Sophos Firewall v22 bolstered Secure by Design, taking it to a whole new level with major updates to the architecture and new features like the Health Check to help identify high-risk configurations.

Sophos Firewall v22 MR1 adds several enhancements, including additional Secure by Design capabilities along with a new set of NDR detections for active threats – significantly enhancing both the proactive protection of Sophos Firewall as well as Detection and Response capabilities to identify and stop active threats.

Secure by Design

Sophos Firewall v22 introduced a new Sophos XDR Linux sensor as part of our Secure by Design initiative to enable better telemetry gathering for our proactive monitoring to detect elements such as file tampering. 

MR1 extends this sensor’s detection capabilities to include compromises resulting from interactive or reverse shell access and blocks related TCP or UDP command and control activity, and it is now integrated across the full XGS Series lineup.

Detection and response: NDR Active Threat Intelligence

Sophos Firewall v22 MR1 also introduces iSensor IPS technology from the SecureWorks Taegis platform. This new NDR Active Threat Intelligence provides additional curated IPS detection patterns to help identify malicious traffic and active adversaries operating on the network, enabling more effective investigations for XDR and MDR analysts.

Enable these new NDR Active Threat Intelligence detections in the Active threat response > NDR tab (screen shot below) and then add the detections to your firewall rules by checking the box next to the IPS settings in each rule.

Here are some other notable MR1 enhancements.

NDR Essentials now available on all Sophos Firewall platforms

• NDR Essentials now supports all Sophos Firewall platforms, including virtual, cloud, and software, in addition to all XGS Series supported at launch.

Audit and compliance enhancement

• For configuration changes made to a single firewall through Sophos Central, the Sophos Central user identity is logged. This provides audit traceability and supports NIS2 and similar compliance requirements. The audit information is available in the Sophos Firewall log viewer and in Sophos Central logs and reports.

VPN improvements

• VPN stability fixes: Resolved policy-based IPsec VPN issues identified in SFOS 22.0 GA, including fixes for NC-177450, NC-174800, NC-177136, NC-174304, NC-172504, NC-173054, and NC-176083.
• Remote access IPsec (legacy): Legacy remote access IPsec VPN has been retired and is no longer supported. You won’t be able to upgrade firewalls using this legacy configuration to SFOS 22.0 MR1 and later. If you are still using this legacy IPsec VPN, take action as outlined in this KB article: Retirement of the legacy IPsec remote access VPN in SFOS 22.0 MR1.
• Sophos Connect: You can now establish remote access SSL VPN connections on macOS devices using Sophos Connect 2.0 for macOS. Sophos Connect release notes.

Storage and network enhancements

• Optimized SSD usage and write operations to improve SSD lifespan for long-term use.
• Support for updating the MTU and MSS values of Wi-Fi interfaces using existing CLI commands.

Sophos Firewall Config Studio V2

(Formerly known as Sophos Firewall Configuration Viewer)

Sophos Firewall Config Studio is the latest version of our very popular browser-based tool, which simplifies viewing, comparing, and now editing firewall configurations.

• Configuration report: View all rules, policies, and settings in a single configuration report.
• Compare configurations: Compare two configurations and identify added, removed, modified, and unchanged items.
• Configuration editor: Add configurations directly or import firewall configurations and edit them in the tool. Download the configurations and import them into the firewall or copy them in API or curl formats for use with these methods.

Access it here: Sophos Firewall Config Studio.

Updated CIS benchmark for v22

We are also pleased to announce that the CIS benchmarks used as a basis for security configuration best practices by the Sophos Health Check feature introduced in v22 have been updated and are available to download on the CIS website.

Release notes

Check out the full release notes for more details and a list of fixes.

Keep your firmware up to date

It’s extremely important to ensure your firewall firmware is kept date as every release integrates important security and stability fixes. Since all firmware updates are free for licensed Sophos Firewall customers with a valid support license (included with the Xstream Protection bundle), there’s no reason not to take advantage of all the great enhancements in every release.