Sophos XG Firewall v18 EAP 3 Refresh-1 Firmware Has Been Released!

Moving futher towards v18 GA, Sophos released th EAP 3 refresh 🙂

New Features and Highlights in SF v18 EAP 3 Refresh-1

  • Route Based VPN
    • Simplifies VPN policy creation with larger/dynamic networks.
    • Network topology changes don’t impact IPSec VPN ‘policy’
    • Also interoperates with non-Sophos route based VPN tunnels
    • Configure IPSec using “Tunnel Interface” connection type listening on WAN interface. And assign IP to auto-created XFRM Interface. And configure routing (Static, Dynamic, SD-WAN PBR), firewall and NAT rules as required
    • IPSec and MPLS can now be active at the same time, use RBVPN in SD-WAN policy routing
  • NAT Improvements addressing early feedback we received from community contributors
    • Server access assistant (DNAT): Destination NAT assistant (or wizard) enables workflow to publish an internal server over internet in a few clicks
    • Default SNAT rule at the bottom of the NAT rule table that MASQ traffic going out of WAN interfaces.
      • There is an open issue in Refresh-1 that turns on the default rule post migration. For No-NAT environments, please manually disable this rule to maintain the behavior.
    • NAT rule UX placement is now consistent with firewall UI
  • Flow monitor UX fixes
    • Stability fixes for handling large number of live connections
    • Retain sorting on BW columns on refresh
    • Negative Value in Upstream/downstream Bandwidth column
    • Same Upload and download values when data is grouped by Source IP address/User
  • Memory optimization and Performance improvements

Important Issues Resolved in SF v18 EAP 3 Refresh-1

  • NC-53500 XGFW interferes with certain SSL website connections
  • NC-53016 Email Blocked Senders cannot be updated
  • NC-52641 IPS Service getting DEAD
  • NC-53228 Continuous receiving ‘daemon.debug /bin/smcroute[6387]: Debu: 28 byte IGMP signaling dropped” in syslog.log
  • NC-54038 Wrong notification message displayed after disabling firewall rule
  • NC-52090 LogViewer: “Action is not Allowed” filtering not working in detailed view
  • Flow monitor UX fixes
  • Plus 150 issues and stability fixes are part of EAP 3 Refresh-1



Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.