Changes
These are the new and changed help pages in this release.
New pages
- Breakout interfaces
- Configure breakout on an interface
- Add an OSPFv3 interface
- Add an OSPFv3 area
- Azure Active Directory server
- Configure Azure AD in Azure Portal
- Add an Azure Active Directory server
- Troubleshooting Azure AD
Substantial changes
The following pages each contain a large number of changes:
- Architecture for offloading
- Web admin console
- Tools
- SD-WAN performance
- Intrusion prevention
- Severity levels of IPS signatures
- Traffic shaping default
- Application object
- Advanced protection
- Edit physical interfaces
- SD-WAN profiles
- Add an SD-WAN profile
- Add a unicast route
- BGP
- OSPF and OSPFv3
- Add OSPF areas
- Add an OSPF network
- Override interface configuration
- Routing information
- Override interface configuration
- High availability
- Manage an HA pair in Sophos Central
- Preface
- Network configuration
- Reset to factory settings
- HA requirements
- HA configuration
- Configure active-passive HA using QuickHA
- Configure active-passive HA using interactive mode
- Configure active-active HA using QuickHA mode
- Configure active-active HA using interactive mode
- Verify HA status
- HA roles and statuses
- Manage HA
Minor changes
The following pages have minor changes:
- Getting started
- Deployment options
- How to deploy Sophos Firewall on Amazon Web Services (AWS)
- Amazon Web Services (AWS) FAQ
- Managing Sophos Firewall
- How to configure management ports
- Control center
- IPv6 support
- Current activities
- Live users
- Live connections
- IPsec connections
- Remote users
- Reports
- How to download reports
- Dashboards
- Applications & web
- Network & threats
- VPN
- Compliance
- Custom
- Bookmarks
- Add a bookmark
- Report settings
- Custom view
- Add a custom view
- Report scheduling
- Add a report schedule
- Send test mail
- Data management
- Manual purge
- Bookmark management
- Add a bookmark group
- ConnectWise
- Custom logo
- Zero-day protection
- Downloads and attachments
- Protection settings
- Diagnostics
- Policy tester
- System graphs
- CPU usage graphs
- Memory usage graphs
- Load average graphs
- Disk usage graphs
- Live users graphs
- Data transfer through WAN zone graphs
- Interface graphs
- URL category lookup
- Packet capture
- Configure capture filter
- Display filter
- Connection list
- Display filter
- Related connections
- Support access
- Rules and policies
- Firewall rules
- Control traffic requiring web proxy filtering
- Create a country-based firewall rule
- Create a black hole DNAT rule
- Log all dropped traffic
- Add a firewall rule
- Add a DNAT rule with server access assistant
- DSCP value
- VoIP
- UDP time-out value causes VoIP calls to drop or have poor quality
- VoIP call issues over site-to-site VPN or with IPS configured
- Audio and video calls are dropping or only work one way when H.323 helper module is loaded
- How to turn the Session Initiation Protocol (SIP) module on or off
- The phone rings, but there's no audio if you're using VPN or the Sophos Connect client
- DoS & spoof protection and VoIP
- Web server protection (WAF) rules
- Add a web server protection (WAF) rule
- Add an Exchange Autodiscover rule
- Add an Exchange Outlook Anywhere rule
- Add an Exchange general rule
- Add a Microsoft Lync rule
- Add a Microsoft Remote Desktop Gateway 2008 and R2 rule
- Add a Microsoft Remote Desktop Web 2008 and R2 rule
- Add a Microsoft Sharepoint 2010 and 2013 rule
- NAT rules
- Create DNAT and firewall rules for internal servers
- Create a source NAT rule
- Create a source NAT rule for a mail server (legacy mode)
- Create a firewall rule with a linked NAT rule
- Add a NAT rule
- Add a DNAT rule with server access assistant
- SSL/TLS inspection rules
- Allow non-decryptable traffic using SSL/TLS inspection rules
- Enable Android devices to connect to the internet
- SSL/TLS inspection settings
- Add an SSL/TLS inspection rule
- Find the number of IPS signatures
- DoS attacks
- IPS policies
- Add an IPS policy
- Add rules to a policy
- IPS signature categories
- Custom IPS signatures
- DoS & spoof protection
- Add a trusted MAC address
- Import trusted MAC addresses
- Create a DoS bypass rule
- Web
- Generate, apply, and install the signing CA
- Configure SSL/TLS inspection and decryption
- Enhance web protection
- Customize web protection
- Control access to websites
- Block content using a list of terms
- Policies
- Add a web policy
- Add a rule to a web policy
- Migrating policies from previous releases
- Policy quota status
- User activities
- Add a user activity
- Categories
- Add a category
- URL groups
- Add a URL group
- Exceptions
- Add an exception
- General settings
- File types
- Add a file type
- Surfing quotas
- Add a surfing quota
- User notifications
- Content filters
- Troubleshoot port-agnostic inspection of decrypted HTTPS traffic
- Applications
- Block applications using the application filter
- Application filter
- Add an application filter policy
- Add an application filter policy rule
- Synchronized Application Control
- Customize a discovered application
- Cloud applications
- Application list
- Block high-risk applications
- Wireless
- Configure a wireless network
- Create a hotspot with a custom sign-in page
- Create a mesh network
- Deploy a wireless network as a bridge to an access point LAN
- Deploy a wireless network as a separate zone
- Provide guest access using a hotspot voucher
- Restart access points remotely using the CLI
- Wireless client list
- Wireless networks
- Add a wireless network
- Access points
- Access point details
- VLAN tagging requirements
- Add a wireless network to an access point
- Reset an APX series access point
- Access point groups
- Add an access point group
- Mesh networks
- Add a mesh network
- Troubleshooting mesh networks
- Hotspots
- Add a hotspot
- Login page template
- Voucher template
- Hotspot voucher definition
- Add a hotspot voucher definition
- Rogue access point scan
- Wireless settings
- Hotspot settings
- Configure protection for cloud-hosted mail server
- Configure email protection in MTA mode
- Set up Microsoft Office 365 with Sophos Firewall
- Scan inbound and outbound SMTP traffic
- Configure POP-IMAP scanning
- Configure the quarantine digest (MTA mode)
- Encrypt outbound emails in MTA mode
- Protect internal mail server in legacy mode
- Turn on IP reputation
- Policies and exceptions
- Add an SMTP route and scan policy (MTA mode)
- Add a POP-IMAP scan policy
- Add an exception
- Add an SMTP malware scan policy (legacy mode)
- Add an SMTP spam scan policy (legacy mode)
- Data control list
- Add a data control list
- SMTP quarantine
- Mail spool (MTA mode)
- Mail logs (MTA mode)
- Encryption
- Add an SPX template
- General settings
- Add a DKIM signature (MTA mode)
- Add an email journal (legacy mode)
- Address group
- Add an address group
- Relay settings (MTA mode)
- File types
- Add a file type
- Quarantine settings
- Troubleshooting email protection
- Web server
- Web servers
- Add a web server
- Add a protection policy
- Authentication policies
- Add an authentication policy
- Authentication templates
- Add an authentication template
- General settings
- Protect a web server against attacks
- Remote access VPN
- Configure IPsec remote access VPN with Sophos Connect client
- Configure remote access SSL VPN with Sophos Connect client
- Create a remote access SSL VPN with the legacy client
- Create an L2TP remote access connection
- IPsec and SSL VPN overview
- Remote access IPsec overview
- Remote access IPsec settings
- Remote access IPsec group authentication
- Remote access SSL VPN overview
- Add a remote access SSL VPN policy
- Add a remote access policy using the SSL VPN remote access assistant
- SSL VPN global settings
- Sophos Connect client
- Sophos Connect provisioning file
- L2TP
- Add an L2TP policy
- L2TP global settings
- PPTP
- Clientless SSL VPN
- Add a clientless SSL VPN policy
- Add a bookmark
- Add a bookmark group
- IPsec (legacy)
- Site-to-site VPN
- Create a policy-based IPsec VPN
- IPsec VPN with firewall behind a router
- Create a route-based VPN (any to any subnets)
- Create a route-based VPN with traffic selectors
- Configure a route-based VPN failover with two ISP connections
- NAT with route-based IPsec when local and remote subnets are the same
- NAT with policy-based IPsec when local and remote subnets are the same
- Use NAT rules in an existing IPsec tunnel to connect a remote network
- Create a site-to-site SSL VPN
- Create an Amazon VPC site-to-site connection
- IPsec connections
- Add an IPsec connection
- Add a failover group
- Policy-based VPN
- Route-based VPN
- Comparing policy-based and route-based VPNs
- Routing and NAT for IPsec tunnels
- Amazon VPC
- Site-to-site SSL VPN
- Add a server connection
- Add a client connection
- Troubleshooting site-to-site IPsec VPN
- Troubleshooting Amazon VPC site-to-site VPN connections
- Network
- Deploy Sophos Firewall in bridge mode
- Deploy Sophos Firewall in gateway mode
- Deploy Sophos Firewall in discover mode
- Interfaces
- Physical interfaces
- Add an alias
- Bridge interfaces
- Add a bridge interface
- Virtual LANs
- Add a VLAN interface
- Link aggregation groups
- Add a link aggregation group
- RED interfaces
- Create a site-to-site RED tunnel
- Set up a RED manually
- Add a RED interface
- RED operation modes
- RED LAN modes
- RED 15w requirements
- RED network configuration
- About RED unlock code
- Troubleshooting inactive RED access points
- USB compatibility list
- Zones
- Add a zone
- WAN link manager
- Edit gateway details
- DNS
- Add a DNS host entry
- Add a DNS request route
- Configure inbound DNS load balancing and failover
- DHCP
- Configure Sophos Firewall as a DHCP server
- HO firewall as DHCP server and BO firewall as relay agent
- DHCP server behind HO firewall and BO firewall as relay agent
- Configure DHCP options for Avaya IP phones
- Configure DHCP boot options
- Add a DHCPv4 server
- Add a DHCPv6 server
- Add a DHCP relay
- IPv6 router advertisement
- Add an IPv6 router advertisement
- Cellular WAN
- Cellular WAN interface
- IP tunnels
- Add an IP tunnel
- Neighbors (ARP–NDP)
- Add a static neighbor
- Dynamic DNS
- Add a dynamic DNS provider
- Routing
- SD-WAN routes
- Configure SD-WAN routes
- Allowing traffic flow for directly connected networks: Set route precedence
- Add an SD-WAN route
- Managing SD-WAN routes
- SD-WAN routing behavior
- User and application-based SD-WAN routes
- Migrated SD-WAN routes
- Troubleshooting
- Gateways
- Add a gateway
- Configure gateway load balancing and failover
- WAN link load balancing and session persistence
- Static routing
- Manage static routes
- Add multicast route
- Dynamic routing updates
- Add BGP network
- Add a BGP neighbor
- Upstream proxy
- Send web requests through an upstream proxy in WAN
- Send web requests through an upstream proxy in LAN
- Multicast (PIM-SIM)
- RIP
- Add RIP network
- Authentication
- Configure multi-factor authentication
- Deploy OTP tokens manually
- Configure Active Directory authentication
- Route system-generated authentication queries through an IPsec tunnel
- FAQs for Active Directory users and groups
- Support for Active Directory group memberships
- Configure LDAP authentication
- Configure RADIUS authentication
- Configure per-connection AD SSO authentication for multi-user hosts
- Configure transparent authentication using STAS
- Configure a Novell eDirectory compatible STAS
- Synchronize configurations between two STAS installations
- Allow clientless SSO (STAS) authentication over a VPN.
- How to see the log for Sophos Transparent Authentication Suite (STAS).
- Exclude a user from SSO in STAS
- Configure the user inactivity timer for STAS
- Check connectivity between an endpoint device and authentication server using STAS
- Test connectivity in STAS
- Backup and restore STAS configuration
- Configure Chromebook single sign-on
- Turn on Kerberos authentication
- Migrate to another authenticator application
- Servers
- Add a server
- LDAP server
- Add an LDAP server
- Active Directory server
- Add an Active Directory server
- RADIUS server
- Add a RADIUS server
- TACACS+ server
- Add a TACACS+ server
- eDirectory server
- Add an eDirectory server
- Services
- Groups
- Add a group
- Group details
- Users
- Add a user locally
- View usage
- Multi-factor authentication (MFA)
- OTP service settings
- Add a token
- Generate passcodes manually
- Web authentication
- Authentication methods
- Guest users
- Add a single guest user
- Add multiple guest users
- Guest user details
- Clientless users
- Add a single clientless user
- Add multiple clientless users
- Guest user settings
- Configure an SMS gateway
- Client downloads
- Use Sophos Network Agent for iOS 13 devices
- Use Sophos Network Agent for iOS 12 and Android devices
- STAS
- Add a collector
- Clientless SSO authentication
- Unauthenticated traffic
- Users unable to sign in through STAS
- Sophos Authentication for Thin Client (SATC)
- Set up SATC with Sophos Server Protection
- Troubleshooting authentication
- Sophos Firewall and third-party authenticators
- System services
- RED
- Couldn't register Sophos Firewall for RED services
- RED 50 vs SD-RED 60 traffic behavior
- Malware protection
- Log settings
- Configure a secure connection to a syslog server using an external certificate
- Add a syslog server
- Notification list
- Notifications
- Data anonymization
- Traffic shaping
- Limit bandwidth for an application
- Guarantee bandwidth for an application category
- Limit bandwidth for a web category
- Add a traffic shaping policy
- Traffic shaping settings
- Services
- Reserved ports
- Sophos Central
- Use OTP to register with Sophos Central
- Use the super admin credentials to register with Sophos Central
- Security Heartbeat overview
- Security Heartbeat
- Synchronized user ID authentication
- Turn on security heartbeat
- Synchronized Application Control overview
- Sophos Central services overview
- Profiles
- Schedule
- Add a schedule
- Access time
- Add an access time policy
- Surfing quotas
- Add a surfing quota
- Network traffic quota
- Add network traffic quota policy
- Decryption profiles
- Add a decryption profile
- IPsec profiles
- Add an IPsec profile
- IPsec encryption algorithms
- Device access
- Add a device access profile
- Hosts and services
- IP host
- Default services
- Add IP host
- IP host group
- Add an IP host group
- MAC host
- Add a MAC host
- Configure an FQDN host
- FQDN host group
- Add an FQDN host group
- Country group
- Add a country group
- Services
- Add service
- Service group
- Add a service group
- Administration
- Licensing
- Device access
- Access to local services from zones
- Add local service ACL exception rule
- Admin settings
- Reset your admin password using the CLI
- Reset your admin password from web admin console
- Set a login disclaimer
- Time
- Notification settings
- Netflow
- Messages
- SNMP
- Configure SNMP users and traps
- Configure SNMP community and traps
- SNMP agent configuration
- Add an SNMPv3 user
- Backup and firmware
- Backup and restore
- API
- How to use the API
- Import export
- How to update and import a configuration
- Firmware
- Move to a different firmware version
- Download firmware from Sophos Licensing Portal
- Load firmware using SFLoader
- Reimage Sophos Firewall
- Reset to factory settings
- Troubleshooting: Couldn't upload new firmware
- Pattern updates
- Certificates
- Add subordinate and root CAs for TLS traffic
- Use Sophos Mobile to install the root CA on mobile devices
- Add a CA manually to endpoints
- Add certificates using Postman API
- Certificates
- Add certificate
- Upload a certificate
- Generate a locally-signed certificate
- Generate a certificate signing request
- Download a certificate
- Import a certificate
- Revoke a certificate
- Certificate authorities
- Add a CA
- Download a CA
- Update the default CA
- Regenerate a CA
- Certificate revocation lists
- Add a CRL
- Download a CRL
- Logs
- Log file details
- Log viewer
- Invalid traffic events
- Firewall log behavior for web traffic
- Introduction
- Change password
- Personal information
- Download client
- VPN
- Remote access IPsec and SSL VPN
- Clientless access connections
- Internet Usage
- Quarantine
- Exception
- My policy overrides
- Add a web policy override
- Hotspots
- Hotspot type: Password of the day
- Hotspot type: Voucher
- Manage vouchers
- OTP token
- Accessing Command Line Console
- SSH to the firewall using PuTTY
- Interface configuration
- DNS Configuration
- System settings
- Set the administrator password
- Set system date
- Set email address for system notification
- Reset Web admin certificate
- Reset secure storage master key
- Route configuration
- Configure Unicast Routing
- RIP configuration
- RIP configuration steps
- OSPF configuration
- OSPF configuration steps
- BGP configuration
- BGP configuration steps
- Multicast routing
- Configure multicast routing
- Device console
- set
- system
- Device Management
- VPN Management
- Appendix A – DHCP Options (RFC 2132)
- Appendix B – DHCPv6 Options (RFC 3315)
- Control center
- Interfaces
- Configure an interface
- DHCP
- Configure a DHCP server
- DNS
- Configure DNS servers
- Wireless
- Create a wireless network as a separate zone
- Create a bridge to AP LAN wireless network
- Configure Active Directory authentication
- Security management and best practices
- Create a remote access SSL VPN with the legacy client
- About HA
- HA operation
- Additional configuration for virtual hosts
- How to add a FleXi module to an existing HA pair
- Upgrading HA
- HA license transfer
- How to transfer a license
- FAQs
- Troubleshooting
- Virtual and software appliances
- Microsoft Hyper-V
- Installing on Hyper-V
- Nutanix Prism
- Installing on Nutanix Prism Central
- KVM
- Installing on KVM
- Software appliance
- Installing on Windows
- Installing on macOS
- VMware
- Installing on VMware
- Citrix Hypervisor
- Installing on Citrix Hypervisor
- Activating and registering Sophos Firewall
- Sophos Firewall