Sophos Updates its Firewall Software

Cybersecurity firm Sophos has announced an update to its Firewall Software, now including Sophos NDR Essential, which is free for all customers with an XStream Protection license for Sophos Firewall.

With this integration, Sophos Firewall leverages two dedicated artificial intelligence engines to detect malware communications and communications using algorithmically generated domain names. This new feature, stemming from the Sophos Network Detection and Response probe, aims to identify malware communications even when they are previously unknown or not yet indexed. It complements the Active Threat Response capabilities already implemented in Sophos firewalls.

According to Chris McCormack, Senior Product Marketing Manager at Sophos, “NDR traffic analysis requires substantial processing power. That’s why we’ve adopted a new approach by deploying an NDR solution in Sophos Cloud to offload the heaviest tasks from the firewall.”

This new feature of the VPN client bundled with Sophos Firewall enhances both security and user experience for SSL and IPSEC VPN connections. It is now possible to use EntraID (Azure AD) to authenticate users and implement multi-factor authentication for Sophos Connect and access to the user portal hosted by the firewall.

The latest update introduces several VPN-related enhancements. The user interface and overall usability have been improved by renaming connection types from “site-to-site” to “policy-based,” and tunnel interfaces to “route-based,” making them more intuitive. The system now includes dynamic validation of the IP address pool assigned to VPN connections such as SSL VPN, IPsec, L2TP, and PPTP, helping to prevent IP address conflicts. Additionally, strict profile enforcement in IPsec profiles excludes default values to ensure proper algorithm synchronization. This eliminates issues like fragmented session negotiation packets that could hinder site-to-site VPN tunnel establishment. Scalability has also been enhanced—support now extends to 3,000 simultaneously established tunnels, with the capability to manage up to 1,000 SD-RED site-to-site tunnels and 650 concurrent SD-RED devices.

There are also notable improvements in management features. DHCP Prefix Delegation for IPv6 (DHCP-PD) now supports /48 to /64 prefixes, enhancing compatibility with more ISPs. Both Router Advertisement (RA) and the DHCPv6 server are now enabled by default. The web admin interface offers increased flexibility with resizable table columns and continues to adapt to ultra-wide displays. Object search functionality has been expanded—users can now search by route name, ID, objects, object values (like IP addresses and domains), and perform content-based searches within local ACL rules. Finally, default configuration settings have been streamlined: only the default network rule and MTA rules are present in new firewall setups, with the default firewall rule group and custom gateway probes now set to “None” by default.

Sophos continues to enhance the intrinsic design of its firewalls. The secure-by-design approach includes containerization of specific features and integrity checks on critical operating system files using mathematical checksums. Any checksum mismatch triggers a potential compromise alert, allowing monitoring teams to proactively identify possible security incidents affecting the firewall OS integrity. Incident response and development teams are then able to react swiftly to critical incidents.

Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke