Sophos Firewall v21.5 Now Available: Industry-First NDR, SSO, DNS Protection, and More

Introduction

Sophos Firewall v21.5 introduces a host of innovations—anchored by the industry’s first native Network Detection and Response (NDR) integration—alongside top-requested features such as Entra ID single-sign-on for VPN, deeper DNS Protection integration, and numerous quality-of-life and scalability enhancements. This free upgrade is available now for all XGS Series customers with the Xstream Protection license bundle and Enhanced (or Enhanced Plus) support.

Main Features

1. NDR Essentials: Cloud-hosted Threat Detection

Sophos is the first vendor to integrate NDR directly into its firewall offering. NDR Essentials offloads all analysis to the Sophos Cloud—using AI-driven engines to inspect TLS metadata and DNS queries—thereby detecting threats in encrypted traffic without impacting on-box performance. This capability is enabled out-of-the-box for all XGS Series hardware running v21.5 with the Xstream Protection license, at no additional cost.

2. Entra ID Single-Sign-On for Remote Access VPN

Responding to customer demand, v21.5 adds Entra ID (formerly Azure AD) SSO support for both the Sophos Connect client and the VPN portal. Leveraging OAuth 2.0 and OpenID Connect, users can log in with their corporate credentials, simplifying client-side configuration and reducing help-desk tickets. Requires Sophos Connect client 2.4 (or later) on Windows.

3. Enhanced DNS Protection Integration

Building on last year’s free DNS Protection service, v21.5 embeds DNS Protection more tightly into the firewall UI:

• Control Center widget showing service status
• Troubleshooting insights via enriched logging and notifications
• Guided tutorial for one-click deployment
  These additions streamline deployment and troubleshooting, helping organizations lock down DNS-based attack vectors with minimal effort.

4. VPN, Scalability & Usability Enhancements

• Intuitive VPN terminology: renames “site-to-site” to “policy-based” and “tunnel interfaces” to “route-based”

• Improved IP lease-pool validation across all remote-access VPN types
• Strict Profile Enforcement for IPsec handshakes, eliminating fragmentation issues
• Route-based VPN capacity doubled to 3,000 tunnels; SD-RED scalability increased to 1,000 RED tunnels and 650 SD-RED devices

5. Streamlined Management & Quality-of-Life Improvements

• Resizable columns on status/config screens (SD-WAN, NAT, SSL, Hosts & Services, site-to-site VPN)
• Extended free-text search in SD-WAN routes and ACL rules (by name, ID, object values like IPs and domains)
• Default configuration cleanup: only essential default network and MTA rules remain, reducing post-deployment cleanup
• Sharper, lighter UI font for improved readability and performance

6. Additional Enhancements

• License-agnostic RAM: removes RAM caps on virtual, software, cloud BYOL, and Home Edition licenses
• WAF file-size limit increased to 1 GB for deep-packet inspection
• Secure by Design: real-time telemetry to detect unauthorized OS-file changes via hash validation
• DHCPv6 improvements: /48–/64 prefix delegation, default RA/DHCPv6 server enabled
• Path MTU Discovery for optimal performance with Kyber ML-KEM TLS
• NAT64 support for IPv6-only clients in explicit proxy mode

How to Get v21.5

Sophos Firewall v21.5 is a free, supported upgrade for all eligible customers. You can update via your on-box console or Sophos Central:

• Automatic rollout: devices will receive a notification when the update is available, allowing you to schedule it at your convenience.
• Manual download:
  • Log in to Sophos Central → Licensing → select your firewall → expand device → click the v21.5 firmware link.
  • If you need installers or initial-setup images, use the Other downloads option.

Download links:

• Firmware & installers: https://www.sophos.com/en-us/support/downloads
• Sophos Central portal: https://central.sophos.com

Final Thoughts

v21.5 marks a significant milestone for Sophos Firewall—blending cloud-powered NDR, seamless SSO, and deeper DNS security into a unified platform without compromising performance. Whether you manage a single appliance or a global deployment, these enhancements streamline operations, improve security posture, and reduce administrative overhead. Plan your upgrade today to take advantage of these compelling new capabilities.