If you’re not one of the many customers that have already upgraded to Sophos Firewall v22, now is the perfect time. Optimize your Sophos Firewall security posture and take advantage of the many new Secure by Design capabilities in the release to strengthen your firewall and network security. 

Firewalls are under attack:  We need secure products as much as we need security products

Sophos Firewall v22 takes Secure by Design to a whole new level – make sure your firewall, and by extension, your network, is as secure as possible. And this update is free for all Sophos customers with an active Xstream Protection or Enhanced (Plus) support license.

Here’s a quick overview of many of the new enhancements included in v22:

Sophos Firewall Health Check

A strong security posture depends on ensuring your firewall is optimally configured. Sophos Firewall v22 makes it much easier to evaluate and address the configuration of your firewall with the new Health Check feature.

This new feature evaluates dozens of different configuration settings on your firewall and compares them with CIS benchmarks and other best practices, providing immediate insights to areas that may be at risk. It will identify all high-risk settings and provide recommendations with quick drill-down to the areas of concern so you can easily address them.

Check out this video for how to make the most of this new feature:

Other Secure by Design enhancements

• Next-Gen Xstream Architecture – introducing an all-new control plane re-architected for maximum security and scalability that will take us into the future. The new control plane enables modularization, isolation, and containerization of services like IPS for example, to run like “apps” on the firewall platform. It also enables complete separation of privileges for added security. In addition, high-availability deployments now benefit from a self-healing capability that is continuously monitoring system state and fixes deviations between devices automatically.
• Hardened kernel - The next-gen Xstream Architecture in Sophos Firewall OS is built upon a new hardened kernel (v6.6+) that provides enhanced security, performance, and scalability. The. new kernel offers tighter process isolation and better mitigation for side-channel attacks as well as mitigations for CPU vulnerabilities (Spectre, Meltdown, L1TF, MDS, Retbleed, ZenBleed, Downfall). It also offers hardened usercopy, stack canaries, and Kernel Address Space Layout Randomization (KASLR).
• Remote integrity monitoring - Sophos Firewall OS v22 now integrates our Sophos XDR Linux Sensor that enables real-time monitoring of system integrity, including unauthorized configuration, rule exports, malicious program execution attempts, file tampering, and more. This helps our security teams - who are proactively monitoring our entire Sophos Firewall install base - to better identify, investigate, and respond more quickly to any attack. This is an added security capability that no other firewall vendor provides.
• New anti-malware engine - Sophos Firewall OS v22 integrates the latest Sophos anti-malware engine with enhanced zero-day real-time detection of emerging threats using global reputation lookups. It takes full advantage of SophosLabs' massive cloud database of known malicious files, updated every five minutes or less. It also introduces AI and ML model detections and delivers enhanced telemetry to SophosLabs for accelerating their emerging threat detection analysis.

Other security and scalability enhancements

• Firmware updates via SSL and certificate pinning ensures authenticity
• Active Threat Response logging improvements enhance visibility
• NDR Essentials threat score is included in logs for added insights
• NDR Essentials data center selection for data residency requirements
• Instant web category alerts for education institutions
• XML API access control enhancements with added granularity
• TLS 1.3 support for device access for the WebAdmin console and portals

Top requested features and quality-of-life enhancements

• Enhanced navigation performance
• Hardware monitoring for SNMP with a downloadable MIB
• sFlow monitoring for real-time visibility
• NTP server settings defaults to “Use pre-defined NTP server”
• UI enhancements for XFRM interfaces with pagination and search/filter options

SG UTM features

With Sophos UTM coming toward end-of-life soon (July 30, 2026), some migrating customers will appreciate these added features:

• SHA 256 and 512 support for OTP tokens
• MFA support for WAF form-based authentication
• Audit trail logs with before and after tracking to meet the latest NIST standards

Get the full details

Download the full What’s New Guide for a complete overview of all the great new features and enhancements in v22.

How to get v22

As with every firewall release, Sophos Firewall v22 is a free upgrade for Sophos Firewall customers with Enhanced or Enhanced Plus Support and it will be available to download via Sophos Central or your on-device management console. You can schedule an update via Sophos Central or apply it immediately.

What else is new: Sophos Configuration Viewer

In case you haven’t already seen it, be sure to check out our new Sophos Firewall Configuration Viewer.  Watch this video for more details on what it can do.