Sophos Firewall OS v19 was released just a few months ago in April, and has already been adopted by a huge number of partners and customers who have upgraded to take advantage of the many Xstream SD-WAN and VPN enhancements.
This latest update, v19 MR1, brings a number of additional enhancements and fixes to what is already one of our best firewall updates ever:
As covered in the recent community blog post, SFOS v19 MR1 introduces a support requirement for firmware upgrades which will come into effect for customers without a valid support subscription after they've used an initial free upgrade allocation.
Full Details and FAQs
The release of v19 MR1 follows our regular firmware release process so you can download it now from MySophos or wait until it appears in your console over the next few weeks.
Sophos Firewall OS v19 MR1 is a fully supported upgrade from v19 GA, all previous versions of v18.5 including the latest v18.5 MR4 and v18 MR3 and later. Please refer to the Upgrade information tab in the release notes for more details.
updated few minutes before... had issues with TLS inspection and cert validation when "untrusted issuer" and "invalid for other reason" activated in the ssl block profiles. Especially Let's Encrypt sites were blocked.
Restored to 19GA. No time to follow-up....
Just to confirm, are you saying after upgrading to v19.0 MR1, a website is blocked due to invalid certificate, but the same website works after you downgrade to v19.0 GA?
Can you share the website so we can investigate?
yes, exactly. E.g. letsencrypt.org; computerbase.de; heise.de; energy.ch...
All ISRG Root X1
We tried reproducing the issue, but unfortunately wasn't successful. We tried upgrading from v19.0 GA to MR1, and also fresh install MR1, and in both cases these sites worked as expected.
Like you said, these sites all use the ISRG X1 root CA, and we also confirmed this CA is included in SFOS.
Is it possible for you to try upgrading to MR1 again, and if you still encounter the issue, we can investigate on your device?
If your upgrade again to MR1 and the problems still exist try to reimport the ISRG Root X1 certificate on the XG.
Re-installed MR1 and re-uploaded the ISRG Root X1 certificate. Facing the same issue as before. Do you want to contact me via PM? Thanks