Sophos Firewall v21.5 MR1 is Now Available

ProductsSFOS v21.5Sophos Firewall

Sophos Firewall v21.5 MR1 brings a number of enhancements; as well as reliability, stability and security fixes to your Sophos Firewall.

10 Ott 2025 Autore:

Sophos Firewall v21.5 MR1 brings the following enhancements:

  • Supports OAuth 2.0 as an additional authentication method for email notifications. We recommend that you move to OAuth 2.0 for Gmail. Gmail may stop supporting password-based authentication very soon.
  • Added localization support for scheduled reports. When an admin configures a scheduled report, the firewall now uses the customer’s preferred language (based on the language used to log in to the SFOS interface) for generating PDF reports.
  • NDR Essentials Data Center – You can now select the data center region for NDR Essentials flow analysis for regional or data residency requirements. By default, the system will choose the lowest latency region.
  • NDR Essentials Threat Score in Logs – The assigned threat score is now included in active threat response logs for enhanced visibility, reporting and analytics.
  • Syslog now uses the configured firewall hostname in the device_name field, enabling clearer identification of logs across multiple devices. This helps XDR and Taegis admins differentiate data from different firewalls by device_name and also improves other syslog-based integrations.
  • Secured High Availability – Removed automatic passphrase generation, allowing administrators to create stronger passphrases that meet complexity requirements. Added unique SSH host key verification to strengthen HA authentication and prevent man-in-the-middle attacks.
  • Resizable table columns for many features, including Local ACL, Neighbours (ARP-NDR), IP tunnels, Gateways, DHCP, DNS, IPv6 Remote Access, Zone, WAN link manager, Network, and Routing tables. Column sizes are retained in the browser memory for the administrator’s subsequent visits to the web admin console.
  • Hotspot vouchers – Filter or Sort vouchers by creation date. View newly created vouchers appearing on the first page.
  • Improved RFC compliance for SNMP MIB files to enhance compatibility with third-party SNMP tools. SNMPv1 complies with RFC 1157; SNMPv2 complies with RFCs 1901, 1905, and 1906; and SNMPv3 complies with RFCs 3411 to 3418.
  • Data usage for live users is now shown using the standard unit formats (KB, MB, and GB) for enhanced usability.
  • Import of groups from Active Directory and Microsoft Entra ID authentication servers will not turn on L2TP and PPTP by default. You can turn them on in the groups or the corresponding VPN configurations.
  • Improved troubleshooting in HA – HA logs include the node name and the current role information.
  • Early EoL notification for legacy RED site-to-site tunnels. These tunnels (Legacy Firewall RED server and client configurations) will not be supported in SFOS v22 and later versions. We recommend that you migrate to the supported RED site-to-site or VPN tunnels

Issues resolved:

Overall, v21.5 MR1 resolved 85+ important reliability, stability and security fixes.

Check out the v21.5 MR1 release notes for full details.

How to get the firmware and documentation

Sophos Firewall v21.5 MR1 is a free upgrade for all licensed Sophos Firewall customers with Enhanced or Enhanced plus support and should be applied to all supported firewall devices as soon as possible to ensure that you have all the latest security, reliability, and performance fixes.

This firmware release will follow our standard update process. You can manually download SFOS v21.5 MR1 from Sophos Central and update anytime. Otherwise, it will be rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.

Sophos Firewall OS v21.5 MR1 is a fully supported upgrade from all previous supported versions of v21.5, v21 and v20. Please refer to the Upgrade Information tab in the release notes for more details.

Full product documentation is available online and within the product.

Keep Your Firmware Up to Date

Sophos Firewall integrates an innovative Hotfix capability that enables us to push urgent and important patches out to the firewall “over the air” to address any new zero-day vulnerability or other critical issue that arises. This enables a rapid fix to be applied without requiring any downtime normally associated with a firmware upgrade and restart. You get the benefit of important fixes being applied immediately without any manual effort on your part.

However, it’s extremely important to ensure your firewall firmware is kept up to date as non-urgent security fixes are often integrated into maintenance releases. Since all firmware updates are free for licensed Sophos Firewall customers, there’s no reason not to take advantage of all the great enhancements in every release.

Informazioni sull’autore

Chris McCormack is a network security specialist at Sophos where he has been focused on firewall and network protection since joining Sophos in 2008. When not evangelizing Sophos network security products, Chris specializes in providing advice and insight into the latest threats and network protection technologies and strategies.