Unleash Unmatched Cyber Defense: Sophos Firewall v21.5’s Breakthrough NDR-Essential

Sophos, a global leader in innovative security solutions for defeating cyberattacks, recently announced an update to its Sophos Firewall. Now, Sophos Firewall includes Sophos NDR Essential—free for all customers with an XStream Protection license.

With this integration, Sophos Firewall leverages two dedicated artificial intelligence engines to detect malware communications and algorithmically generated domain names. This new capability, powered by the Sophos Network Detection and Response probe, identifies previously unknown threats and complements the Active Threat Response features already in place.

According to Chris McCormack, Senior Product Marketing Manager at Sophos, “NDR traffic analysis requires substantial processing power. That’s why we’ve adopted a new approach by deploying an NDR solution in Sophos Cloud to offload the heaviest tasks from the firewall.”

Sophos Connect Integrates EntraID for SSO

The VPN client bundled with Sophos Firewall now supports EntraID (Azure AD) for single sign-on. This enhancement secures SSL and IPsec VPN connections and improves user experience by adding multi-factor authentication for both Sophos Connect and the user portal.

Other VPN-related improvements include:

1. –Intuitive interface updates: “Site-to-site” is now “policy-based,” and “route-based” tunnel interfaces are renamed for clarity.
2. –Dynamic IP pool validation: Prevents address conflicts across SSL VPN, IPsec, L2TP, and PPTP.
3. –Strict profile enforcement: Excludes default IPsec profile values to ensure algorithm synchronization and eliminate session negotiation issues.
4. –Enhanced scalability: Supports up to 3,000 route-based VPN tunnels, 1,000 SD-RED site-to-site tunnels, and 650 concurrent SD-RED devices.

Additional Management Enhancements

Furthermore, Sophos has rolled out several management improvements to streamline daily operations:

–Flexible IPv6 DHCP-PD: Supports /48 to /64 prefixes for better ISP compatibility.

–RA and DHCPv6 server enabled by default: Simplifies IPv6 deployments.

–Resizable table columns: Improves the admin interface on ultra-wide screens.

–Advanced search: SD-WAN routing and local ACL rules now support name, ID, and content-based searches.

–Default configuration updates: Only the default network and MTA rules are provided; custom gateway probes and rule groups default to “None.”

Secure by Design

Moreover, Sophos continues to harden its firewall platform with a secure-by-design approach. Specifically, features are containerized, and integrity checks on critical OS files use mathematical checksums—any mismatch triggers an alert. Consequently, monitoring teams can swiftly identify potential compromises and react accordingly.

Availability

Customers can download and deploy this update manually on any Sophos Firewall with a valid license.

For more on Sophos’s Middle East strategy, check out our previous coverage:
Sophos Announces Intent to Expand Middle East Operations with New Data Center in the UAE