Jump to main content
Supported platforms
Upgrading to SFOS 18.0.4
SFOS 18.0 MR4 build 506
18.0 MR4
The new features and enhancements are on this page.
18.0 MR3
The new features and enhancements are on this page.
The release notes site describes the new features introduced in XG Firewall 18.0.
Xstream architecture
Sandstorm threat intelligence analysis
Sophos Central Firewall Reporting and Management
This release includes support for new firewall reporting and management capabilities being launched simultaneously on Sophos Central including a rich powerful new reporting suite and group firewall management tools.
NAT Enhancements
XG Firewall’s NAT configuration receives a major update as NAT rules are now decoupled from Firewall Rules enabling more powerful and flexible configuration options including Source (SNAT) and Destination (DNAT) in a single rule. NAT Rules can still be “snapped-in” to a Firewall Rule and edited in-place similar to other snap-in policies such as IPS and Web policies.
Improvements in managing firewall rules
Wild card domains in WAF rules
You can now add wildcard domains in WAF (Web Application Firewall) rules. You can add wildcard subdomains (example: *.example.com) for both HTTP and HTTPS connections.
SD-WAN policy-based routing
Policy-based routing gains added SD-WAN flexibility and more granular control with the addition of application, user and group-based traffic selection criteria. Routing can be defined through either the primary or a backup gateway WAN connection and can be configured for replay direction.
Enhanced High Availability
You can now update more high availability settings without breaking HA and can also use the new QuickHA configuration mode.
Alerts and Notifications
There is a new option to choose from dozens of system and threat-related alerts and have notifications sent via email or SNMP.
Intelligent IPS signature selection
XG Firewall receives IPS signatures based on a number of intelligent filtering criteria, such as age, vendor, vulnerability type, and CVSS (Common Vulnerability Scoring System) to optimize protection and performance.
DKIM and BATV anti-spam protection
Anti-spam protection is improved with support for DomainKeys Identified Mail (DKIM). It detects forged sender addresses and Bounce Address Tag Validation (BATV) to determine whether the bounce address specified in the received email is valid and reject backscatter spam.
Kerberos authentication and NTLM
This release adds Kerberos authentication alongside the existing NTLM support for Microsoft Active Directory SSO, extending the range of authentication tools available for customers.
RADIUS time-out with two-factor authentication (2FA)
For customers using two-factor authentication (2FA) with RADIUS server authentication, the timeout value is now configurable allowing additional time to finish the authentication flow when necessary.
Bridge-VLAN support
VLANs are now supported on bridge interfaces, enabling greater networking flexibility and support for advanced inter-VLAN routing and bridging deployments.
Support for SNMPv3 is added, providing more flexibility and security over SNMPv2.
Route-based VPN
You can now create IPsec VPN connections that use tunnel interfaces as endpoints, making static and dynamic routing possible.
Web policy quota
Browsing quotas have been added to web policies, allowing you to set time quotas for browsing selected website categories. Users can choose how and when to consume their daily time quota.
This section describes the enhancements introduced in Sophos XG Firewall 18.0
Interface renaming
Interfaces can be renamed making networking configuration easier and more intuitive.
Jumbo Frame Support
Jumbo frames with more than 1500 byte payloads are now supported for added networking flexibility in high bandwidth environments.
Enhanced DDNS support
Provides support for enhanced HTTPS-based DDNS by adding five more DDNS providers: No-IP, DNS-O-Static, Google DNS, Namecheap, and FreeDNS.
Improved Synchronized Application Control verdict
If there is a pattern-based match conflict, Synchronized Application Control verdict is used. This gives more accurate application control.
DHCP relay enhancements for dynamic routing
Synchronizes dynamic routing updates (learned routes from OSPF) to DHCP relay, eliminating the need for manual reconfiguration.
Secure Syslog and logs in the standard Syslog format
Provides the option to fetch logs in the standard syslog format using secure TLS.
Dynamic GeoIP (IP to country mapping) database
The GeoIP database is now updated dynamically in real time from the Up2Date servers. Make sure you always use the appropriate country-specific filters and policies.
VMware Tools upgrade and integration with VMware Site Recovery Manager (SRM)
Supports virtual device integration of the latest VMware Tools version (v10.3.10) with reboot, shutdown, and clone-like functionalities. The release also supports integration with Site Recovery Manager (SRM), the disaster recovery and business continuity solution from VMware which automates the transfer of virtual machines to a local or remote recovery site.
Log viewer enhancements
The log viewer gets several enhancements with one-click actions available right from the logs to narrow search results, filter log entries, or create or modify policies on the fly.
Live Connections
The live connections pages for IPv4 and IPv6 provide a lot of new insights into concurrent traffic in your network.
Access points can be restarted from the web admin console
You can now restart wireless access points from the web admin console.
Sophos Connect address range
Sophos Connect lease now supports more than 255 IP addresses in the address range.
Known issues
Fixed issues

About these release notes

These pages provide release note information about Sophos Firewall OS and Sophos XG.

Can't find what you need?

Try the following:

  • Use the Search bar above.
  • Go to the Support section of our website and search there. This finds knowledge base articles or Sophos Community posts.