Sophos Firewall Upgrades Boost Network Flexibility and Performance

Sophos booth

Sophos, a global provider of next-generation cybersecurity solutions, has announced a new version of its Sophos Firewall. It includes Xstream software-defined wide area network (SD-WAN) capabilities and best-in-class virtual private network (VPN) enhancements. This would improve network performance and flexibility significantly.

“Today’s globally distributed networks coupled with the explosion of cloud-based applications are forcing many organizations to re-think their traditional WAN architectures,” said Raja Patel, senior vice president of products at Sophos. “A key pillar of our Secure Access Service Edge (SASE) strategy, the new SD-WAN and VPN capabilities integrated in Sophos Firewall enable organizations not only to embrace these necessary changes, but to also adopt flexible wide area network connections and improve resiliency and cloud application performance.”

Key new SD-WAN capabilities would include:

  • Xstream FastPath acceleration of Internet Protocol Security (IPsec) VPN traffic – New FastPath controls route critical SD-WAN tunnel flows via Xstream Flow Processors in XGS Series appliances, significantly boosting performance and security by freeing up resources for TLS and deep-packet inspection.
  • SD-WAN orchestration – A new Sophos Central management capability allows for quick, automatic orchestration of complicated SD-WAN overlay networks across several locations, reducing a job that may previously take hours to just a few minutes.
  • SD-WAN profiles with multi-gateway support – A new SD-WAN link management system allows for smooth and efficient traffic routing over various WAN link gateways based on performance, without disrupting active connections.
  • SD-WAN performance monitoring and logging – New performance monitoring and logging tools track SD-WAN connection performance and routing characteristics like as latency, jitter, and packet loss in real time and over time.

“SD-WAN improves site availability, cost and performance for enterprise WANs, and is aligned with the broader shift of applications to public cloud workloads,” according to the Gartner Hype Cycle for Enterprise Networking, 2021. “There is high client interest in SD-WAN products, and we estimate that more than 50,000 customers have deployed SD-WAN products in production networks. Further, we expect continued rapid growth of SD-WAN deployments, and forecast vendor revenue to grow at a more than 20% compound annual growth rate (CAGR) for the next three years.”


The following VPN advances would make it easier to orchestrate safe site-to-site and remote-access encrypted tunnels:

  • VPN performance enhancements – Depending on the hardware type, IPsec and Secure Sockets Layer (SSL) VPN capacity has risen by up to five times
  • VPN user experience enhancements – Day-to-day VPN administration and setup has been made easier and more intuitive thanks to a simplified administration interface, new step-by-step wizards, and VPN logging upgrades
  • AWS Hybrid Network Integration – Connecting hybrid on-premises and AWS virtual private cloud (VPC) networks has never been easier thanks to a new import tool

Under one single administration umbrella, Sophos Firewall combines with Sophos ZTNA (zero trust network access), a major pillar of Sophos’ SASE strategy that launched earlier this year, delivering a more streamlined and scalable solution than standard remote-access VPN. The network solution is also a component of the Sophos Adaptive Cybersecurity Ecosystem, which brings together Sophos’ full product, service, and threat intelligence portfolio for quicker, more contextual, and coordinated detection, protection, and response.


Sophos Firewall is only available through Sophos’ global channel of partners and Managed Service Providers (MSPs) for instant purchase. It can be easily managed with other solutions via the cloud-native Sophos Central platform, where users can manage installations, respond to warnings, and track licenses and future renewal dates all from a single, easy interface.