Sophos Switch FW 01.2.1091 (MR2) - Maintenance Release - Release Notes & News - Sophos Switch

29 Aug 2022

Overview

In this release, we’re enhancing the features in Sophos Central and adding several new features to Sophos Switch.

The key addition in this release is link aggregation in Sophos Central. This feature allows customers to configure link aggregation groups (LAG) from Sophos Central. We’ve also added several new features to the Switch local UI.

Link Aggregation Group (LAG) from Sophos Central

This feature allows you to combine multiple Ethernet/SFP links into a single logical link between two network devices for greater throughput and high availability. Admins will be able to configure LAG groups from Sophos Central at the site level and switch level, along with other port settings in Sophos Central.

An admin has the option to combine two or more ethernet or SFP/SFP+ ports in a LAG port configuration and also configure different port speeds for the LAG ports. These LAG ports can be used to create VLAN configurations at the site or switch level.

Switch Local User Interface features

1. Global UI search

Global search in the switch local UI allows an admin to enter keywords in the search field and will then list all matching entries containing that keyword. Clicking on one of the search results will take you directly to the configuration page, making navigation faster and simpler.

2. MAC address filter

MAC-Address Filtering (MAF) allows you to block traffic from a specific VLAN-MAC combination. Only the unicast MAC address can be configured in a MAF entry. Multicast and broadcast addresses are not supported in this function.

3. IP source guard filter

The host IP address can restrict access permission via source validation for security issues. IP source guard is a per-interface traffic filter that permits all IP packets, except for DHCP, only when the IP address and MAC address of each packet match one of two sources of IP and MAC address bindings (DHCP snooping table and static IP source entries that you configure).

4. Cisco-compatible discovery protocol

Cisco Discovery Protocol is a layer 2 protocol developed by Cisco Systems to show device information between Cisco machines. After enabling CDP, devices can view information of connected Cisco/CDP-supported devices, send CDP packets for neighbors to recognize the Sophos switch, and further improve the convenience of management on devices manufactured by different companies.

5. Priority-Tag Packet Ingress filter

The VLAN 0 priority tagging feature enables 802.1Q Ethernet frames to be transmitted with the VLAN ID set to zero. These frames are called priority-tagged frames. Setting the VLAN ID tag to zero allows the VLAN ID tag to be ignored and the Ethernet frame to be processed according to the priority configured in the 802.1P bits of the 802.1Q Ethernet frame header. The priority-tag ingress filtering function would ignore packets with the priority-tag to defend against attack packets using VLAN 0.

5. PoE Port Reset

PoE Port Reset is used to manually reset the PoE power supply of a specific port. After PoE power is turned off (CLI CMD: power reset), power will resume after the specified ‘power reset interval’ has passed. This feature can be used from the CLI mode by setting custom power reset intervals for each port and connected PoE devices will be powered on after specific intervals.

This feature is useful if a PoE device becomes non-functional or unresponsive and allows the admin to do a power reset of their PoE device.

Known Issues

Issue Key	Summary
NSW-2255	CENTRAL UI: Some copper port speed configurations do not match local UI for CS210-24FP/48FP models
NSW-1219	CENTRAL UI: Switch alert count on the summary page is limited to max. 100, even when the actual alert count is more.
NSW-1301	CENTRAL UI: Diagnostics: Switch Web UI redirect links are not navigating to the specific local web UI page
NSW-1351	CENTRAL UI: Locally configured VLANs will not be synced to Sophos Central
NSW-1569	LOCAL UI: Not allowed to add dashes/underscores in VLAN name
NSW-1182	LOCAL UI: The uplink tick is not displayed when the gateway’s MAC address expires from the ARP cache
NSW-1181	POE: Port MGMT: CLOUD UI uplink port identification is not updated in some cases
NSW-1832	CLI: Password rules not documented/explained
NSW-2238	CENTRAL UI: No error/failure is marked for some invalid command executions using CLI from Sophos Central or vice versa
NSW-2331	CENTRAL UI: Port conflict detection doesn’t work when SFP ports are part of the LAG configuration

Jarno Hynynen over 2 years ago in reply to Saif khan

Yes, this overwriting issue is horrible! When will it be fixed?

And why do you thing all the switches at the same Site use same VLAN-config and use same ports? Haven't you thought ther might be 8-port to 48-port switches for example.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel
Saif khan over 2 years ago

1. Does this enable ssh from central to Sw?

2. Switch config overwrite issue:

Local switch config was over written by central switch config without warning ️ . This needs to be addresses.

3. Switch vlan info should be visible in firewall.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel
RohitKumar over 2 years ago in reply to BrucekConvergent

It's available for upgrade FW 01.2.1091 (MR2)
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel
BrucekConvergent over 2 years ago

When will this be released and what will be the firmware version?
- Cancel
- Vote Up +1 Vote Down
- More
- Cancel