Sophos Firewall v21.5 now includes Sophos NDR-Essential and brings several improvements to simplify daily management.
Sophos has announced an update to its Sophos Firewall. It now includes Sophos NDR Essential, which is free for all customers with an XStream Protection license for Sophos Firewall.
With this integration, Sophos Firewall leverages two dedicated artificial intelligence engines to detect malware communications using algorithmically generated domain names. This new feature, stemming from the Sophos Network Detection and Response probe, identifies previously unknown malware or those that are not yet indexed. It complements the Active Threat Response capabilities already implemented in Sophos firewalls.
According to Chris McCormack, Senior Product Marketing Manager at Sophos, “NDR traffic analysis requires substantial processing power. That’s why we’ve adopted a new approach by deploying an NDR solution in Sophos Cloud. It offloads the heaviest tasks from the firewall.”
Sophos Connect now integrates EntraID for SSO
This new feature, VPN client bundled with Sophos Firewall enhances both security and user experience for SSL and IPSEC VPN connections. It is now possible to use EntraID [Azure AD] to authenticate users and implement multi-factor authentication for Sophos Connect and access to the user portal hosted by the firewall.
- Improved user interface and usability: Connection types have been renamed from “site-to-site” to “policy-based”. On the other hand, tunnel interfaces have been renamed “route-based” to make them more intuitive.
- Dynamic validation of the IP address pool allocated to VPN connections [SSL VPN, IPsec, L2TP, and PPTP] to better resolve potential IP address conflicts.
- Strict profile enforcement: IPsec profiles now exclude default values to synchronize algorithms, eliminating potential fragmentation of session-negotiation packets that could otherwise block site-to-site VPN tunnels.
- Route-based VPN and SD-RED scalability: The system now supports up to 3,000 simultaneously established tunnels. Sophos Firewall solutions can now handle up to 1,000 SD-RED site-to-site tunnels and up to 650 concurrent SD-RED devices.
Additional management improvements include:
- More flexible DHCP Prefix Delegation [IPv6 DHCP-PD]: Now supports /48 to /64 prefixes, improving compatibility with certain internet service providers.
- Router Advertisement [RA] and DHCPv6 server: Now enabled by default.Resizable table columns: The web admin interface continues to adapt to ultra-wide screens, and many configuration pages now allow column resizing as needed.Enhanced object search functionality: The search field in the SD-WAN routing configuration screen now supports more criteria [route name, ID, objects, object values such as IP addresses and domains, among others]. Local ACL rules now also support object name and value searches, including content-based searches.
- Default configuration changes: Default firewall rules and rule groups previously created during new firewall setups have been removed. Only the default network rule and MTA rules are now provided in the initial configuration. The default firewall rule group and the default gateway probe for custom gateways are both now set to “None” by default.
Secure by Design
Sophos continues to enhance the intrinsic design of its firewalls. The secure-by-design approach includes containerization of specific features and integrity checks on critical operating system files using mathematical checksums. Any checksum mismatch triggers a potential compromise alert, allowing monitoring teams to proactively identify possible security incidents affecting the firewall OS integrity. Incident response and development teams are then able to react swiftly to critical incidents.
Availability
Customers can now manually download and deploy this update on any Sophos Firewall equipped with a valid license.
