Sophos Firewall v19.5: Value and Performance by Design

Credit to Author: Barbara Hudson| Date: Mon, 14 Nov 2022 14:40:18 +0000

In today’s economic climate, when every potential investment is under additional scrutiny, it’s important to consider how a product will work for you over its full lifecycle.

If there’s one lesson for all of us from the pandemic, it’s that IT infrastructure needs a built-in, transformer-like ability to adapt and scale to changing requirements.

Many businesses still have a foot in two worlds as they transition from traditional on-premises equipment to the cloud-enabled world and SASE. But adoption is at different phases, from industry to industry and from business to business, and firewalls need to build a bridge to support you wherever you are on your journey.

But how do you build a firewall to be future proof?

Performance improvements in SFOS v19.5

As was the case in the last major release (v19), Sophos Firewall v19.5 brings further performance improvements across all XGS hardware models.

For example, IPsec VPN throughput has increased by more than 30% on many models. IPsec VPN capacity has even doubled on some models, for twice the number of concurrent tunnels than with the previous version.

If SD-WAN (or branch office connectivity, if that’s what you want to call it) is on your IT agenda right now, these numbers are significant. These improvements partly come from optimized hardware acceleration workflows.

In our desktop models, we’ve optimized our platform to make better use of the multi-core architecture in the Xstream Flow Processors (NPU), resulting in increases in firewall IMIX throughput of between 20% and 38%. Firewall IMIX is tested using different packet sizes, in contrast to general firewall throughput which uses just a single packet size.

While most firewalls get slower over time, particularly when new capabilities are added, our firewall is designed to keep pace with evolving protection requirements, and just keeps getting faster.

The Xstream Architecture

Our programmable, dual processor architecture gives us many options to optimize traffic flows and so make more efficient use of precious CPU cycles.

This is firewall tuning by design and for our customers the benefits are twofold: better value for money, and better performance from release to release to scale up protection without compromise.

As mentioned in a previous blog post, the latest release accelerates TLS encrypted traffic flows on the dedicated hardware FastPath. Often described as offloading, this frees up cycles on the main CPU which improves overall performance.

This may not show up in the standardized test stats shown on a datasheet but depending on your environment and the type of traffic flowing through it, you’ll notice that your product is more responsive as we reduce latency, making day-to-day management better.

With the Xstream Architecture, the price-performance ratio or “price/TCO per protected megabit per second” goes from being a snapshot of a moment in time to a constantly improving indication of the bang you’re getting for the buck. (Did I mention that you can also adapt connectivity on our firewalls?)

If you’re currently using an XG Series hardware appliance, you can benefit from a 50% discount on your XGS hardware refresh. If you’re using an SG Series with Sophos UTM, we have unbeatable savings for you when you switch over. And if you’ve yet to discover the benefits of Sophos Firewall over your competitive firewall, we have excellent offers for you, too.

Sophos Firewall v19.5 is currently in early access and is scheduled for release on November 17. Check out the full list of updates in this What’s New PDF or reach out to your local Sophos partner or representative to find out more.

http://feeds.feedburner.com/sophos/dgdY