SSL VPN: Introduced static IP address lease for remote access SSL VPN users on the firewall and from an external RADIUS server. Sophos Firewall now maps remote access SSL VPN users with static IP addresses, enhancing user monitoring and visibility and its ability to trace users.
- IKEv2 profiles: Added default IKEv2 profiles (Head office (IKEv2) and Branch office (IKEv2)) for site-to-site IPsec connections to deliver improved tunnels between the head office and branch offices. This eliminates the manual fine-tuning required for the existing default head office and branch office profiles, such as rekey interval, dead peer detection (DPD) selection, and key negotiation retries. This helps in eliminating rekey collisions and DPD-related issues.
- Tunnel flapping: Changed the defaults to prevent non-TCP (example: VoIP, RDP, Skype, Zoom, UDP) connections from flapping when the IPsec tunnel is established or goes down. The new default settings are as follows:
- vpn conn-remove-tunnel-up: Disabled
- vpn conn-remove-on-failover: Enabled