This latest v19 build adds a number of great new enhancements, including Xstream FastPath Acceleration of IPsec VPN traffic.
Sophos Firewall OS v19 is now entering the second phase of the early access program (EAP), providing access to the full set of v19 features slated for general availability in April.
This latest v19 build adds a number of great new enhancements, including Xstream FastPath Acceleration of IPsec VPN traffic, which provides a tremendous performance boost and adds to the other Xstream SD-WAN capabilities added in EAP1.
As a reminder, here’s a complete overview of all the great new Xstream SD-WAN capabilities:
New Xstream FastPath Acceleration for IPsec traffic
Sophos Firewall OS v18 introduced the Xstream architecture that enables FastPath acceleration of trusted traffic flows. The new XGS series hardware appliances added dedicated Xstream Flow Processors for hardware acceleration of trusted traffic flows. One of the great benefits of the programmable flow processor is that additional features and capabilities can be added to further improve performance.
SFOS v19 EAP2 adds IPsec VPN hardware FastPath acceleration for XGS Series appliances, which automatically puts IPsec tunnel flows on the FastPath through the Xstream Flow Processor. This dramatically improves performance, moving some of the CPU-intensive processing required for IPsec tunnels to the Xstream Flow Processor, such as ESP-encapsulation/encryption and decapsulation/decryption. This new feature takes full advantage of the hardware crypto capabilities within the Xstream Flow Processor and has the added benefit of freeing up CPU resources for other tasks like deep-packet inspection of traffic that needs it.
Xstream FastPath Acceleration for IPsec traffic works for both site-to-site and remote access VPN traffic; however, IPsec connections with weak cipher or auth algorithms (DES, 3DES, Two Fish, MD5) will not be off-loaded.
Other enhancements in SFOS v19 EAP2
- Several SD-WAN policy-based routing (PBR) enhancements for usability and troubleshooting based on early EAP feedback (see image below for a list of enhancements in this area)
- Added a default object group for Internet IPv4 hosts that can be used as network matching criteria to match all internet WAN traffic, making it easy to configure SD-WAN PBRs that only apply to WAN-destined traffic
- Sydney, Australia data center option for zero-day protection (which will be live around the end of February: we will make another community announcement when it becomes active)
- Device and management identity enhancements now show the device hostname in the browser tab and the active user ID in the upper right corner of the management console, which makes managing multiple firewalls and admin accounts easier
- Numerous performance and stability enhancements since the first EAP build
All the new enhancements in v19
For the full list of all new capabilities in v19, refer to the What’s New guide.
Watch brief demo videos for many of the new features:
- SD-WAN Profiles and Performance-based SLAs
- VPN Enhancements
- AWS VPC Setup
- New Search Features
- Per-Connection Authentication
- Multi-Factor Authentication
How to get it
If you’re new to v19, now is the perfect time to participate in the early access program, try out the great new capabilities, and provide your feedback to help make this release the best it can be. Register here to get the early access program firmware.
Sophos Firewall OS v19 EAP2 (Build 271) is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later, and all versions of v18.5.
If you’re already participating in the EAP for SFOS v19, you will see the new build available in your console as a firmware update. Update and let us know what you think.