Sophos Firewall v20 Early Access Program (EAP)

Sophos has released the EAP for Sophos Firewall v20 🙂

I have tested it and it has a lot of great new – much wanted – features 🙂

Here are the release notes:

We are pleased to announce that the Early Access Program (EAP) is now underway for the latest and greatest Sophos Firewall OS release. This update to Sophos Firewall brings a number of exciting enhancements and top requested features.


Active Threat Response:

  • Extending Synchronized Security to MDR and XDR provides a direct feed for security analysts to share active threat information with the firewall to enable it to automatically respond to active threats without creating any firewall rules.
  • Dynamic Threat Feeds introduces a new threat feed API framework that is easily extensible. It enables threat intelligence to be shared from Sophos X-Ops team, other Sophos products like MDR and XDR, and ultimately 3rd party threat feeds in the future.
  • Synchronized Security now extends the same Red Heartbeat automated response that Sophos Firewall has always had to MDR/XDR identified threats to ensure compromised hosts are not able to move laterally or communicate out while details including host, user, and process are readily available for follow-up. Synchronized Security has also been enhanced with added scalability and reduced false missing heartbeats for devices that are in a sleep or hibernate state.




Remote Worker Protection and SASE:

  • ZTNA Gateway Integration makes ZTNA deployments even easier by integrating a ZTNA gateway directly into the firewall. This means any organization that needs to provide remote-access to applications hosted behind the firewall, doesn’t need to deploy a separate gateway on a VM – they can simply take advantage of the gateway integrated into their firewall. When combined with our single-agent deployment on the remote device, ZTNA couldn’t possibly get any easier – it’s literally zero-touch zero-trust..

  • 3rd Party SD-WAN Integration makes it easy to onramp SD-WAN traffic onto Cloudflare, Akami, or Azure backbone networks to take advantage of their enormous infrastructure, reach, and networking and security services.
  • Sophos DNS Protection is our new cloud-delivered web security service that will be available separately in early access very soon. It provides a new Sophos hosted domain name resolution service (DNS) with compliance and security features that are fully supported by Sophos Firewall. This service provides an added layer of web protection, preventing access to known compromised or malicious domains across all ports, protocols, or applications – both unencrypted and encrypted. More news on this new service coming soon.


Network Scalability and Enhancements:

  • New VPN Portal provides a new containerized hardened self-service portal for end users to download VPN clients and configuration, auto-provisioning, and clientless VPN bookmarks.

  • IPsec Enhancements includes seamless HA failover, tunnel status monitoring via SNMP, unique PSK support for the same local and remote gateway connections, and DH Group 27-30 / RFC6954 support.
  • SSL VPN Enhancements include FQDN (fully qualified domain name) host and group support for both remote access and site-to-site SSL VPN.
  • SD-WAN Scalability increases SD-WAN gateway scalability by 3x to 3072 gateways and the number of SD-WAN profiles to 1024
  • IPv6 Enhancements include DHCP Prefix Delegation to seamlessly integrate with your ISP and new enhancements to the dynamic routing engine now support BGPv6 for improved IPv6 interoperability.


Quality of Life Enhancements:

  • Interface Enable/Disable delivers a top requested feature to easily disable or enable network interfaces on the firewall without losing any configuration.
  • Object Reference Lookup addresses another top requested feature to find where a given host or service object is used in rules, policies, and routing.
  • Hi-Res Display Support adds increased horizontal scalability to the management console to take advantage of high resolution displays to reduce horizontal scrolling.
  • Auto-Rollback on Failed Firmware Updates reduces any disruption, including high-availability deployments.
  • Backup and Restore now includes the option to restore a backup from a firewall with integrated WiFi to a firewall without.
  • Azure AD SSO for Captive Portal adds support for user authentication on the captive portal using their Azure AD credentials.
  • Azure Group Import and RBAC adds support for a new import assistant for Azure AD groups and automatic promotion for role-based admin changes.


Other Enhancements

  • Web Application Firewall (WAF) Enhancements include geo IP policy enforcement, custom cipher configuration and TLS version settings, as well as improved security with HSTS enforcement as well as X-Content-Type-Options enforcement.
  • Azure Single Arm Deployment Support enables the choice of a smaller instance size to save on infrastructure costs and reduce network and operational complexity.



Get the Full List of What’s New

Download the full What’s New guide for a complete overview of all the great new features and enhancements in v20.


Getting Started

Please visit the SFOS v20 EAP registration page to get started.

Sophos Firewall OS v20 EAP1 is a fully supported upgrade from any previous supported firmware version, including the most recent v19.5 MR3 release.

Once you’re up and running, please provide feedback through your Sophos Firewall’s feedback mechanism (top right of every screen on your Firewall). Also visit our EAP community forums to share your experience with others.

Note: Please do not call Sophos Support for issues related to the EAP. Troubleshooting and support for all EAP versions is handled solely through the online Sophos Community EAP forums.


Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.