Sophos V18

Posted on  by admin


Of course, all these features are a free upgrade for Sophos customers and as easy as clicking to upgrade the firmware in the Firewall console or scheduling a firmware update through Sophos Central. Upgrade to v18 today! Now is the perfect time for your customers to upgrade.

The article introduces how to configure DNAT with Load Balancing for outside client can connect to Web Servers

Sophos V18 Mr4

  • 1 day ago  Sophos Firewall OS v18.5. The new appliances come with the latest v18.5 software release, which not only provides support for the new hardware but also includes all the 18.x maintenance releases – many new capabilities and security improvements – since the v18 release.
  • With Sophos XG v18 update, there are some significant changes concerning the configuration on selecting a gateway. We will try to explain the changes from v17 to v18 in this article. How it is in v17: In v17, you choose the default gateway for the traffic going to the Internet or outside the XG in the same firewall rule configuration.
  • XG Firewall v18 - ENG - The Seven Uncomfortable Truths of Endpoint Security reveals deep insights into today’s cybersecurity challenges. Register to attend and see how your organization stacks up.


Sophos v18 upgrade

How to configure

Identifier for 2 Web server

  • Navigate to Hosts and Services -> Choose IP Host -> Click Add
  • Name
  • In IP Version: Choose IPv4
  • In Type: Choose IP List
  • In List of IP Address: Enter the IP Addresses of 2 web servers

-> Click Save


Create DNAT rule

  • Rules and policies -> Choose NAT rules -> Click Add NAT rule -> New NAT rule
  • Enter name for DNAT rule
  • In Rule position: Choose Top
  • In Original source: Choose Any
  • In Original destination: Choose WAN port
  • In Original service: Choose HTTPS
  • In Translated source (SNAT): Choose Original
  • In Translated destination (DNAT): Choose webservers which was created before
  • In Translated service (PAT): Choose Original
  • In Inbound interface: Choose WAN port
  • In Outbound interface: Choose Any
  • In Load Balancing method: Choose 1 on 5
    • Round-robin: Requests are served sequentially, starting with the server next to the previously assigned server. Use it when you want to distribute traffic equally and don’t require session persistence.
    • First alive: Incoming requests are served to the primary server (the first IP address of the range). If the primary server fails, requests are forwarded to the next server and so on. Use it for failover.
    • Random: Requests are served randomly to the servers with equal load distribution. Use this when you want equal distribution and don’t require session persistence or order of distribution.
    • Sticky IP: Traffic from a specific source is forwarded to the mapped server. Use this when you want the requests to be processed by the same server.
    • One-to-one: Requests are sent to the mapped IP addresses. The IP addresses of the original and translated destinations must be equal in number.
  • In Health check to check server

Sophos Xg V18

-> Click Save