Skip to content

Sophos - XG Firewall v17.5 is now available

Introducing Lateral Movement Protection. XG Firewall v17.5 is now available, bringing new Synchronized Security features, options for education institutions and more of your top requested features. As outlined in our 2019 Threat Report, the rise in targeted ransomware and other active adversary attacks makes rapid identification and response critical to contain these threats and prevent them from moving laterally across your network. Lateral Movement Protection, a new Synchronized Security feature, builds on the success of Security Heartbeat™ in providing an automated response to the presence of a threat. It not only isolates the compromised system from accessing network resources at the firewall, but also now enlists the aid of all healthy endpoints on the network to synchronize a defense. All healthy Sophos endpoints will isolate any compromised system, providing isolation at the endpoint level, and preventing any threat from moving laterally – even on the same broadcast domain or network segment. We will be diving into this and other Synchronized Security features in more detail in the days ahead. In addition to Lateral Movement Protection, there’s a variety of new features focused on protection, flexibility, networking and management. Watch this short overview of the release highights, review a summary below, or get the full list of What’s New in XG Firewall v17.5.

What’s new in XG Firewall v17.5

Here’s a quick overview of the key new features in v17.5:
  • Synchronized Security – lateral movement protection – extends our Security Heartbeat™ automated threat isolation to prevent any threat from moving laterally or spreading across the network, even on the same subnet. The firewall instructs all healthy endpoints to completely isolate any unhealthy endpoints.
  • Synchronized User ID – utilizes Security Heartbeat™ to greatly streamline authentication for user-based policy enforcement and reporting in any Active Domain network by eliminating the need for any kind of server or client agent.
  • Education features – such as per-user policy-based control over SafeSearch and YouTube restrictions, teacher enabled block-page overrides, and Chromebook authentication support.
  • Email features – adds Sender Policy Framework (SPF) anti-spoofing protection and a new MTA based on Exim, which closes a couple of top requested feature differences with SG Firewall.
  • IPS protection – is enhanced with greatly expanded categories enabling you to better optimize your performance and protection.
  • Management enhancements – including enhanced firewall rule grouping with automatic group assignment, and a custom column selection for the log viewer.
  • VPN and SD-WAN failover and failback – including new IPSec failover and failback controls and SD-WAN link failback options.
  • Client authentication – gets a major update with a variety of new enhancements such as per-machine deployment, a logout option, support for wake from sleep, and MAC address sharing.
  • Sophos Connect – is our new IPSec VPN Client, free for all XG Firewall customers, that makes remote VPN connections easy for users, and supports Synchronized Security.
In addition, coming in a following maintenance release we have:
  • Wireless APX access point support – provides support for the new Wave 2 access points providing faster connectivity and added scalability.
  • Airgap support – for deployments where XG Firewall can’t get updates automatically via an internet connection (due to an “airgap” or physical isolation), XG Firewall can now be updated via USB.

Sophos Central management of XG Firewall

With v17.5, XG Firewall is also joining Sophos Central. The Early Access Program for Sophos Central Management of XG Firewall is expected to start in early December. You will be able to manage XG Firewall from within Sophos Central along with all your other Sophos Central products. And there’s a few great new features coming along with Sophos Central Management of XG Firewall that will be introduced over time:
  • Secure access and management with single-sign-on through Sophos Central from anywhere.
  • Backup management and storage for your regularly scheduled firewall backups.
  • Firmware update management to make multiple firewall updates easy.
  • Light-touch deployment to enable easy remote setup of a new firewall.
We will announce the early access program for Central Management of XG Firewall on this blog, so stay tuned for more information on this in the days ahead.

Get it now!

The firmware will be rolled-out automatically to all systems over the coming weeks but you can access the firmware anytime to do a manual update through MySophos. Watch this video for instructions on how to update your XG Firewall firmware. Head on over to the XG Firewall Community Blog to get the full release notes.

Making the most of your new XG Firewall features

To help you make the most of all the new features in XG Firewall v17.5, please visit this Knowledgebase Article and the XG Firewall Customer Support Center.

Add Synchronized Security to your network

If you’re new to XG Firewall and want to see how it provides the world’s best visibility, protection and response, you can find out more on the XG Firewall pages on our website. It’s super easy to deploy. In fact, you don’t even need to replace your existing firewall to get all the great benefits of Sophos Synchronized Security. You can deploy XG Firewall inline with your existing firewall – it’s easy, risk-free, and brings tremendous visibility, protection and response benefits to your network. See how easy it is to add Synchronized Security to your network.
Previous article Advisory: Sophos Central Maintenance scheduled

More Sophos News Posts