Sophos Firewall v21: VPN and routing enhancements

Credit to Author: Chris McCormack| Date: Mon, 23 Sep 2024 19:01:16 +0000

Sophos Firewall v21 brings exciting new enhancements to VPN, authentication, and routing functionality.

VPN enhancements

  • Bulk activate and deactivate options are now available for connections (see screen shot below)
  • Enhanced filtering on the VPN manage page now consolidates information across multiple pages
  • Free text- and value-based search is now supported in VPN configurations for network, subnet, users for remote access and site-to-site VPNs
  • An XFRM interfaces-specific view has been added on the Interfaces page for easy filtering of RBVPN interfaces

VPN

Site to site VPN enhancements

  • FQDN-based remote gateways have been optimized to improve scalability for distributed deployments
  • DHCP relays over XFRM interfaces are now supported for traffic to DHCP servers deployed behind a remote firewall (see illustration below)
  • RBVPN deployments get an increase of up to 20x in XFRM interface up-time, significantly minimizing disruption during tunnel flap, HA failovers, or reboots

XFRM

Authentication enhancements

  • Google Workspace integration via LDAP clients and Google Chromebook SSO compatibility with LDAP server types enables SSO functionality for Google LDAP for Chromebook environments
  • Performance for burst login handling is improved up to 4x for Radius SSO, STAS, and Synchronized User ID to enable the handling of thousands of simultaneous login requests even in multiple SSO environments (mix of STAS, Radius SSO, and Synchronized User ID)
  • In addition, support has been added for a transparent AD SSO experience when HSTS is enforced, enabling Kerberos and NTLM handshakes over HTTP or HTTPS

Static and dynamic route management

  • Users can clone static routes, turn them on or off, and add descriptions via the new Manage option for each static route in the table (see screen shot below)
  • There’s now a blackhole route option and support for equal-cost multi-path (ECMP) for load balancing
  • Dynamic routing gets a new option to redistribute BGP routes into OSPFv3
  • Dynamic routing now experiences zero impact during HA failover scenarios

Route Management

Watch this short demo video to see how it works and how to set it up:

Start taking advantage of this great new capability in Sophos Firewall v21 by participating in the early access program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.

http://feeds.feedburner.com/sophos/dgdY