Sophos Xg 18 Mr3


The new features and enhancements are on this page.

  1. Sophos Xg 18 Mr3 Price
  2. Sophos Xg 18 Mr3 Release
  3. Sophos Xg 18 Mr3 Update

Sophos Cloud Optix: For XG Firewall instances deployed in the AWS environment, you can see their VPC details in the topology section in Sophos Cloud Optix. For more details, see the Cloud Optix help.


Amazon Web Services: Routing-based redundancy enhancements are available on the AWS platform.

Sophos Xg 18 Mr3

Sophos Central: You can register HA devices with Sophos Central and manage them centrally. Both devices must be on 18.0 MR4. You must configure HA on the web admin console of XG Firewall.

High availability: Improvements to FastPath offload for HA active-passive configurations.

Shiny markdown

Sophos Connect client:

Sophos Xg 18 Mr3 Price


Sophos Xg 18 Mr3 Release

Flag as inappropriate Absolutely embarrassing for Sophos that still in 18 MR3 there is no NTP Proxy implemented. All customers migrated from UTM have to use work-arounds instead of just having this easy to implement functionality. Go for please. Learn more about the next-gen XGS Series Firewall Appliances. XG Desktop Models: SMB and Branch Office Our Desktop firewall appliances support all the security features of our larger appliances but in a compact form factor and at a fraction of the cost.

  • The Sophos Connect client menu has been renamed IPsec (remote access). It's available on VPN > IPsec (remote access). You can configure the IPsec remote access configuration on this page. It also offers the advanced settings that were earlier available only through Sophos Connect Admin.

    Turning off Use as default gateway on the web admin console may prevent connections from being established if the existing configuration files don't match the advanced settings. If you make changes to any of the advanced settings on the web admin console, you must send the updated .scx file to users for reimport into the Sophos Connect client.

  • Users can download the Sophos Connect client from VPN > Sophos Connect client (IPsec and SSL VPN) on the user portal. The available client versions and the remote access connections users can establish are as follows:
    • Windows: Sophos Connect client 2.0 (IPsec and SSL VPN connections)
    • macOS: Sophos Connect client 1.4 (Currently, only IPsec connections)

For more information, see the remote access VPN help.

Security enhancements:

  • SSL VPN: XG Firewall enforces TLS 1.2 for SSL VPN connections:
    • Site-to-site connections: Both SSL VPN server and client firewalls must be on 18.0 MR4.
    • Remote access connections: These connections use OpenVPN client 2.3.8 and later. The Sophos Connect client 2.0 and legacy SSL VPN client enforce TLS 1.2.
  • Password security: Introduced a secure hash for storing the password of the admin (default administrator) account:
    • The control center prompts the default administrator to change the current password. We recommend making this change. It's a one-time requirement.
    • Password complexity is turned on by default for all passwords, including those for the web admin console and the user portal.
  • Open SSL: XG Firewall now uses OpenSSL 1.0.2u.
  • SPX portal: A CAPTCHA is now required for the SPX portal to prevent automated attacks. You can't turn it off.

Web: XG Firewall blocks web pages categorized as highly objectionable criminal activity and hides the domain name in logs and reports. It won't implement any policy or exclusion that allows these pages.

RADIUS server: An optional Domain name field, which creates a local entry in the format [email protected] for RADIUS users, is available. The setting eliminates the issue of two entries being created automatically when authentication is based on both AD and RADIUS servers, for example, when the primary authentication method is AD, but VPN or multi-factor authentication uses RADIUS.

Sophos Xg 18 Mr3 Update

Synchronized Application Control: You can also set the automatic cleanup time to one month.