Sophos Firewall v20 MR2 is Now Available

ProductsMaintenance Release (MR)SFOS v20Sophos Firewall

Sophos Firewall OS v20 MR2 is a free upgrade for all licensed Sophos Firewall customers.

Jul 24 2024 By

Sophos Firewall v20 MR2 includes important enhancements such as an exciting new backup and restore assistant, Active Directory SSO improvements, and web protection optimizations.

Backup and restore assistant

The new Sophos Firewall backup and restore assistant enables firewall configuration backups to be easily restored on a different firewall appliance with flexible interface mapping options.  This makes it easy to upgrade Sophos Firewall XG Series to XGS Series, upgrade any XGS Series model to any other XGS Series model, or even migrate to or from software or virtual appliances. This also means you can easily migrate interfaces to higher-speed ports on your new or upgraded firewall.

You can also get creative and export a configuration template from a virtual appliance and then restore it on multiple hardware or virtual deployments to simplify repetitive configurations.

Easily map interfaces from the old to the new appliance

 

There are a few key dependencies or pre-requisites to take full advantage of this new assistant:

  • Backups of XG Series appliances should be made using v19.5 MR4, v20, or later.
  • Backups of XGS Series appliances need to be made using this release: v20 MR2 (or later)

 

This video covers the prerequisites and how to use this new assistant in more detail:

 

You can also check the compatibility of the appliances you plan to backup/restore and see the exact port configuration (including available flexi port modules) using a new tool that is available at https://docs.sophos.com/nsg/sophos-firewall/reference/backup_restore/port_mapping/en-us/

Check the compatibility of the models you plan to backup and restore

 

Additional enhancements in Sophos Firewall v20 MR2:

  • Active Directory Single Sign-on now provides improved support for high-availability failover situations
  • Active Directory Single Sign-on adds support for performing the Kerberos/NTLM handshake over HTTP or HTTPS for a more transparent SSO experience when HSTS is enforced
  • Web Protection performance is enhanced by reducing the system load when enforcing SafeSearch, YouTube restrictions, Google App login domain, or Azure AD tenant restrictions
  • Web Protection cipher customization now enables you to strike the best balance for your network between cipher compatibility, security, and audit compliance

 

How to get the firmware and documentation:

Sophos Firewall OS v20 MR2 is a free upgrade for all licensed Sophos Firewall customers and should be applied to all supported firewall devices as soon as possible to ensure that you have all the latest security, reliability, and performance fixes.

This firmware release will follow our standard update process. You can manually download SFOS v20 MR2 from Sophos Central and update anytime. Otherwise, it will be rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.

Sophos Firewall OS v20 MR2 is a fully supported upgrade from all previous versions of v20, v19.5 and v19.0. Please refer to the Upgrade Information tab in the release notes for more details.

Full product documentation is available online and within the product.

About the Author

Chris McCormack is a network security specialist at Sophos where he has been focused on firewall and network protection since joining Sophos in 2008. When not evangelizing Sophos network security products, Chris specializes in providing advice and insight into the latest threats and network protection technologies and strategies.