Sophos Firewall OS v19 includes several new innovations. In this blog series leading up to the general release of v19 in April, we will explore some of these great new features in more detail.
Xstream SD-WAN is a collection of powerful new capabilities in SFOS v19, that along with features in Sophos Central and our existing hardware line, deliver the best SD-WAN solution available in a Firewall today.
SD-WAN Profiles and Performance based Link Selection
SFOS v19 introduces a new SD-WAN link management solution for easily setting up WAN routing strategies. SD-WAN profiles define a routing strategy across multiple WAN link gateways (with support for up to 8 WAN links) enabling seamless and efficient rerouting of application connections based on WAN Link performance with zero impact.
SD-WAN profile routing strategies can be based on first available or performance-based link criteria. Performance monitoring criteria includes jitter, latency and packet loss and can utilize multiple probe targets for PING and TCP probes. SD-WAN profiles automatically select the best link based on performance or according to your custom SLA policies that define specific values for maximum acceptable jitter, latency, or packet loss before re-routing over a better performing link.
Zero Impact Transitions
Sophos Firewall ensures all SD-WAN link transitions have zero impact on active connections and sessions, making ISP disruptions transparent to end-users.
Other firewalls wait for the client applications to initiate a new connection whenever the ISP gateway quality deteriorates or there is a disruption. This can seriously affect voice or video calls, team sharing applications, and continuity of SaaS application or web sessions. The symptoms might include dropped calls, noticeable lag, or freezing of the app or screen while it attempts to reconnect.
Sophos Firewall with the new zero impact failover capabilities in v19 ensures active connections remain intact. Sophos Firewall re-routes subsequent packets of the current connection to the appropriate gateway link, ensuring there is zero disruption to application traffic. Under the hood, whenever quality deteriorates or gateway availability changes, Sophos firewall triggers WAN link re-routing based on your profile without waiting for the client application to initiate a new connection. Every time re-routing is triggered, the SD-WAN routes are traversed, and the better gateway is chosen for the following packets of the same connection, thereby maintaining the integrity of the traffic flow. In effect, Sophos Firewall solves a long-standing issue with WAN link routing providing the best resiliency and transparency for your application traffic.
SD-WAN Performance Monitoring Graphs
A new SD-WAN performance monitoring tool is now available under the diagnostics section of the product. You can monitor SD-WAN link performance in real-time with separate graphs for latency, jitter, and packet loss. Timeline selections for real-time, the last 24 or 48 hours, or over the last week or month are provided. These tools are extremely helpful when it comes to fine-tuning your custom SD-WAN routing strategies for your particular network.
