The product team is pleased to announce that Sophos Firewall v22 is now generally available. This update brings several Secure by Design enhancements and many of your top requested features.
Secure by Design
Over the last several weeks, we’ve covered the importance of Secure by Design principles and why we need secure products as much as we need security products. Sophos Firewall v22 builds on the many security and hardening enhancements from previous releases to take Secure by Design to whole new level.
Watch this video for a quick overview of what’s new:
Sophos Firewall Health Check
A strong security posture depends on ensuring your firewall is optimally configured. Sophos Firewall v22 makes it much easier to evaluate and address the configuration of your firewall with the new Health Check feature.
This new feature evaluates dozens of different configuration settings on your firewall and compares them with CIS benchmarks and other best practices, providing immediate insights to areas that may be at risk. It will identify all high-risk settings and provide recommendations with quick drill-down to the areas of concern so you can easily address them.
The Health Check status is displayed on a new Control Center widget and a full report is available under the “Firewall health check” main menu item.
Watch this video to see how to make the most of this new feature.
Other Secure by Design enhancements
Next-Gen Xstream architecture
Introducing an all-new control plane re-architected for maximum security and scalability that will take us into the future. The new control plane enables modularization, isolation, and containerization of services like IPS for example, to run like “apps” on the firewall platform.
It also enables complete separation of privileges for added security. In addition, high-availability deployments now benefit from a self-healing capability that is continuously monitoring system state and fixes deviations between devices automatically.
Hardened kernel
The next-gen Xstream Architecture in Sophos Firewall OS is built upon a new hardened kernel (v6.6+) that provides enhanced security, performance, and scalability.
The new kernel offers tighter process isolation and better mitigation for side-channel attacks as well as mitigations for CPU vulnerabilities (Spectre, Meltdown, L1TF, MDS, Retbleed, ZenBleed, Downfall). It also offers hardened usercopy, stack canaries, and Kernel Address Space Layout Randomization (KASLR).
Remote integrity monitoring
Sophos Firewall OS v22 now integrates our Sophos XDR Linux Sensor that enables real-time monitoring of system integrity, including unauthorized configuration, rule exports, malicious program execution attempts, file tampering, and more.
This helps our security teams – who are proactively monitoring our entire Sophos Firewall install base – to better identify, investigate, and respond more quickly to any attack. This is an added security capability that no other firewall vendor provides.
New anti-malware engine
Sophos Firewall OS v22 integrates the latest Sophos anti-malware engine with enhanced zero-day real-time detection of emerging threats using global reputation lookups.
It takes full advantage of SophosLabs’ massive cloud database of known malicious files, updated every five minutes or less. It also introduces AI and ML model detections and delivers enhanced telemetry to SophosLabs for accelerating their emerging threat detection analysis.
Other security and scalability enhancements:
- Firmware updates via SSL and certificate pinning ensures authenticity
- Active Threat Response logging improvements enhance visibility
- NDR Essentials threat score is included in Logs for added insights
- NDR Essentials data center selection for data residency requirements
- Instant web category alerts for education institutions
- XML API access control enhancements with added granularity
- TLS 1.3 support for device access for the WebAdmin console and portals
Top requested features and quality of life enhancements:
- Enhanced navigation performance
- Hardware monitoring for SNMP with a downloadable MIB
- sFlow Monitoring for real-time visibility
- NTP server settings defaults to “Use pre-defined NTP server”
- UI enhancements for XFRM interfaces with pagination and search/filter options
SG UTM features:
With Sophos UTM coming toward end-of-life soon (July 30, 2026), some migrating customers will appreciate these added features:
- SHA 256 and 512 support for OTP tokens
- MFA support for WAF form-based authentication
- Audit trail logs with before and after tracking to meet the latest NIST standards
Get the full details
Download the full What’s New Guide for a complete overview of all the great new features and enhancements in v22. Also be sure to check out the full release notes documentation.
How to get v22
As with every firewall release, Sophos Firewall v22 is a free upgrade for Sophos Firewall customers with Enhanced or Enhanced Plus Support and should be applied to all supported firewall devices as soon as possible.
With the new architectural changes in v22, this update may require some additional steps for a very small percentage of existing desktop, virtual, or software firewall devices to free added disk space or resize the root partition. If your device requires additional steps this will be noted before you download with a link to instructions for the additional steps.
Review this video for an overview of the different devices and steps that may be required:
A quick summary:
- XGS 2100 and above – no additional steps required
- XGS Desktop Series – 97% will seamlessly upgrade, with 3% requiring a few additional manual steps which will be flagged by an alert
- Virtual/software devices deployed prior to v18 also require additional steps
If your device requires some additional manual steps to upgrade, the alert will advise you of what’s required in-product or via Sophos Central before you download the firmware. The alert will link to the required steps in this KB article: Requirements and resolution to upgrade to v22.
This firmware release will follow our standard staged roll-out process. The new v22 firmware will be gradually rolled out to all connected devices in phases over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.
A special thank you to everyone that participated in the early access program!
