{"id":25237,"date":"2024-09-23T13:20:55","date_gmt":"2024-09-23T21:20:55","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/09\/23\/news-18967\/"},"modified":"2024-09-23T13:20:55","modified_gmt":"2024-09-23T21:20:55","slug":"news-18967","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/09\/23\/news-18967\/","title":{"rendered":"Sophos Firewall v21: VPN and routing enhancements"},"content":{"rendered":"<p><strong>Credit to Author: Chris McCormack| Date: Mon, 23 Sep 2024 19:01:16 +0000<\/strong><\/p>\n<div class=\"entry-content lg:prose-lg mx-auto prose max-w-4xl\">\n<p>Sophos Firewall v21 brings exciting new enhancements to VPN, authentication, and routing functionality.<\/p>\n<h2>VPN enhancements<\/h2>\n<ul>\n<li>Bulk activate and deactivate options are now available for connections (see screen shot below)<\/li>\n<li>Enhanced filtering on the VPN manage page now consolidates information across multiple pages<\/li>\n<li>Free text- and value-based search is now supported in VPN configurations for network, subnet, users for remote access and site-to-site VPNs<\/li>\n<li>An XFRM interfaces-specific view has been added on the Interfaces page for easy filtering of RBVPN interfaces<\/li>\n<\/ul>\n<p><a href=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image1_743e44.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-957460 size-full\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image1_743e44.png\" alt=\"VPN\" width=\"1428\" height=\"515\" srcset=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image1_743e44.png 1428w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image1_743e44.png?resize=300,108 300w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image1_743e44.png?resize=768,277 768w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image1_743e44.png?resize=1024,369 1024w\" sizes=\"auto, (max-width: 1428px) 100vw, 1428px\" \/><\/a><\/p>\n<h2>Site to site VPN enhancements<\/h2>\n<ul>\n<li>FQDN-based remote gateways have been optimized to improve scalability for distributed deployments<\/li>\n<li>DHCP relays over XFRM interfaces are now supported for traffic to DHCP servers deployed behind a remote firewall (see illustration below)<\/li>\n<li>RBVPN deployments get an increase of up to 20x in XFRM interface up-time, significantly minimizing disruption during tunnel flap, HA failovers, or reboots<\/li>\n<\/ul>\n<p><a href=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image2_a39abe.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-957461 size-full\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image2_a39abe.png\" alt=\"XFRM\" width=\"1428\" height=\"717\" srcset=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image2_a39abe.png 1428w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image2_a39abe.png?resize=300,151 300w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image2_a39abe.png?resize=768,386 768w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image2_a39abe.png?resize=1024,514 1024w\" sizes=\"auto, (max-width: 1428px) 100vw, 1428px\" \/><\/a><\/p>\n<h2>Authentication enhancements<\/h2>\n<ul>\n<li>Google Workspace integration via LDAP clients and Google Chromebook SSO compatibility with LDAP server types enables SSO functionality for Google LDAP for Chromebook environments<\/li>\n<li>Performance for burst login handling is improved up to 4x for Radius SSO, STAS, and Synchronized User ID to enable the handling of thousands of simultaneous login requests even in multiple SSO environments (mix of STAS, Radius SSO, and Synchronized User ID)<\/li>\n<li>In addition, support has been added for a transparent AD SSO experience when HSTS is enforced, enabling Kerberos and NTLM handshakes over HTTP or HTTPS<\/li>\n<\/ul>\n<h2>Static and dynamic route management<\/h2>\n<ul>\n<li>Users can clone static routes, turn them on or off, and add descriptions via the new Manage option for each static route in the table (see screen shot below)<\/li>\n<li>There\u2019s now a blackhole route option and support for equal-cost multi-path (ECMP) for load balancing<\/li>\n<li>Dynamic routing gets a new option to redistribute BGP routes into OSPFv3<\/li>\n<li>Dynamic routing now experiences zero impact during HA failover scenarios<\/li>\n<\/ul>\n<p><a href=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image3_36024a.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-957462 size-full\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image3_36024a.png\" alt=\"Route Management\" width=\"1430\" height=\"716\" srcset=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image3_36024a.png 1430w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image3_36024a.png?resize=300,150 300w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image3_36024a.png?resize=768,385 768w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/image3_36024a.png?resize=1024,513 1024w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><\/a><\/p>\n<p>Watch this short demo video to see how it works and how to set it up:<a href=\"https:\/\/techvids.sophos.com\/watch\/nxdUCAMmcdWMWDmTksYa41\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-957463 size-full\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/TechVids-VPN-and-Routing.png\" alt=\"\" width=\"1207\" height=\"679\" srcset=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/TechVids-VPN-and-Routing.png 1207w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/TechVids-VPN-and-Routing.png?resize=300,169 300w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/TechVids-VPN-and-Routing.png?resize=768,432 768w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/TechVids-VPN-and-Routing.png?resize=1024,576 1024w\" sizes=\"auto, (max-width: 1207px) 100vw, 1207px\" \/><\/a><\/p>\n<p>Start taking advantage of this great new capability in Sophos Firewall v21 by participating in the <a href=\"https:\/\/events.sophos.com\/events\/9496899a-0e84-4fa3-9d8a-07f23841dc1c\">early access program<\/a>. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.<\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/09\/23\/sophos-firewall-v21-vpn-and-routing-enhancements\/\" target=\"bwo\" >http:\/\/feeds.feedburner.com\/sophos\/dgdY<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/09\/sophos-firewall-3.png\"\/><\/p>\n<p><strong>Credit to Author: Chris McCormack| Date: Mon, 23 Sep 2024 19:01:16 +0000<\/strong><\/p>\n<p>How to make the most of the new features in Sophos Firewall v21.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10377],"tags":[12235,10384,24562,31877],"class_list":["post-25237","post","type-post","status-publish","format-standard","hentry","category-security","category-sophos","tag-firewall","tag-network","tag-products-services","tag-v21"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25237","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25237"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25237\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}