Sophos hat die XG Firewall aktualisiert und auf die Version 19.5 GA Build 197 veröffentlicht.
Sophos XG Firewall 19.5 GA Build 197 Release Notes
Xstream architecture
- SD-WAN:
- SD-WAN load-balancing to maximize bandwidth use across multiple links. You can select load balancing as the routing strategy in SD-WAN profiles. You can use round-robin and session persistence based on source and destination IP addresses and connection criteria with gateway weights and SLAs. Ensures routing of application traffic across multiple links, including MPLS, WAN, VPN, and RED. See the help for Load balancing using SD-WAN profiles.
- Real-time monitoring and logging with enhanced gateway performance diagnostics for SD-WAN profiles. Shows link performance with total connections and data transfer count. You can also reset the counts for troubleshooting. See the help for SD-WAN performance diagnostics.
- IPsec VPN: Increased the maximum supported concurrent tunnels from 4,650 to 10,000. See the knowledgebase article Supported VPN tunnels on SFOS 18.5, 19, and 19.5.
High availability
- Cluster and device identification:
- Added customizable node names to easily identify HA devices. The name is shown in the browser tab, drop-down widget, CLI, and notifications, allowing you to always identify the device.
- Enhanced HA status panel with information about node names, licensing source, initial primary, current role and status, and status change time for troubleshooting.
- Ability to set the HA cluster ID.
- Clarifies which device is the primary and which the auxiliary plus their license requirements.
- Persistent banner on the auxiliary device to easily identify the device.
- HA widget moved to the admin drop-down on the upper-right making it always available for quick access. Shows the node names, a quick view of the cluster health, and the important cluster information.
- Node name, device role, and enhanced HA information on the CLI. Shows the device role in the hash prompt for easy troubleshooting.
- Redundant HA links:
- Support for up to four interfaces for the dedicated HA link. You can configure the redundant links in QuickHA and interactive modes.
- Automatically creates a LAG interface for multiple dedicated HA links selected in QuickHA mode.
- Supports LAG and VLAN interfaces for the dedicated HA link.
- Supports unbound interfaces as monitored ports if you’ve configured VLAN on them.
- Clearer selection for the preferred primary device.
See the video for Sophos Firewall 19.5: High availability enhancements.
Dynamic routing
- OSPFv3: Supports OSPFv3 protocol, enabling dynamic routing for IPv6 traffic.
- Better routing decisions: OSPF and OSPFv3 use the configured interface speed, selecting higher-speed interfaces for routing.
- BGP: Automatic router ID selection for BGP allows dynamic updates to the router ID.
- Logs: Provides logs related to adjacency information for BGP, OSPF, and OSPFv3. See the help for BGP and OSPF commands.
- Other enhancements are as follows:
- Integrated a new dynamic routing engine for stable and future-ready capability.
- Fully interoperable with other vendors.
Static routes
Allows you to configure administrative distance and metric for IPv4 static routes. See the help for Static route enhancements.
PKI acceleration for inspected TLS flows
The DPI engine offloads PKI processing for X.509 certificate re-signing for inspected TLS flows to the crypto hardware on the Xstream Flow Processor. PKI offloading delivers higher overall performance with SSL/TLS decryption in the following XGS Series appliances:
- 1UL (4300, 4500)
- 2U (5500, 6500)
See the help for information on Architecture for offloading.
Quality of life enhancements
The version offers the following enhancements:
- Azure AD SSO: Supports Azure AD SSO configuration for signing in to the web admin console. See the video for Sophos Firewall 19.5: Azure AD SSO.
- Interfaces:
- Interface speed: Detects the recommended link settings automatically. Supports advanced port configurations for high-speed interfaces, including FEC (Forward Error Correction) for high-speed 40G interface on XGS 5500 and 6500 appliances.
- Interface breakout: Supports the breakout of 40G interfaces into 2 or 4 x 10G interfaces through DAC or fiber breakout cables.
- Search: Search capability by name, type, and value for the default and custom objects for Hosts and services. See the video for Sophos Firewall 19.5: Search enhancements.
- Log storage: Enhanced .log file storage for better troubleshooting with configurable rotation count and archiving, along with timestamp and size changes, for single or multiple log files.
Quelle: Sophos Firewall v19.5 is Now Available – Release Notes & News – Sophos Firewall – Sophos Community
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.