Xg V18



  1. Xg V18 Features
  2. Xg V18 Mr2

XG hardware can run any v18 firmware except Cyberoam hardware, XG85 and XG105 they can NOT run v18 firmware due to a minimum memory requirement of 4 GB of RAM, therefore they will stay on v17.x until end of life (EOL). Every Maintenance Release (MR) for XG Firewall v18 has brought compelling new features as well as a variety of performance, stability, and security enhancements – and MR5 is no exception. Apr 06 2021 By Chris McCormack What’s New in v18 MR5. More on XG Firewall v18 Check out our recent blog and video series on how to make the most of the many great new capabilities in XG Firewall v18 such as the Xstream Architecture, TLS Inspection, FastPath acceleration, Zero-day threat protection, NAT, and much more. We also have a new Sophos Techvids site for XG Firewall v18. Sophos exam version 18Sophos XG firewall exam v 18.

In The State of Ransomware 2020 report, over half the participating companies surveyed across 26 countries reported that they had been hit by ransomware in the past 12 months. This result demonstrates the critical need for predictive zero-day threat identification and protection as advanced threats like ransomware become more targeted and evasive.

In this fourth in our series of articles on making the most of the great new features in XG Firewall v18, we’re going to specifically focus on the new capabilities in XG Firewall v18 designed to protect against the latest zero-day threats such as new ransomware variants.

Xstream Threat Protection

In previous articles, we covered the Xstream architecture and the new DPI engine, the new TLS inspection solution, and the Network Flow FastPath. These all play a critical role in identifying and stopping the latest zero-day threats. This article highlights the new cloud-based Threat Intelligence and Sandstorm sandboxing technologies which are part of the Sandstorm Protection subscription.

How it works:

Xg v18 mr1

XG Firewall v18 includes new machine learning (ML) based threat intelligence and a newly enhanced version of Sandstorm sandboxing, which work together to identify the latest zero-day threats. Both are powered by SophosLabs Intelix, which uses machine learning technology, decades of threat research, and petabytes of intelligence to provide unmatched protection against new and previously unseen threats.

When XG Firewall’s Xstream DPI engine performs AV analysis on a file entering the network and determines there is active code, it holds the file temporarily and sends it to the SophosLabs Intelix service in the cloud for both static and dynamic (sandbox) analysis. It then provides a detailed overview of the results and only releases the file to the downloader or email recipient if the file is declared safe.

This last step is important, as many advanced malware solutions on firewalls release a file to the end-user before the analysis is complete, potentially resulting in an extensive and expensive cleanup if the file is then ultimately convicted as a threat once all analysis is finished.

Let’s take a look at what happens to a file that is scanned in a bit more detail:

Threat intelligence analysis:

Threat intelligence uses multiple machine learning models to analyze the characteristics, features, genetics, and global reputation of the file. It compares the new file with millions of known good and bad files in the SophosLabs database to render a verdict in seconds without the need to execute it in real time. This makes it remarkably fast and effective at identifying new threats and new variants of existing threats, particularly with files which are not easily sandboxed, such as password-protected documents.

Sandstorm sandboxing analysis:

At the same time a file is submitted for threat intelligence analysis, it is also submitted for dynamic behavioral analysis in our cloud sandbox environment. Because it’s cloud-based, there’s no additional software or hardware required, and no impact on firewall performance.

To identify threats based on their behavior, SophosLabs has integrated the latest protection technologies from our industry-leading Intercept X next-gen endpoint product into the Sophos Sandstorm sandbox. This includes deep learning analysis, exploit detection, and CryptoGuard to detect active ransomware encrypting files in real time. The sandbox also monitors all file, memory, registry, and network activity as well as sandbox evasion techniques. No other firewall can offer this kind of run-time analysis with the world’s best threat protection, Intercept X. And no other firewall offers the level of insight and reporting that XG Firewall provides – including a time-lapse series of screen shots showing events during the file execution.

Sandboxing is particularly effective at detecting threats that can lurk in normally benign files that may not have any obvious malicious characteristics. Office files with macros or benign executables and application updates that have been subverted by hackers are prime candidates for detection through sandboxing.

How to make the most of Xstream Threat Protection

There are three key things you need to enable this critically important protection:

  1. Ensure your XG Firewall license includes the Web Protection and Sandstorm Protection subscriptions. You need both of these subscriptions active to be protected from the latest threats. The new threat intelligence analysis in XG Firewall v18 is part of the Sandstorm license, adding tremendous value over the previous version at no extra cost. Log into your XG Firewall and go to the Administration menu to see a list of your active subscriptions. Be sure to contact your preferred Sophos Partner immediately if you don’t have both these protection subscriptions active.
  2. The new threat protection technology in XG Firewall can only inspect and analyze decrypted traffic, so ensure that you’re inspecting TLS-encrypted web traffic. With the vast majority of web traffic now encrypted, it’s critical that you decrypt and inspect files being downloaded onto your network to have them analyzed for potential threats. Check our recent article on the high-performance TLS inspection solution in XG Firewall v18 for full details on how to take advantage of this great new capability.
  3. In all firewall rules governing web traffic for your network, ensure you have the following two web filtering security options set to scan web traffic and use the latest zero-day protection technologies outlined here:

That’s it – it’s really that easy!

Check out this video for an in-depth guide on making the most of this new feature, a detailed look at the new and improved threat intelligence reporting, and how to interpret the results:

Testing it yourself

There’s a convenient and harmless test file you can find at SophosTest.com, which will provide a sample report for you to review.

Also, keep an eye on your Control Center widget for any recent file downloads that have been analyzed and then drill down for further details.

When you click the Control Center widget (highlighted above), you can drill down into a detailed list of files analyzed and their results. Mouse over the results column to display the threat meter, which provides a good high-level overview of the analysis results (as shown below).

Here’s a summary of the resources available to help you make the most of the new features in XG Firewall v18, including the new zero-day threat protection capabilities:

If you’re new to Sophos XG Firewall, learn more about the great benefits and features XG Firewall can deliver to your network.

Sophos Audio · Sophos XG Firewall Solution Brief

Overview

Xg V18 Features

The article introduces how to configure DNAT with Load Balancing for outside client can connect to Web Servers

Diagram

How to configure

Identifier for 2 Web server

Xg V18 Mr2

  • Navigate to Hosts and Services -> Choose IP Host -> Click Add
  • Name
  • In IP Version: Choose IPv4
  • In Type: Choose IP List
  • In List of IP Address: Enter the IP Addresses of 2 web servers

-> Click Save

Create DNAT rule

  • Rules and policies -> Choose NAT rules -> Click Add NAT rule -> New NAT rule
  • Enter name for DNAT rule
  • In Rule position: Choose Top
  • In Original source: Choose Any
  • In Original destination: Choose WAN port
  • In Original service: Choose HTTPS
  • In Translated source (SNAT): Choose Original
  • In Translated destination (DNAT): Choose webservers which was created before
  • In Translated service (PAT): Choose Original
  • In Inbound interface: Choose WAN port
  • In Outbound interface: Choose Any
  • In Load Balancing method: Choose 1 on 5
    • Round-robin: Requests are served sequentially, starting with the server next to the previously assigned server. Use it when you want to distribute traffic equally and don’t require session persistence.
    • First alive: Incoming requests are served to the primary server (the first IP address of the range). If the primary server fails, requests are forwarded to the next server and so on. Use it for failover.
    • Random: Requests are served randomly to the servers with equal load distribution. Use this when you want equal distribution and don’t require session persistence or order of distribution.
    • Sticky IP: Traffic from a specific source is forwarded to the mapped server. Use this when you want the requests to be processed by the same server.
    • One-to-one: Requests are sent to the mapped IP addresses. The IP addresses of the original and translated destinations must be equal in number.
  • In Health check to check server

-> Click Save