Overview

In this release, we’re enhancing the features in Sophos Central and adding several new features to Sophos Switch.

The key addition in this release is link aggregation in Sophos Central. This feature allows customers to configure link aggregation groups (LAG) from Sophos Central. We’ve also added several new features to the Switch local UI.

 

Link Aggregation Group (LAG) from Sophos Central

This feature allows you to combine multiple Ethernet/SFP links into a single logical link between two network devices for greater throughput and high availability. Admins will be able to configure LAG groups from Sophos Central at the site level and switch level, along with other port settings in Sophos Central.

An admin has the option to combine two or more ethernet or SFP/SFP+ ports in a LAG port configuration and also configure different port speeds for the LAG ports. These LAG ports can be used to create VLAN configurations at the site or switch level.

Switch Local User Interface features

1. Global UI search

Global search in the switch local UI allows an admin to enter keywords in the search field and will then list all matching entries containing that keyword. Clicking on one of the search results will take you directly to the configuration page, making navigation faster and simpler.

2. MAC address filter

MAC-Address Filtering (MAF) allows you to block traffic from a specific VLAN-MAC combination. Only the unicast MAC address can be configured in a MAF entry. Multicast and broadcast addresses are not supported in this function.

3. IP source guard filter

The host IP address can restrict access permission via source validation for security issues. IP source guard is a per-interface traffic filter that permits all IP packets, except for DHCP, only when the IP address and MAC address of each packet match one of two sources of IP and MAC address bindings (DHCP snooping table and static IP source entries that you configure).

4. Cisco-compatible discovery protocol

Cisco Discovery Protocol is a layer 2 protocol developed by Cisco Systems to show device information between Cisco machines. After enabling CDP, devices can view information of connected Cisco/CDP-supported devices, send CDP packets for neighbors to recognize the Sophos switch, and further improve the convenience of management on devices manufactured by different companies.

5. Priority-Tag Packet Ingress filter

The VLAN 0 priority tagging feature enables 802.1Q Ethernet frames to be transmitted with the VLAN ID set to zero. These frames are called priority-tagged frames. Setting the VLAN ID tag to zero allows the VLAN ID tag to be ignored and the Ethernet frame to be processed according to the priority configured in the 802.1P bits of the 802.1Q Ethernet frame header. The priority-tag ingress filtering function would ignore packets with the priority-tag to defend against attack packets using VLAN 0.

 5. PoE Port Reset

PoE Port Reset is used to manually reset the PoE power supply of a specific port. After PoE power is turned off (CLI CMD: power reset), power will resume after the specified ‘power reset interval’ has passed. This feature can be used from the CLI mode by setting custom power reset intervals for each port and connected PoE devices will be powered on after specific intervals.

This feature is useful if a PoE device becomes non-functional or unresponsive and allows the admin to do a power reset of their PoE device.

 

 

Known Issues

 

Issue Key

Summary

NSW-2255

CENTRAL UI: Some copper port speed configurations do not match local UI for CS210-24FP/48FP models

NSW-1219

CENTRAL UI: Switch alert count on the summary page is limited to max. 100, even when the actual alert count is more.

NSW-1301

CENTRAL UI: Diagnostics: Switch Web UI redirect links are not navigating to the specific local web UI page

NSW-1351

CENTRAL UI: Locally configured VLANs will not be synced to Sophos Central

NSW-1569

LOCAL UI: Not allowed to add dashes/underscores in VLAN name

NSW-1182

LOCAL UI: The uplink tick is not displayed when the gateway’s MAC address expires from the ARP cache

NSW-1181

POE: Port MGMT: CLOUD UI uplink port identification is not updated in some cases

NSW-1832

CLI: Password rules not documented/explained

NSW-2238

CENTRAL UI: No error/failure is marked for some invalid command executions using CLI from Sophos Central or vice versa

NSW-2331

CENTRAL UI: Port conflict detection doesn’t work when SFP ports are part of the LAG configuration

 

Anonymous