Sophos XG supports HA and AA deployments on Azure, which enables redundancy and load sharing for both inbound and outbound traffic on the same set of firewalls. Combined with Sophos Firewall Manager’s centralized management and the power of Azure’s cloud fabric, organizations can scale their XG Firewall cluster to however many nodes their setup. New features in the XG Firewall v18 MR5 release 06 Apr 2021; Secure SD-WAN with XG Firewall and Azure Virtual WAN 01 Apr 2021; Protecting Sophos customers from HAFNIUM 08 Mar 2021; Kicking off tomorrow – Sophos XG Firewall Academy 2021 25 Jan 2021.
Auto deploy Sophos Server protection onto Azure Instances using Azure Automation and VM Extensions. Community Reads. I just wondered how people are monitoring system metrics with the Sophos XG. Currently 3 wan connections, two active one on backup. Azure Firewall is rated 7.4, while Sophos XG is rated 8.0. The top reviewer of Azure Firewall writes 'Easy to set up, good integration, and the technical support is good'. On the other hand, the top reviewer of Sophos XG writes 'Light and stable with excellent real-time control '. Sophos XG Firewall on Azure. You can purchase Sophos XG Firewall as a pre-configured virtual machine (VM) image. VM images are available from the Azure Marketplace. VMs come in a variety of types and sizes, similar to selecting different option sizes for hardware appliances in the on-premises world. You can launch and use XG Firewall on Azure, and either pay-as-you-go, or you can bring your own license.
Answers to the most frequently asked questions covering licensing, Flexi port modules, feature, and hard support.
Which licenses do I need when I have two devices in high-availability mode?
For active-active mode:
- Each device requires its own subscriptions, and the active subscriptions must match on both devices.
- Zero-day protection doesn't affect the HA setup regardless of the expiry date on each device.
For active-passive mode:
- Only the active device requires a license subscription. Sophos Firewall ensures the passive device has a copy of those subscriptions, so it can take on processing if the active device fails.
It’s therefore vital that the subscriptions are activated on the intended active device. You must ensure that HA is turned on only from the device which has a valid subscription.
- If a software or virtual device is used, you need to purchase only one base license, and once that serial number is registered, Sophos Firewall will manage the creation of the passive device. There’s no need to purchase a separate base firewall license for the passive device or a separate serial number.
- The firewall that carries the license subscription must be configured as the primary node in the HA initial setup.
Is the synchronized application control feature supported in active-active mode?
No.
Is it possible to establish an HA pair between XG 210 and an SG 210?
No. XG 210 can only connect to another XG 210 in HA. An XG 230 or even an SG 210 can't be used.
What happens if I manually synchronize the HA?
If you manually synchronize any of the HA cluster devices, the firewall drops all the masqueraded connections.
What happens if I restore a backup without HA configuration after enabling HA?
If a backup without HA configuration is restored after configuring HA, then HA is disabled. How to download stata 14 for free. The primary device is accessible according to the backup configuration. The auxiliary device is accessible with the auxiliary admin IP address. Daivam monthly magazine in telugu.
With the Sophos Firewall release 18.0.5 or also called v18 MR5, Sophos brings new features besides bug fixes.
Sophos Xg Firewall Azure
IPsec performance improvements
With the MR3 release, SSL VPN performance was tweaked to suddenly allow more SSL VPN connections on the same hardware. With MR5, more IPsec connections are now also possible via the Sophos Connect client.
WAF and SSL VPN with Port 443
The Web Application Firewall is one of the rather rarely used modules of the Sophos Firewall. The problem was often that applications were secured with port 443 (HTTPS). Unfortunately, this meant that it was no longer possible to use the same port for the SSL VPN. With MR5, the WAF and SSL VPN can now be used together on port 443.
Azure Active Directory
This new feature will also please some of our customers. Sophos Firewall can now be used with Azure Active Directory, without the expensive “Azure Active Directory Domain Services” from Microsoft. How this works is beautifully explained in the KB post from Sophos: Sophos XG Firewall: Integrate XG Firewall with Azure AD
Sophos Xg Firewall Configuration
Other new features
Sophos Xg Firewall Home
- Sophos lists all other updates in the release article: Sophos v18 MR5
- For the release notes, bugfixes, known issues, Sophos has now created a new, nice and clear web page: Sophos v18 MR5 Release Notes