Xstream SD-WAN in SFOS v19

Credit to Author: Chris McCormack| Date: Thu, 17 Mar 2022 17:07:49 +0000

Sophos Firewall OS v19 includes several new innovations. In this blog series leading up to the general release of v19 in April, we will explore some of these great new features in more detail.

Xstream SD-WAN is a collection of powerful new capabilities in SFOS v19, that along with features in Sophos Central and our existing hardware line, deliver the best SD-WAN solution available in a Firewall today.

In this article, we will have a closer look at SD-WAN Profiles and Performance-based link selection as well as real-time monitoring and logging.

Check out this demo video for a quick overview of how this great new feature works:

SD-WAN Profiles and Performance based Link Selection

SFOS v19 introduces a new SD-WAN link management solution for easily setting up WAN routing strategies. SD-WAN profiles define a routing strategy across multiple WAN link gateways (with support for up to 8 WAN links) enabling seamless and efficient rerouting of application connections based on WAN Link performance with zero impact.

New SD-WAN Profiles enable quick and easy setup of SD-WAN routing strategies with zero-impact transitions in the event of a disruption.

SD-WAN profile routing strategies can be based on first available or performance-based link criteria. Performance monitoring criteria includes jitter, latency and packet loss and can utilize multiple probe targets for PING and TCP probes. SD-WAN profiles automatically select the best link based on performance or according to your custom SLA policies that define specific values for maximum acceptable jitter, latency, or packet loss before re-routing over a better performing link.

Zero Impact Transitions

Sophos Firewall ensures all SD-WAN link transitions have zero impact on active connections and sessions, making ISP disruptions transparent to end-users.

Other firewalls wait for the client applications to initiate a new connection whenever the ISP gateway quality deteriorates or there is a disruption. This can seriously affect voice or video calls, team sharing applications, and continuity of SaaS application or web sessions. The symptoms might include dropped calls, noticeable lag, or freezing of the app or screen while it attempts to reconnect.

Sophos Firewall with the new zero impact failover capabilities in v19 ensures active connections remain intact. Sophos Firewall re-routes subsequent packets of the current connection to the appropriate gateway link, ensuring there is zero disruption to application traffic. Under the hood, whenever quality deteriorates or gateway availability changes, Sophos firewall triggers WAN link re-routing based on your profile without waiting for the client application to initiate a new connection. Every time re-routing is triggered, the SD-WAN routes are traversed, and the better gateway is chosen for the following packets of the same connection, thereby maintaining the integrity of the traffic flow. In effect, Sophos Firewall solves a long-standing issue with WAN link routing providing the best resiliency and transparency for your application traffic.

SD-WAN Performance Monitoring Graphs

A new SD-WAN performance monitoring tool is now available under the diagnostics section of the product. You can monitor SD-WAN link performance in real-time with separate graphs for latency, jitter, and packet loss. Timeline selections for real-time, the last 24 or 48 hours, or over the last week or month are provided. These tools are extremely helpful when it comes to fine-tuning your custom SD-WAN routing strategies for your particular network.

New SD-WAN Performance Monitoring provides valuable real-time and historical insights into SD-WAN link performance.

Optimize Your SD-WAN Network Quickly and Easily

Together the new SD-WAN profiles, performance-based routing strategies, zero impact transitions, and monitoring capabilities allow you to achieve your SD-WAN goals quickly and easily. You can easily optimize the performance for your SD-WAN network to ensure great resiliency and continuity, application performance, and the best end-user experience in even the most disruptive or unstable ISP environments.

Sophos Firewall v19

If you’re interested in learning more about the other great new features in Sophos Firewall v19, check out this previous article that provides a great overview or download the What’s New PDF.

Sophos Firewall v19 will be a free upgrade for all licensed customers and is in Early Access now for anyone that wants to evaluate the product and help us make it the best it can be for launch. SFOS v19 is expected to be released in April. Click here to participate in the early access program.

http://feeds.feedburner.com/sophos/dgdY