Moving futher towards v18 GA, Sophos released th EAP 3 refresh 
New Features and Highlights in SF v18 EAP 3 Refresh-1
- Route Based VPN
- Simplifies VPN policy creation with larger/dynamic networks.
- Network topology changes don’t impact IPSec VPN ‘policy’
- Also interoperates with non-Sophos route based VPN tunnels
- Configure IPSec using “Tunnel Interface” connection type listening on WAN interface. And assign IP to auto-created XFRM Interface. And configure routing (Static, Dynamic, SD-WAN PBR), firewall and NAT rules as required
- IPSec and MPLS can now be active at the same time, use RBVPN in SD-WAN policy routing
- NAT Improvements addressing early feedback we received from community contributors
- Server access assistant (DNAT): Destination NAT assistant (or wizard) enables workflow to publish an internal server over internet in a few clicks
- Default SNAT rule at the bottom of the NAT rule table that MASQ traffic going out of WAN interfaces.
- There is an open issue in Refresh-1 that turns on the default rule post migration. For No-NAT environments, please manually disable this rule to maintain the behavior.
- NAT rule UX placement is now consistent with firewall UI
- Flow monitor UX fixes
- Stability fixes for handling large number of live connections
- Retain sorting on BW columns on refresh
- Negative Value in Upstream/downstream Bandwidth column
- Same Upload and download values when data is grouped by Source IP address/User
- Memory optimization and Performance improvements
Important Issues Resolved in SF v18 EAP 3 Refresh-1
- NC-53500 XGFW interferes with certain SSL website connections
- NC-53016 Email Blocked Senders cannot be updated
- NC-52641 IPS Service getting DEAD
- NC-53228 Continuous receiving ‘daemon.debug /bin/smcroute[6387]: Debu: 28 byte IGMP signaling dropped” in syslog.log
- NC-54038 Wrong notification message displayed after disabling firewall rule
- NC-52090 LogViewer: “Action is not Allowed” filtering not working in detailed view
- Flow monitor UX fixes
- Plus 150 issues and stability fixes are part of EAP 3 Refresh-1
Source: