In today’s economic climate, when every potential investment is under additional scrutiny, it’s important to consider how a product will work for your customers over its full lifecycle. If there’s one lesson for all of us from the pandemic, it’s that IT infrastructure needs a built-in, transformer-like ability to adapt and scale to changing requirements. Many businesses still have a foot in two worlds as they transition from traditional on-premises equipment to the cloud-enabled world and SASE. But adoption is at different phases, from industry to industry and from business to business, and firewalls need to build a bridge, to support your customers wherever they are on their journey.
But how do you build a firewall to be future proof?
Performance improvements in SFOS v19.5
As was the case in the last major release (v19), Sophos Firewall v19.5 brings further performance improvements across all XGS hardware models. For example, IPsec VPN throughput has increased by more than 30% on many models. IPsec VPN capacity has even doubled on some models, for twice the number of concurrent tunnels than with the previous version. If SD-WAN (or branch office connectivity, if that’s what you want to call it) is on your IT agenda right now, these numbers are significant. These improvements partly come from optimized hardware acceleration workflows.
In our desktop models, we’ve optimized our platform to make better use of the multi-core architecture in the Xstream Flow Processors (NPU), resulting in increases in firewall IMIX throughput of between 20% and 38%. Firewall IMIX is tested using different packet sizes, in contrast to general firewall throughput which uses just a single packet size.
While most firewalls get slower over time, particularly when new capabilities are added, our firewall is designed to keep pace with evolving protection requirements, and just keeps getting faster.
The Xstream Architecture
Our programmable, dual processor architecture gives us many options to optimize traffic flows and so make more efficient use of precious CPU cycles. This is firewall tuning by design and for our customers the benefits are twofold: better value for money, and better performance from release to release to scale up protection without compromise.
As mentioned in a previous blog post, the latest release accelerates TLS encrypted traffic flows on the dedicated hardware FastPath. Often described as offloading, this frees up cycles on the main CPU which improves overall performance. This may not show up in the standardized test stats shown on a datasheet, but depending on your customer’s environment, and the type of traffic flowing through it, you’ll notice that the product is more responsive as we reduce latency, making day-to-day management better.
With the Xstream Architecture, the price:performance ratio or ‘price/TCO per protected megabit per second’ goes from being a snapshot of a moment in time, to a constantly improving indication of the bang your customers are getting for the buck. (Did I mention that you can also adapt connectivity on our firewalls?)
If your customers are currently using an XG Series hardware appliance, they can benefit from a 50% discount on an XGS hardware refresh. If they’re using an SG Series with Sophos UTM, we have unbeatable savings for them when they switch over. And if they’ve yet to discover the benefits of Sophos Firewall over their competitive firewall, we have excellent offers for them, too.
Sophos Firewall v19.5 is currently in early access and is scheduled for release on November 17. Check out the full list of updates in this What’s New PDF or reach out to your local Sophos team or distributor to find out more.