- Configuration is done on Sophos XG firewall device with firmware version 18. When configuring SSL VPN, to install the application, you must get the installation source from the User Portal. As for IPSec VPN configuration, to install the application, you must use the installation file downloaded from the Admin account, and the Admin will share.
- Sophos exam version 18Sophos XG firewall exam v 18.
Sophos has released MR-5 for SFOS v18, it has many new great features, here are the release notes (Ps. have already installed it in my HA environment, and it works flawlessly):
XG Firewall v18 Maintenance Release 5 (MR5) is packed with enhancements to performance, security, reliability and central reporting. With v18 MR5, we have published XG firewall integration for azure active directory and azure virtual WAN.
Route Based VPN in XG Firewall v18 from Sophos on Vimeo. Then, you can take full advantage of the new Synchronized SD-WAN policy-based routing for your VPN traffic, with options for user, group, application, and even Synchronized Application Control discovered app based-routing for your route-based VPN.
What’s new in v18 MR5:
VPN Enhancements
- A huge 50% increase in concurrent IPSec VPN tunnel capacity (learn more)
- Port 443 sharing between SSL VPN and the Web Application Firewall (WAF)
- IPSec provisioning file support for remote access via Sophos Connect v2.1
SD-WAN
- Integration with Azure Virtual WAN for a complete SD-WAN overlay network (learn more)
Authentication
- Integration with Azure Active Directory (learn more)
Certificate Management and Security
- Form enhancements for creating certificate signing requests and certificates
- Enhanced security for private keys
- Upload/download support for PEM format certificates
- Enhanced workflows for certificate management
Sophos Xg V18 Download
Synchronized Security
- Enhanced registration and de-registration in high-availability (HA) installations
- Missing Heartbeat enhancements to reduce notifications sent for intended/expected changes in endpoint status
Sophos Central Firewall Reporting
- New Cloud Application (CASB) report
- MSP Flex Pricing for MSP partners
Issues resolved in v18 MR5
- 50+ field reported issues have been resolved
More info available here: v18 MR5 release notes
Upgrade as soon as possible
While we always encourage you to keep your firewalls up to date with the latest firmware, over the next few months we are recommending you rapidly apply maintenance releases to ensure you have all the important security, performance, and feature enhancements applied as soon as possible.
Also ensure you have automatic pattern updates enabled so that you can be assured you have the latest protection updates.
XG Firewall v18 MR5 is an easy and fully supported upgrade from XG Firewall v17.5 MR6+ (including the latest v17.5 MR15 release). Please refer to the Upgrade information tab in the release notes for more details.
How to get it
As usual, this firmware update is no charge for all licensed XG Firewall customers. The firmware will be rolled out automatically to all systems over the coming weeks, but you can access the firmware anytime to do a manual update through the Licensing Portal. Please refer to the documentation for more information on how to apply firmware updates.
Source: XG Firewall v18 MR5 – Release Notes & News – Sophos (XG) Firewall – Sophos Community
Related Posts
XG Firewall v18 includes several performance gains that will breathe new life into your network, enabling you to handle more traffic and better secure it.
If you haven’t upgraded to XG Firewall v18 already, you’re going to want to do so as soon as possible to take advantage of the substantial performance benefits waiting for you.
What are the gains and where do they come from?
Consider these potential performance boosts available by upgrading to XG Firewall v18:
Those are some impressive performance improvements!
One of the most exciting enhancements to XG Firewall in v18 was the introduction of the new Xstream Architecture, with its all-new streaming DPI engine, advanced TLS 1.3 inspection solution, and Network Flow FastPath.
Let’s look at how the Xstream Architecture upgrades your performance:
Trusted traffic FastPath acceleration
The new Xstream Network Flow FastPath is all about performance. It directs trusted traffic that doesn’t require security scanning into a fast lane through the system. This not only minimizes latency and accelerates application traffic through the firewall, it also has the added benefit of not engaging the DPI engine for deep-packet inspection of trusted traffic.
The impact of fast-pathing is up to a 5x improvement in firewall traffic throughput! Of course, with a blend of real-world traffic mixes, not all applications qualify for trusted traffic FastPath acceleration, but if a substantial portion of your traffic can be accelerated on the FastPath, you could increase your firewall’s security scanning capacity while allowing more trusted traffic. That’s a win-win.
Sophos Xg V18 Ha Setup
Be sure to see how to make the most of the Network Flow FastPath on your network to learn how this works and how to set it up optimally.
TLS inspection speed
The new Xstream TLS inspection solution also brings a tremendous boost in decrypting and inspecting encrypted traffic flows, with up to a 2x improvement in performance. And when you combine the added performance with the very granular and easy to manage TLS inspection policies, you can be sure you’re only inspecting traffic that really needs it – and now do it faster than ever.
See how to make the most of Xstream TLS Inspection on your XG Firewall.
IMIX traffic performance
Internet Mix or IMIX is an often used reference in measuring typical real-world internet network traffic performance, making it a good metric to consider when looking at performance.
The new Xstream architecture in XG Firewall v18 brings a substantial boost in performance to this important metric. On our mid-range firewall models, the gains are over 100%, with the average across the XG Series line being a 57% improvement in performance.
This is all thanks to optimizations in the packet processing flow, DPI engine, and Network Flow FastPath. It’s an incredible real-world improvement in traffic processing performance.
Other common traffic performance measurements also benefit from the Xstream architecture in v18, including raw firewall performance, IPS, AV, application control, and malware protection.
Get the latest XG Firewall brochure to see the latest performance metrics and how your XG Series model stacks up.
SSL VPN capacity
Further optimizations to our SSL engine in XG Firewall v18 MR3 bring some dramatic improvements to remote access SSL VPN capacity, with up to 6x the number of connections possible on our higher-end appliances.
Increases are more modest at the entry-level, but on a typical mid-range device like the XG 310, the capacity has tripled! This is great news for everyone managing a remote workforce these days.
Check out the other great enhancements with remote-access VPN.
Upgrade today
If you haven’t already, upgrade to XG Firewall v18 today. It’s a free performance boost, and you get a ton of great new protection and networking features.
Be sure to take advantage of all the resources available, including the recent “Making the Most of XG Firewall v18” article series that covers all the great new capabilities in XG Firewall v18: