Sophos Firewall OS v18.5 MR1 and Central Orchestration now available

SOPHOS

The latest version of SFOS includes many important performance, security, and feature enhancements. It wraps all the great capabilities released over the last year into a major new release that is now available on all SFOS devices: XG Series, XGS Series, virtual, software, AWS, Azure – all our supported platforms.

SFOS v18.5 MR1 is currently being pushed out to all active Sophos Firewall devices, but you can download the update from the MySophos licensing portal if you wish to get it before it appears in your console. Get the full details.

Keep your firewall firmware up to date!!!

And don’t forget, you can schedule firmware updates via Sophos Central if your firewalls are running v18 MR4 or later.

Sophos Central SD-WAN VPN Orchestration

If you’ve ever set up more than a couple of VPN tunnels between different firewalls, you know how time consuming and tedious this process can be. Sophos Central Orchestration makes interconnecting VPN tunnels between multiple Sophos Firewalls a quick and easy task.

What you need to take advantage of this

There are three pre-requisites for Central SD-WAN VPN orchestration:

  1. Participating firewalls must be running SFOS v18.5 MR1 (see above)
  2. Participating firewalls must be managed from Sophos Central (instructions here)
  3. Participating firewalls must have a trial or license for Central Orchestration (see below)

Central Orchestration is a new license subscription available as a 30-day trial on all Sophos (XG) Firewall devices running SFOS. Central Orchestration is included at no extra charge as part of the new Xstream Protection bundle for Sophos Firewall and is available as a separate license subscription as well.

While all Sophos (XG) Firewall licenses are currently being migrated to the new licensing scheme over the next few weeks, you can activate a Central Orchestration trial any time through MySophos to get started with the EAP right away:

  1. Log into the MySophos Portal at Sophos.com/MySophos
  2. Navigate to: Network Protection > View Devices and click on the device for which you wish to activate the trial to pop open the license details for that device
  3. Check the box to evaluate Central Orchestration and click Try Now (see screen shot below)
  4. The license update will synchronize with the firewall within 24 hours but you can manually synchronize from the firewall under Administration > Licensing

Central Firewall Reporting Advanced

 The new Central Orchestration subscription license also includes Central Firewall Reporting Advanced with 30 days of data retention in Sophos Central. This enables you to take advantage of all the great new Sophos Central reports and custom reporting tools to get deep insights across your entire estate of firewalls or any firewall group.

You can easily extend data retention up to a year through additional storage licenses. Check out the storage estimation tool to get a feel for what’s best for your particular needs.

In addition, Central Firewall Reporting Advanced also includes the Sophos XDR/MTR connector, which enables firewall data to be shared for cross-product Extended Detection and Response and our 24/7 Managed Threat Response service.

Sophos Central Firewall features coming next

The team is continually adding new features to Sophos Central for firewall management and reporting. There are two additional features heading to Central Orchestration within the coming weeks to make this capability even more helpful…

  • Multiple WAN link support – enabling redundant tunnels across two WAN links. The current implementation only supports a single WAN link. This enhancement is expected in September.
  • Enhanced NAT’d firewall support – supporting firewalls behind NAT devices in more scenarios to improve flexibility. This is expected to roll out following GA.

In addition, new features are planned later this year for Central Management and Reporting, including:

  • Enhanced Partner Dashboard inventory view
  • Streamlined onboarding of new firewalls for partners
  • Firewall rule pinning
  • Enhancements to backups and alerting
  • Management APIs
  • Added AWS region support
  • Numerous usability enhancements

And there’s a lot more exciting Sophos Network Security product news coming over the next few months.