This section contains the new features for 18.0 MR5.
- SSL VPN and WAF ports: SSL VPN traffic won’t flow through the hosted IP addresses configured for WAF rules if it shares the same port and protocol (example: TCP port 443) with WAF. For more information, see VPN settings.
- Concurrent IPsec tunnels: Introduced more than 50 per cent increase in concurrent IPsec VPN tunnels across all hardware appliances. For more information, see the Advisory.
- IPsec provisioning file: Provided provisioning file support for IPsec remote access VPNs. Users must install version 2.1 of the Sophos Connect client.
SD-WAN: Azure secure SD-WAN integration with XG Firewall
Published article: How to integrate XG Firewall with Azure Virtual WAN (secure SD-WAN)
Authentication: Azure AD integration with XG Firewall
Published article: How to integrate XG Firewall with Azure AD
Certificate signing requests (CSRs) and certificates
- Streamlined forms and multiple SANs: Updated the forms for creating CSRs and certificates to allow more flexibility in adding Subject Alternative Names using DNS names and IP addresses, and removed unnecessary inputs.
- Security enhancements: Addressed security concerns by preventing the download of private key material for CSRs and locally-signed certificates.
- Upload, download, import: Provided new dialog boxes to allow CSR retrieval, and certificate upload for signing certificates (CAs) and leaf certificates. The boxes allow you to copy-paste PEM format certificates in addition to the DER, PKCS and PEM file transfer.
- Locally-signed certificates: Self-signed certificates have been renamed locally-signed certificates.
- Download format: CSRs and certificates can be downloaded as .csr and .crt files, respectively. They can’t be downloaded as tar.gz files any longer.
- Certificate with CA: Provided the option to add the certificate’s CA to the CA list, using the same name when importing certificates with CA.
- Workflow: Improvements to workflows and lists to make certificate management more intuitive.
- Sophos Central registration for HA devices: Improved handling of Sophos Central registration and seamless deregistration process.
- Notifications for missing heartbeats: Provided system commands on the CLI to delay or suppress notifications about endpoints going into missing heartbeat status after intentional actions, such as shutdown, restart, sleep, hibernate, and network switching. For more information, see the CLI help.
Remote Network Devices (REDs)
- Removed RED 10 from the configuration options. These are end-of-life devices which haven’t been supported since 18.0 MR3.
- The firewall no longer supports the currently configured RED 10 tunnels. A warning to this effect will appear on the UI.
Released the CASB report and MSP Flex licensing on Central Firewall reporting.