Sophos XG Firewall v17.5 Release

Sophos has announced the upcoming release of the XG firewall firmware, v17.5.  Here is a highlight of the upcoming features.

  • Synchronized Security – Lateral Movement Protection extends our Security Heartbeat automated threat isolation, preventing any threat from moving laterally or spreading across the network, even on the same subnet. The firewall instructs all healthy endpoints to completely isolate any unhealthy endpoints.

  • Synchronized User ID – Using Security Heartbeat, we're streamlining authentication for user-based policy enforcement and reporting in any Active Directory network by eliminating the need for any kind of server or client agent.

  • Education Features – Including per-user, policy-based control over SafeSearch and YouTube restrictions; teacher-enabled, block-page overrides; and Chromebook authentication support.

  • Email Features – Were adding Sender Policy Framework (SPF) anti-spoofing protection and a new MTA based on Exim, closing a couple top-requested feature differences with SG Firewall.

  • IPS Protection – By significantly expanding categories, were enabling you to better optimize your performance and protection.

  • Management Enhancements – These include an enhanced firewall rule grouping with automatic group assignment, and a custom column selection for the log viewer.

  • VPN and SD-WAN Failover and Failback – The feature includes new IPSec failover and failback controls and SD-WAN link failback options.

  • Client Authentication – A major update provides a variety of new enhancements, such as per-machine deployment, a log-out option, support for wake-from-sleep, and MAC address sharing.

  • Sophos Connect – Our new IPSec VPN Client is free for all XG Firewall customers, making remote VPN easy for users, and it supports Synchronized Security.

  • Improved Documentation – Enhanced online help now centers around the user's current task and requirements through a learning content approach, that suggests context specific actions, related information and links to relevant Knowledgeable articles.


Following this release, they will also be adding these two features as part of a maintenance release.

  • Wireless APX Access Point Support – Support for the new Wave 2 access points provides faster connectivity and added scalability.

  • Airgap Support – In some situations, XG Firewalls can’t get updates automatically via an internet connection due to an “airgap” or physical isolation. These deployments allow XG Firewalls to update via USB.