{"id":20378,"date":"2022-10-17T09:20:56","date_gmt":"2022-10-17T17:20:56","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/10\/17\/news-14111\/"},"modified":"2022-10-17T09:20:56","modified_gmt":"2022-10-17T17:20:56","slug":"news-14111","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/10\/17\/news-14111\/","title":{"rendered":"Sophos Firewall v19.5: Xstream TLS FastPath architecture enhancements"},"content":{"rendered":"

Credit to Author: Chris McCormack| Date: Mon, 17 Oct 2022 14:20:56 +0000<\/strong><\/p>\n

\n

With Sophos Firewall v19.5 firmware now available for early access, we are coving one of the top new features every week<\/a> leading up to launch.<\/p>\n

In last week\u2019s article<\/a>, we covered the new SD-WAN load balancing feature that rounds out the full suite of Xstream SD-WAN capabilities in Sophos Firewall.<\/p>\n

This week, we\u2019ll have a look at the latest enhancements to the Xstream Architecture in Sophos Firewall, Xstream TLS FastPath.<\/p>\n

Xstream Architecture<\/h2>\n

Sophos Firewall first introduced the Xstream Architecture in v18, but it really came to life with the introduction of the XGS Series appliances with dedicated Xstream Flow Processors for hardware acceleration.<\/p>\n

The illustration below outlines the internal architecture of the XGS Series appliances and how the Xstream Flow Processors provide FastPath acceleration for VPN, SD-WAN, and now TLS traffic flows.<\/p>\n

\"\"<\/a><\/p>\n

Programmable processors = free performance upgrades<\/h2>\n

One of the key benefits of the Xstream Architecture and the Xstream Flow Processors is that they are programmable. This means that new features and capabilities can be added over time.<\/p>\n

For example, when the XGS Series launched, they initially supported FastPath acceleration of SD-WAN application traffic for up to double the performance over previous gen appliances. With v19, we added IPsec VPN acceleration, which provided up to a 5x increase in VPN traffic capacity.<\/p>\n

Now with v19.5, we\u2019re adding TLS traffic inspection to the FastPath to enable a significant performance boost in both TLS encrypted traffic and overall performance by adding additional headroom for traffic that needs deep packet inspection.<\/p>\n

Our design ensures your investment in Sophos Firewall and the XGS Series is protected and future-proof as you get free performance upgrades with every release.<\/p>\n

TLS FastPath acceleration in v19.5<\/h2>\n

Sophos Firewall already has the best TLS inspection technology in the business, including…<\/p>\n

    \n
  • TLS 1.3 without downgrading<\/li>\n
  • Support for the latest cipher suites<\/li>\n
  • Powerful policy tools<\/li>\n
  • Instant visibility and troubleshooting right from the dashboard.<\/li>\n<\/ul>\n

    Now, SFOS v19.5 adds TLS encrypted traffic FastPath acceleration for select XGS Series appliances, which automatically puts CPU-intensive asymmetric encryption operations for inspected TLS traffic flows on the FastPath through the Xstream Flow Processor.<\/p>\n

    This takes full advantage of the hardware\u2019s asymmetric crypto capabilities within the Xstream Flow Processor and has the benefit of improving overall throughput and freeing up CPU resources for other tasks like deep-packet inspection.<\/p>\n

    This new capability will initially be supported on the high-end XGS 4xxx and above only, which covers the vast majority of partners and customers utilizing TLS inspection today. Eventually, support will also be extended to other models in the series.<\/p>\n

    If you want a quick refresher on the exciting Xstream technology packed into every XGS Series appliance, be sure to check out this video:<\/p>\n