Sophos Firewall OS v19 is now entering the 2nd phase of the early access program (EAP) providing access to the full set of v19 features slated for general availability in April.
The new enhancements include Xstream FastPath Acceleration of IPsec VPN traffic which provides a tremendous performance boost and adds to the other Xstream SD-WAN capabilities added in EAP1.
New Xstream FastPath Acceleration for IPsec Traffic
Sophos Firewall OS v18 introduced the Xstream Architecture that enables FastPath acceleration of trusted traffic flows. The new XGS Series hardware appliances added dedicated Xstream Flow Processors for hardware acceleration of trusted traffic flows. One of the great benefits of the programmable flow processor is that additional features and capabilities can be added to further improve performance.
SFOS v19 EAP2 adds IPsec VPN hardware FastPath acceleration for XGS Series appliances which automatically puts IPsec tunnel flows on the FastPath through the Xstream Flow Processor. This dramatically improves performance, moving some of the CPU-intensive processing required for IPsec tunnels to the Xstream Flow Processor such as ESP- encapsulation/encryption and decapsulation/decryption. This new feature takes full advantage of the hardware crypto capabilities within the Xstream Flow Processor and has the added benefit of freeing up CPU resources for other tasks like deep-packet inspection of traffic that needs it.
Xstream FastPath Acceleration for IPsec traffic works for both site-to-site and remote access VPN traffic, however, IPsec connections with weak cipher or auth algorithms (DES, 3DES, Two Fish, MD5) will not be off-loaded.
Other Enhancements in SFOS v19 EAP2:
- Several SD-WAN Policy Based Routing (PBR) enhancements for usability and trouble-shooting based on early EAP feedback (see image below for a list of enhancements in this area)
- Added a default object group for Internet IPv4 hosts that can be used as a network matching criteria to match all internet WAN traffic making it easy to configure SD-WAN PBRs that only apply to WAN destined traffic.
- Sydney, Australia data center option for Zero-Day Protection (which will be live around the end of Feb. – we will make another community announcement when it becomes active)
- Device and management identity enhancements now show the device hostname in the browser tab and the active user ID in the upper right corner of the management console which makes managing multiple firewalls and admin accounts easier.
- Numerous performance and stability enhancements since the first EAP build
All the New Enhancements in v19:
For the full list of all new capabilities in v19, refer to the What’s New guide.
Watch brief demo videos for many of the new features:
- SD-WAN Profiles and Performance-based SLAs
- VPN Enhancements
- AWS VPC Setup
- New Search Features
- Per-Connection Authentication
- Multi-Factor Authentication
How to get it:
If you’re new to v19, now is the perfect time to participate in the early access program, try out the great new capabilities, and provide your feedback to help make this release the best it can be. Register here to access the early access program firmware.
Sophos Firewall OS v19 EAP2 (Build 271) is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later and all versions of v18.5.
If you’re already participating in the EAP program for SFOS v19, you will see the new build available in your console as a firmware update. Update and let us know what you think.
How to provide feedback:
We welcome and encourage your feedback. Please use the feedback mechanism in the product on the top right of every firewall screen. You can also get assistance and interact with others in the EAP program through the community forums.
If you’re new to Sophos Firewall:
Check out how Sophos Firewall can transform your network with Xstream Protection and Performance.