{"id":9258,"date":"2025-06-02T10:01:02","date_gmt":"2025-06-02T08:01:02","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=9258"},"modified":"2025-06-02T10:03:14","modified_gmt":"2025-06-02T08:03:14","slug":"sophos-firewall-v21-5-now-available","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/en-us\/2025\/06\/products\/sophos-firewall-v21-5-now-available\/","title":{"rendered":"Sophos Firewall v21.5 is Now Available"},"content":{"rendered":"<p>Following a very busy and successful early access program, the Sophos Firewall team is pleased to announce that v21.5 is now available to all licensed Sophos partners and customers bringing an industry-first innovation \u2013 integrating Network Detection and Response (NDR) &#8211; enhancing active threat detection on your network.<\/p>\n<h2><strong>What\u2019s New Overview<\/strong><\/h2>\n<p>Watch this video, review the <a href=\"https:\/\/assets.sophos.com\/X24WTUEQ\/at\/7t8k46h9ttmxt6pn8g58k7wb\/sophos-firewall-key-new-features.pdf\" target=\"_blank\" rel=\"noopener\">What\u2019s New Guide<\/a>, or consult the <a href=\"https:\/\/docs.sophos.com\/releasenotes\/output\/en-us\/nsg\/sf_215_rn.html\" target=\"_blank\" rel=\"noopener\">Release Notes<\/a>:<\/p>\n<p><iframe loading=\"lazy\" title=\"YouTube video player\" src=\"https:\/\/www.youtube.com\/embed\/bry0dJQ3SzE?si=4XTj-0SP4z3kTQ4J\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>An Industry First Innovation &#8211; NDR Essentials<\/strong><\/h2>\n<p>Sophos is the first to integrate an NDR solution with a firewall, further extending Sophos Firewall\u2019s advantages with XDR and MDR use cases. We\u2019ve taken the novel approach of implementing NDR in the Sophos Cloud to offload all analysis processing from the firewall, eliminating any performance hit. We\u2019re calling this NDR Essentials, and the best part is, we\u2019re enabling this for all XGS Series firewall customers who have the Xstream Protection license bundle \u2013 at no extra charge.<\/p>\n<p><strong>How NDR Essentials Works:<\/strong><\/p>\n<p>Sophos Firewall\u2019s XGS Series captures meta data from TLS encrypted traffic and DNS queries and sends that information to NDR Essentials in the Sophos Cloud where the data is analyzed using multiple AI engines.\u00a0 It can detect malicious encrypted payloads without performing TLS decryption. This addresses a huge blind spot in most organizations where man-in-the-middle TLS inspection is not being used for performance, usability, or security reasons.\u00a0 In addition, NDR Essentials domain generation algorithm detects new and suspect domains generated by malware that are often a key indicator of compromise and in many cases, can detect new c2 domains before they are even registered.<\/p>\n<p>The meta data extraction is performed by a new lightweight engine implemented on the Xstream FastPath, and as a result, one caveat with this new capability is that it is only available on XGS Series hardware firewalls.\u00a0 Virtual, software, and cloud firewalls may get this NDR Essentials integration capability in the future, but not in v21.5.<\/p>\n<figure id=\"attachment_9098\" aria-describedby=\"caption-attachment-9098\" style=\"width: 1090px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-9098 size-full\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/04\/sophos-firewall-v21.5-setup-and-monitor-ndr-essentials.png\" alt=\"\" width=\"1090\" height=\"864\" srcset=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/04\/sophos-firewall-v21.5-setup-and-monitor-ndr-essentials.png 1090w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/04\/sophos-firewall-v21.5-setup-and-monitor-ndr-essentials.png?resize=300,238 300w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/04\/sophos-firewall-v21.5-setup-and-monitor-ndr-essentials.png?resize=768,609 768w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/04\/sophos-firewall-v21.5-setup-and-monitor-ndr-essentials.png?resize=1024,812 1024w\" sizes=\"auto, (max-width: 1090px) 100vw, 1090px\" \/><figcaption id=\"caption-attachment-9098\" class=\"wp-caption-text\">NDR Essentials is easy to setup and use from the Active Threat Response section of the product.<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<h2><strong>Demo Videos:<\/strong><\/h2>\n<p>Read on for more details or watch these demo videos for deeper insights into how to make the most of the major new features and capabilities:<\/p>\n<ul>\n<li><a href=\"https:\/\/techvids.sophos.com\/share\/watch\/EpC3KHbf5Sy9jvc56zH3xK\" target=\"_blank\" rel=\"noopener\">NDR Essentials<\/a><\/li>\n<li><a href=\"https:\/\/techvids.sophos.com\/watch\/ALifqghWmGdTRE6GFqerqr\" target=\"_blank\" rel=\"noopener\">Entra ID SSO for Remote Access VPN<\/a><\/li>\n<li><a href=\"https:\/\/techvids.sophos.com\/watch\/tjtTBKvpYiYMPRHQcqzjEr\" target=\"_blank\" rel=\"noopener\">DNS Protection<\/a><\/li>\n<li><a href=\"https:\/\/techvids.sophos.com\/watch\/1KER7i14ivZDmVXeecs4qK\" target=\"_blank\" rel=\"noopener\">Streamlined Management Enhancements<\/a><\/li>\n<\/ul>\n<p><strong>\u00a0<\/strong><\/p>\n<h2><strong>Other Enhancements and Top Requested Features<\/strong><\/h2>\n<p><strong>Entra ID (Azure AD) single sign-on for remote access VPN<\/strong><\/p>\n<p>One of your top requested features makes remote access VPN easier for end users, enabling them to use their corporate network credentials with the Sophos Connect client and the firewall VPN portal:<\/p>\n<ul>\n<li>Entra ID (Azure AD) single-sign on integration with Sophos Connect and the VPN portal is now included in SFOS v21.5<\/li>\n<li>It provides cloud-native integration over the industry standard OAuth 2.0 and OpenID Connect protocols for a seamless experience<\/li>\n<li>Supported with Sophos Connect client 2.4 (and later) on Microsoft Windows<\/li>\n<li>Other VPN and scalability enhancements<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>User interface and usability enhancements<\/strong><\/p>\n<p>Connection types have been renamed from \u201csite-to-site\u201d to \u201cpolicy-based,\u201d and tunnel interfaces have been renamed to \u201croute-based\u201d to make these more intuitive<\/p>\n<ul>\n<li>Improved IP lease pool validation: Across SSLVPN, IPsec, L2TP, and PPTP remote access VPN to eliminate potential IP conflicts<\/li>\n<li>Strict profile enforcement: On IPsec profiles that exclude default values to ensure a successful handshake, eliminating potential packet fragmentation and tunnels failing to establish properly<\/li>\n<li>Route-based VPN scalability: Route-based VPN capacity is doubled with support for up to 3,000 tunnels<\/li>\n<li>SD-RED scalability: Sophos Firewalls now support up to 1,000 site-to-site RED tunnels and up to 650 SD-RED devices.<\/li>\n<\/ul>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>Sophos DNS Protection<\/strong><\/p>\n<p>Last year, we launched our DNS Protection service and made it free for all Xstream Protection-licensed firewall customers. With this release, Sophos DNS Protection gets further integration with Sophos Firewall:<\/p>\n<ul>\n<li>New control center widget to indicate service status<\/li>\n<li>New troubleshooting insights via logging and notifications<\/li>\n<li>New guided tutorial on how to set up Sophos DNS Protection easily<\/li>\n<\/ul>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>Streamlined management and quality-of-life enhancements<\/strong><\/p>\n<p>As with every Sophos Firewall release, this version includes several quality-of-life enhancements that make day-to-day management easier:<\/p>\n<ul>\n<li>Resizable table columns: A long-requested feature, many firewall status and configuration screens now support resizable column widths that are retained in browser memory for subsequent visits. Many screens such as SD-WAN, NAT, SSL, Hosts and services, and site-to-site VPN, all benefit from this new feature.<\/li>\n<li>Extended free text search: SD-WAN routes now enable searching by route name, ID, objects, and object values like IP addresses, domains, or other criteria. Local ACL rules also now support searching by object name and value, including content-based search.<\/li>\n<li>Default configuration: By popular demand, the default firewall rules and rule group previously created when setting up a new firewall have been removed with only the default network rule and MTA rules provided during initial setup. The default firewall rule group and the default gateway probing for custom gateways are both set to \u201cNone\u201d by default.<\/li>\n<li>New font: The Sophos Firewall user interface now sports a new lighter, cleaner, sharper font for added readability and improved performance<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Other enhancements<\/strong><\/p>\n<ul>\n<li>Virtual, software, cloud licensing: In case you missed it, all Sophos Firewall virtual, software, and cloud licenses (BYOL) no longer have RAM limits. Licenses are now strictly limited by core count and have no RAM restrictions.<\/li>\n<li>Larger file size limit in WAF: Supports a configurable request (upload) file size limit for Web Application Firewall (WAF), which can now scan files up to 1 GB<\/li>\n<li>Secure by design: We are continually improving the security of Sophos Firewall, and in this release are adding real-time telemetry gathering to flag any unexpected changes to core OS files using secure hash validation. This will enable our monitoring teams to proactively identify potential security incidents early before they can become a real problem.<\/li>\n<li>DHCP prefix delegation relaxation: Now supports \/48 to \/64 prefixes, improving interoperability with ISPs. Router advertisements (RA) and the DHCPv6 server are also now enabled by default.<\/li>\n<li>Path MTU discovery: This will resolve TLS decryption errors due to the latest ML-KEM (Kyber) key exchange support in browsers. The Sophos Firewall deep packet inspection engine will now automatically detect and adjust the MTU for each flow, ensuring optimal performance based on specific network conditions.<\/li>\n<li>NAT64 (IPv6 to IPv4 traffic): NAT64 is supported for IPv6 to IPv4 traffic in explicit proxy mode. In this mode, IPv6-only clients can access IPv4 websites. The firewall also supports IPv4 upstream proxy for IPv6-only clients.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2><strong>How to get v21.5<\/strong><\/h2>\n<p>As with every firewall release, Sophos Firewall v21.5 is a free upgrade for Sophos Firewall customers with Enhanced or Enhanced Plus Support and should be applied to all supported firewall devices as soon as possible. This release not only contains great features and performance enhancements, but also important security fixes.<\/p>\n<p>This firmware release will follow our <a href=\"https:\/\/community.sophos.com\/sophos-xg-firewall\/b\/blog\/posts\/firewall-firmware-release-process-and-timeline\" target=\"_blank\" rel=\"noopener\">standard update process<\/a>.<\/p>\n<p>You can either wait until the firmware update notification appears in Sophos Central or your local device console or you can manually download the latest Sophos Firewall firmware from Sophos Central at any time.<\/p>\n<p>Here\u2019s a quick reminder on how to get the latest firmware from Sophos Central:<\/p>\n<ol>\n<li>Log in to your Sophos Central account and select \u201cLicensing\u201d from the drop-down menu under your account name in the top right of the Sophos Central console.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9259\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-central-licensing-tab.png\" alt=\"\" width=\"640\" height=\"222\" srcset=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-central-licensing-tab.png 1430w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-central-licensing-tab.png?resize=300,104 300w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-central-licensing-tab.png?resize=768,266 768w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-central-licensing-tab.png?resize=1024,354 1024w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/li>\n<li>Select Firewall Licenses on the top left of this screen.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9260\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-central-licensing-sophos-firewall.png\" alt=\"\" width=\"640\" height=\"228\" srcset=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-central-licensing-sophos-firewall.png 1430w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-central-licensing-sophos-firewall.png?resize=300,107 300w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-central-licensing-sophos-firewall.png?resize=768,273 768w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-central-licensing-sophos-firewall.png?resize=1024,364 1024w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/li>\n<li>Expand the firewall device you\u2019re interested in updating by clicking the \u201c&gt;\u201d to show the licenses and firmware updates available for that device.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9261\" src=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-firewall-licensing-sophos-firewall-extended.png\" alt=\"\" width=\"640\" height=\"317\" srcset=\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-firewall-licensing-sophos-firewall-extended.png 1430w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-firewall-licensing-sophos-firewall-extended.png?resize=300,149 300w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-firewall-licensing-sophos-firewall-extended.png?resize=768,381 768w, https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/sophos-firewall-licensing-sophos-firewall-extended.png?resize=1024,508 1024w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/li>\n<li>Click the firmware release you want to download (note there is currently an issue with downloads working in Safari, so please use a different browser such as Chrome).<\/li>\n<li>You can also click \u201cOther downloads\u201d in the same box above to access initial installers and software platform firmware updates.<\/li>\n<\/ol>\n<p>The new v21.5 firmware will be gradually rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.<\/p>\n<p>Sophos Firewall v21.5 is a fully supported upgrade from any supported Sophos Firewall firmware version.<\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Thank you!<\/strong><\/h2>\n<p>A special thank you to all our dedicated partners and customers, especially those who helped make this release the best it could be by participating in the Early Access Program\u2026 Thank you!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>New innovations and top-requested features<\/p>\n","protected":false},"author":19,"featured_media":3000009055,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[325,8,149],"coauthors":[58],"class_list":["post-9258","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-sfos-v21-5","tag-sidebar","tag-sophos-firewall"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/04\/featured-image-sophos-firewall-v21-5-partner-blog-icon-1600x960px.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/9258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/comments?post=9258"}],"version-history":[{"count":3,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/9258\/revisions"}],"predecessor-version":[{"id":9274,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/9258\/revisions\/9274"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media?parent=9258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/categories?post=9258"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/tags?post=9258"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/coauthors?post=9258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}