Sophos’s Xstream Architecture for XG Firewall is a new streaming packet process that provides extreme levels of protection and performance. The early access programme (EAP) 1 will provide Sophos users with a number of new and enhanced features.
The new architecture includes Xstream SSL Inspection, Xstream DPI Engine and Xstream Network Flow FastPath. In addition, a number of other features are available in the XG Firewall v18 EAP 1.
These are Sandstorm threat intelligence analysis; Sophos central firewall reporting and management; NAT enhancements; firewall rule management improvements; enhanced DDNS support; SD-WAN policy-based routing enhancements; alerts and notifications; intelligent IPS signature selection; DKIM and BATV anti-spam protection; Kerberos authentication and NTLM; Radius timeout with two-factor authentication (2FA); SNMPv3; interface renaming and Jumbo frame support.
Ross Anderson, Sophos Product Development Manager at Duxbury Networking, says that Xstream SSL Inspection means that organisations can enable SSL inspection on their networks without compromising network performance or user experience.
“It delivers high-performance, high connection capacity support for TLS 1.3 and all modern cipher suites, providing extreme SSL inspection performance across all ports, protocols, and applications. It also comes equipped with enterprise-grade controls to optimise security, privacy, and performance.”
Xstream DPI Engine enables comprehensive threat protection in a single high-performance streaming engine with proxy-less scanning of all traffic for AV, IPS and web threats, as well as providing application control and SSL inspection.
Pattern matching on decrypted traffic makes patterns more effective and provides increased protection from hash/pattern changing applications such as Psiphon proxy.
“Xstream Network Flow FastPath provides the ultimate in performance by intelligently offloading traffic processing to transfer trusted traffic at wire speeds. FastPath offloading can be controlled through policy to accelerate important cloud application traffic, or intelligently by the DPI engine based on traffic characteristics,” Anderson points out.
With Sophos Sandstorm, all suspicious files are now subject to threat intelligence analysis in parallel with full sandbox analysis.
“Files are checked against SophosLabs’ massive threat intelligence database and subjected to our deep learning, which identifies new and unknown malware quickly and efficiently to stop the latest zero-day threats before they get on the network,” says Anderson.
XG Firewall’s NAT configuration receives some major updates in the new version. NAT rules are now decoupled from firewall rules, enabling more powerful and flexible configuration options, including Source (SNAT) and Destination (DNAT) in a single rule.
In addition, a new linked NAT rule feature follows the matching criteria of the Firewall Rule. Linked NAT Rule can also be added and edited in place while creating/editing firewall rules. Only the source translation configuration needs to be selected for Linked NAT Rule.
Firewall rules management includes a new ‘Add Filter’ option with several fields/conditions from which to choose. Administrators can manage multiple firewall rules at the same time and movement of rules across screens is possible, providing ease of use and management for larger rule sets.
Sophos-XG v18 provides support for enhanced DDC service HTTPS-based DDNS by adding five more DDNS providers – No-IP, DNS-O-Static, Google DNS, Namecheap, and FreeDNS. There is also a new option to choose from dozens of system- and threat-related alerts, and have notifications sent via email or SNMP.
XG Firewall will receive IPS signatures based on a number of intelligent filtering criteria such as age, vendor, vulnerability type, and CVSS (Common Vulnerability Scoring System) to optimise protection and performance.
This release adds Kerberos authentication alongside the existing NTLM support for Microsoft Active Directory SSO, extending the range of authentication tools available for customers. Support for SNMPv3 has been added to providing more flexibility and security over SNMPv2.
Sophos-XG v18 supports virtual device integration of the latest VMware Tools version (v10.3.10) with reboot, shutdown, and clone-like functionalities. The release also supports integration with Site Recovery Manager (SRM), the disaster recovery and business continuity solution from VMware which automates the transfer of virtual machines to a local or remote recovery site.
“To cater for high-bandwidth environments, this version allows for support of Jumbo frames with more than 1500 byte payloads, providing users with added networking flexibility. In a nutshell, this new version’s enhancements create increased functionality and security for users,” says Anderson.