Sophos has released the longly awaited MR-3 with many good fixes in the package, read all here: RELEASE NOTES from Sophos: Enhancements in v18 MR-3. Security enhancements: Several security and hardening enhancements – including SSMK (secure storage master key) for the encryption of sensitive data. Refer KB-000040174 for more details. 1 3 Operating Instructions Putting into Operation Caution: Risk of explosion if battery is replaced by an incorrect type. XG 86 / 86w – RAM increased to 4 GB, eMMC storage increased to 16 GB XG 106 / 106w – RAM increased to 4 GB These models directly replace the XG 85 (w)/105 (w) which will only be sold for as long as stocks last. Please note: There are no changes to the SG Series Desktop model range. Sophos Sandstorm uses next-gen cloud-sandbox technology to give your organization an extra layer of security against ransomware and targeted attacks. Web Protection Comprehensive web protection and application control with powerful and flexible policy tools ensure your networked users are secure and productive.
Enhancements in v18 MR-3
Security enhancements:
Several security and hardening enhancements – including SSMK (secure storage master key) for the encryption of sensitive data. Refer KB-000040174 for more details.
Granular option to enable/ disable captcha authentication from CLI
VPN Remote Access enhancements:
Increase in SSL VPN connection capacity across entire firewall line up; 6x increase for 2U HW. KB-000039345 is being updated with enhanced capacity.
Group support for Sophos Connect VPN client
Cloud – AWS/ Azure/ Nutanix enhancements:
Support for newer AWS instances – C5/ M5 and T3 (#)
Support for CloudFormation Templates removing the need to run installation wizard in some cases (#)
Virtual WAN Zone on custom gateway for post deployment single arm usage
On single arm – single interface in AWS or Azure – admin can create multiple custom gateway and attached different zones to those gateways. This allows admin to create access and security rules for traffic going in to those zones.
XG Firewall is now Nutanix AHV and Nutanix Flow Ready. XG Firewall has been validated to provide two modes of operation within Nutanix AHV infrastructure.
Optimize cloud costs and improve security across multi-cloud environments with Cloud Optix. Automatic identification and risk-profiling of security and compliance risks across AWS, Azure and Google Cloud enables teams to fix security gaps and insecure deployments before they are compromised. Learn more.
(# available after a few days of release on community, once v18 MR-3 is available in the AWS marketplace)
Central management enhancements:
XG running in an HA configuration (either A-A or A-P) can now be managed by Sophos Central. Each firewall must be separately joined to the same Sophos Central account, and if grouped, both HA devices must be added to the same group.
Audit trail went live under the task queue
Central Firewall Reporting enhancements:
Earlier this month, we have released Save, schedule, export & download reports. Refer community post here.
Sophos Xg 86 Datasheet
Issues Resolved:
34 field reported issues including RED & HA cluster issues (list below)
Note: Upgrading from v17.5 MR13/ MR14/ MR14-1 to v18 MR-3 is now supported.
Check out our recent blog and video series on how to make the most of the many great new capabilities in XG Firewall v18 such as the Xstream Architecture, TLS Inspection, FastPath acceleration, Zero-day threat protection, NAT, and much more.
We also have a new Sophos Techvids site for XG Firewall v18.
Get it now!
As usual, this firmware update is no charge for all licensed XG Firewall customers. The firmware will be rolled-out automatically to all systems over the coming weeks but you can access the firmware anytime to do a manual update through Licensing Portal. You can refer this article for more information on How to upgrade the firmware.
For fresh installations, the download links will be updated right here very soon.
Things to know before upgrading
Sophos Xg 115
You can upgrade from SFOS 17.5 (MR6 to MR14-1) to v18 MR-3. Check out the relevant sections of the XG v18 release notes for details on:
Issues Resolved in v18 MR-3
NC-58229 [Authentication] Sophos AV and Avira AV Pattern updates failing
Selling the two smallest XG models, the XG 85(w) and 105(w), will be stopped in the middle of the year. With the XG 86(w) and the XG 106(w), Sophos is already introducing the successors, which can be pre-ordered from us today.
Which models are affected?
Before we get to the innovations, let’s take a quick look at what models we’re talking about here:
New: XG 86 Rev. 1 - Previously: XG 85 Rev. 3
New: XG 86w Rev. 1 - Previously: XG 85 Rev. 3
New: XG 106 Rev. 1 - Previously: XG 105 Rev. 3
New: XG 106w Rev. 1 - Previously: XG 105w Rev. 3
XG 86
The XG 85 was almost unusable up to now. We could only approve the use of this hardware for a maximum of 3 users. But even then we would always have personally recommended the XG 105. From our point of view, the hardware of the XG 85 is simply too weak in terms of performance. If you take a quick look at the Sophos forums, you will see that this is not just our opinion.
Sophos has now probably noticed for itself that a hardware update is urgently needed and is reacting with the XG 86 and XG 86w as successors. Optically, everything remains the same, but in terms of performance, the new firewalls now have twice as much memory and storage:
Memory: Instead of 2 GB memory now 4 GB are installed.
eMMC storage: Instead of 8 GB of storage, 16 GB are now available.
XG 106
The XG 105 wasn’t exactly a performance monster either, but it was quite usable as an entry-level model. The design of the XG 106 has not been changed either. However, it gets a memory update:
Memory: Instead of 2 GB memory now 4 GB are installed.
Availability and Prices
According to Sophos, the new hardware will be available from 9 April 2019. However, experience has shown that it may take some time before these devices are shipped by Sophos and arrive at the warehouse. We don’t expect it until mid-May at the earliest. However, you can still pre-order the new firewalls on our website. We will ship the new hardware models as soon as we receive them!
Since we can now also send all products in our shop to customers in Germany, the pre-order of course applies to Swiss, Liechtensteiner, as well as Germans! Please also read our blogpost for more information: Avanet Shop: Welcome Germany! ??
The new hardware is delivered with firmware version 17.5 MR3 and has become a bit more expensive compared to the predecessor models. Sophos mentions the double storage and the increased memory as the reason.
End of sale of XG 85(w) and XG 105(w)
The new models replace the current XG 85(w) and 105(w) appliances. The end of sale date is August 17th, 2019. Depending on how the remaining stock is, perhaps earlier.
SG with UTM
Just as there was no counterpart for the SG series for the XG 85, there will also be no SG 86 or SG 106 firewalls. Evil tongues wouldn’t miss the opportunity to emphasize the strategic death of the SG series and the UTM operating system once again. ?