Sophos Firewall Version 21 introduces exciting new improvements to VPN, verification, and routing operations.
Updates in VPN
- You now have the option to bulk enable and disable connections (refer to the image below)
- An enhanced filtering feature on the VPN management page consolidates data from multiple pages
- Text-based and value-based search functionality is now available in VPN configurations for networks, subnets, and users for remote and site-to-site VPNs
- A specific view for XFRM interfaces has been added to the Interfaces page for easier filtering of RBVPN interfaces
Improvements in Site-to-Site VPN
- Remote gateways based on FQDN are now optimized to enhance scalability in distributed setups
- Support for DHCP relays over XFRM interfaces is now provided for traffic to DHCP servers situated behind a remote firewall (see diagram below)
- RBVPN deployments experience a significant increase of up to 20 times in XFRM interface uptime, minimizing disruptions during tunnel events, HA failovers, or reboots
Enhancements in Authentication
- Integration of Google Workspace through LDAP clients and compatibility of Google Chromebook SSO with LDAP server types enables SSO functionality for Chromebook environments using Google LDAP
- Performance for handling burst logins has been boosted by up to 4 times for Radius SSO, STAS, and Synchronized User ID, enabling the processing of thousands of concurrent login requests even in multifaceted SSO environments (a mix of STAS, Radius SSO, and Synchronized User ID)
- Support has been added for a seamless AD SSO experience when HSTS is enforced, allowing Kerberos and NTLM negotiations over HTTP or HTTPS
Management of Static and Dynamic Routes
- You can now duplicate static routes, enable or disable them, and include descriptions via the new Manage option for each static route in the list (refer to the image below)
- An option for blackhole routing and support for equal-cost multi-path (ECMP) for load balancing have been incorporated
- Dynamic routing now features a new capability to redistribute BGP routes into OSPFv3
- Zero interruption in dynamic routing during HA failover situations
View a brief demonstration video to observe the functionality and setup process:
Make the most of these excellent new features in Sophos Firewall Version 21 by joining the early access program. Register for the program, follow the link in your email to download the firmware update package, and apply it to your Sophos Firewall.
About Author
