architecture, you will enjoy a nice performance boost on your existing hardware. Sophos XG Firewall offer: Up to 100% hardware discount on firewalls until March 31, 2021. XG Firewall V17.5 MR15 and XG Firewall V18 MR4 are live! PARTNER RESOURCES & TOOLS. Sophos Partner Portal. SOPHOS PRODUCT, COMPANY, AND RESEARCH UPDATES.

XG Firewall v18 is now available, and it’s sporting the all-new Xstream Architecture, which delivers extreme levels of visibility, protection and performance.

We’ve packed this release with new and enhanced features for you, including:

• Xstream SSL inspection. Get unprecedented visibility into your encrypted traffic flows, support for TLS 1.3 without downgrading, powerful policy tools, and supreme performance.
• AI-powered threat intelligence. Extend your protection against zero-day threats and emerging ransomware variants with multiple best-in-class machine learning models and unmatched insights into suspicious files entering your network.
• Application acceleration. Optimize network performance by putting your important application traffic on the fast path through the firewall and routing it reliably out through your preferred WAN connection.

Watch the overview video to see everything that’s new in XG Firewall v18:

Sophos Central

XG Firewall v18 also includes support for all new central management, reporting, and deployment options launching on Sophos Central next week:

• Group firewall management. Easily keep your full estate of firewalls consistent using groups that automatically keep policies, objects, and settings synchronized.
• Central reporting. Network activity and insights across all your firewalls are now at your fingertips in Sophos Central, with several pre-packaged reports and flexible reporting tools to create your own.
• Zero-touch deployment. Conveniently setup a new firewall in Sophos Central, export the config, load it on a flash drive and have your new firewall automatically connect back to Sophos Central without having to touch it.

And, there’s more!

In addition, there are also a ton of other new features that will enhance your protection, visibility, management experience, and network versatility:

• Synchronized SD-WAN brings the power of Synchronized Security to reliably and accurately route application and user-based traffic over your preferred WAN links
• Firewall, NAT, and SSL Inspection rules and policies are now more powerful, flexible and easier to work with than ever before
• Plug-and-play high-availability (HA) makes it easy to enable business continuity and adds peace-of-mind – simply connect two XG Series appliances together and you’ll be up and running in no time
• Real-time flow monitoring provides at-a-glance insights into active bandwidth consuming hosts, applications, and users
• Expanded notifications and alerts ensure you never miss an important network security event whether it’s related to a threat, service, or important performance metric

How to get XG Firewall v18

As usual, this firmware update comes at no charge for licensed XG Firewall customers. The firmware will be rolled-out automatically to all systems over the coming weeks, but you can manually update at any time via MySophos.

Head on over to the XG Firewall Community Blog to get the full release notes.

Sophos Xg 18 Download

Also check that your current hardware appliance supports v18.

Making the most of your new XG Firewall features

Free online training – available to all XG Firewall customers, our delta training program will help you make the most of the new features in XG Firewall v18.

Sophos Xg 18 Mr5

It walks you through the key enhancements since v17.5 and takes about 90 minutes to complete. Get started on the XG Firewall training program.

Customer resources and how-to videos – be sure to visit the Customer Resource Center for the latest how-to videos and links to documentation, the community forums, training and other resources.

Sophos Xg 18 Home

Take advantage of Partner and Sophos Professional Services: To augment your local Sophos partner’s services, we offer services to help you getting up and running and make the most of your XG Firewall, including the latest capabilities in v18.

While Sophos Professional Services can help with any task, here are the most common services they provide:

• XG Firewall deployment and setup
• XG Firewall v18 DPI, FastPath and SSL Engine Optimization
• XG Firewall Health Checks

Here are some direct links to helpful resources:

• Customer Training Portal (free Delta Training)

New to XG Firewall?

If you’re new to XG Firewall, see how it provides the world’s best network visibility, protection and response on the new XG Firewall website.

The new features and enhancements are on this page.

Sophos Cloud Optix: For XG Firewall instances deployed in the AWS environment, you can see their VPC details in the topology section in Sophos Cloud Optix. For more details, see the Cloud Optix help.

Amazon Web Services: Routing-based redundancy enhancements are available on the AWS platform.

Sophos Central: You can register HA devices with Sophos Central and manage them centrally. Both devices must be on 18.0 MR4. You must configure HA on the web admin console of XG Firewall.

High availability: Improvements to FastPath offload for HA active-passive configurations.

Sophos Connect client:

• The Sophos Connect client menu has been renamed IPsec (remote access). It's available on VPN > IPsec (remote access). You can configure the IPsec remote access configuration on this page. It also offers the advanced settings that were earlier available only through Sophos Connect Admin.

  Turning off Use as default gateway on the web admin console may prevent connections from being established if the existing configuration files don't match the advanced settings. If you make changes to any of the advanced settings on the web admin console, you must send the updated .scx file to users for reimport into the Sophos Connect client.

• Users can download the Sophos Connect client from VPN > Sophos Connect client (IPsec and SSL VPN) on the user portal. The available client versions and the remote access connections users can establish are as follows:
  • Windows: Sophos Connect client 2.0 (IPsec and SSL VPN connections)
  • macOS: Sophos Connect client 1.4 (Currently, only IPsec connections)

For more information, see the remote access VPN help.

Security enhancements:

• SSL VPN: XG Firewall enforces TLS 1.2 for SSL VPN connections:
  • Site-to-site connections: Both SSL VPN server and client firewalls must be on 18.0 MR4.
  • Remote access connections: These connections use OpenVPN client 2.3.8 and later. The Sophos Connect client 2.0 and legacy SSL VPN client enforce TLS 1.2.
• Password security: Introduced a secure hash for storing the password of the admin (default administrator) account:
  • The control center prompts the default administrator to change the current password. We recommend making this change. It's a one-time requirement.
  • Password complexity is turned on by default for all passwords, including those for the web admin console and the user portal.
• Open SSL: XG Firewall now uses OpenSSL 1.0.2u.
• SPX portal: A CAPTCHA is now required for the SPX portal to prevent automated attacks. You can't turn it off.

Web: XG Firewall blocks web pages categorized as highly objectionable criminal activity and hides the domain name in logs and reports. It won't implement any policy or exclusion that allows these pages.

RADIUS server: An optional Domain name field, which creates a local entry in the format user@domainname for RADIUS users, is available. The setting eliminates the issue of two entries being created automatically when authentication is based on both AD and RADIUS servers, for example, when the primary authentication method is AD, but VPN or multi-factor authentication uses RADIUS.

Synchronized Application Control: You can also set the automatic cleanup time to one month.