Upgraded Sophos Firewall v20 Has Best New Features 

BY MARYAM AHTASHAM

calendar_today   FEB 21, 2024
Sophos Firewall v20
Sophos Firewall v20 marks a significant upgrade in network security and management, introducing a range of features designed to enhance security, improve user experience, and streamline management. This latest version promises to make a substantial impact on how individuals and organizations protect and manage their networks. 

Key Upgrades in Sophos Firewall V20 

Let's take a look at new features.

Active Threat Response 


Firewall v20 extends its Synchronized Security to include Managed Detection and Response (MDR) and Extended Detection and Response (XDR). This integration provides dynamic threat feeds, enhancing the firewall's ability to respond to emerging threats swiftly. 


  • The automated information exchange feature in the firewall allows for a proactive approach to dealing with security threats.

  • With the automation of responses and reduced need for custom rule configuration, the security team can allocate their time more efficiently to other critical tasks. 

  • Overall, the network's security is improved, as the system is more adept at identifying and responding to threats automatically.

  • The system can react quickly to potential threats, providing an enhanced level of security responsiveness.

  • It significantly cuts down on the amount of manual work required to manage the firewall, as many processes are automated.


These advantages contribute to a more robust and efficient security system, reducing the workload on security teams and enhancing the network's defense mechanisms. 


Sophos Firewall v20

Remote Worker Protection and SASE

The integration of Zero Trust Network Access (ZTNA) Gateway and third-party SD-WAN enhances remote worker protection. Sophos DNS Protection, a new cloud-delivered web security service, offers another layer of web protection by preventing access to compromised or malicious domains. 

Network Scalability and Resiliency Enhancements 

Notable enhancements in this area include a new VPN Portal for easier self-service access to VPN clients and configurations, IPsec improvements for seamless High Availability (HA) failover, and SSL VPN enhancements like Fully Qualified Domain Name (FQDN) host and group support. 

Streamlined Management  

v20 has made significant strides in management ease, with features like interface enable/disable, object reference lookup, and hi-res display support. It also includes auto-rollback on failed firmware updates and backup restore enhancements, simplifying the management process considerably. 

Azure AD Enhancements  

The update introduces Azure AD Single Sign-On (SSO) for the captive portal, allowing for authentication using Azure AD credentials. It also facilitates Azure group import and automatic role-based access control (RBAC) adjustments based on changes in Azure. The Web Application Firewall sees improvements such as geo IP policy enforcement and enhanced security features. Additionally, Azure Single Arm Deployment Support is introduced for cost-effective and simplified network management. 

Object Referencing 

In Firewall v20, managing network objects has become much easier than in previous versions. Before, in versions up to 19.5, figuring out where a specific network object was used in the system's settings could be a time-consuming and complicated task. This was especially true in big networks with many rules and policies, where making changes or deleting objects could lead to mistakes or delays.


The new version, V20, has made this process simpler and more efficient. Now, under the "Hosts and Services" section, all objects are neatly organized. The firewall shows you exactly where each object is being used, whether it's in a firewall rule, a NAT rule, a VPN setting, or a service group. This makes it much easier to see how changing or deleting an object will affect your network.


One of the best parts of this update is the direct link feature. With just a click, network admins can jump straight to the rule that's using a particular object. This saves a lot of time that would have been spent searching through settings, and it helps reduce the chances of making a mistake. Overall, this update in Sophos Firewall v20 is a big help for network administrators, making their day-to-day tasks simpler and helping to avoid errors in network configuration. 

Sophos Firewall v20

Dynamic Threat Feed

The new version of the Sophos Firewall comes with an improved feature called Dynamic Threat Feeds. This feature includes a new API (Application Programming Interface) that can be expanded in the future. It's designed to make it easier for the Sophos Firewall to exchange information about threats with other Sophos products, like MDR and XDR. There's also a plan to include threat data from outside sources. This upgrade means the firewall will be better at spotting and responding to security threats, making it more effective in protecting networks. 

Implications and Benefits 

The enhancements in Sophos Firewall V20 address critical areas in network security and management. For example, Active Threat Response and DNS Protection bolster the firewall's capability to preemptively tackle security threats, providing robust protection against a myriad of cyber threats. The improvements in VPN and Azure AD integration significantly benefit remote workers and organizations with cloud-based infrastructures, offering more secure and flexible access options.  
Moreover, the streamlined management features in V20 are particularly beneficial for network administrators. Features like interface enable/disable and object reference lookup simplify routine tasks, while the high-resolution display support enhances the user interface. These improvements translate to a more efficient and user-friendly experience for those managing the firewall.  
Specifically, it is not feasible to disable alias or tunnel interfaces or interfaces that are part of a Link Aggregation Group (LAG) or a bridge configuration individually. However, it is possible to disable the entire LAG or Bridge interface as a unit. This distinction is important for network administrators to consider when configuring and managing their network interfaces. 
Interface Type 
Enable/Disable Supported 
Physical 
Yes
VLAN 
Yes 
LAG (Group) 
Yes 
LAG individual member 
No 
Bridge 
Yes 
Bridge individual member 
No 
Alias 
Planned 
Wireless LAN 
Yes 
Tunnel Interface (XFRM) 
No 
Wi-Fi 
Yes
RED 
Yes

Ending Notes 

Sophos Firewall v20 is a comprehensive upgrade that not only addresses current cybersecurity challenges but also anticipates future needs. Its focus on enhanced security features, remote worker support, and streamlined management makes it a valuable tool for organizations looking to bolster their network security while simplifying administrative tasks. This release signifies Sophos' commitment to evolving cybersecurity needs, promising a more secure and manageable networking environment for its users.