XG Firewall v18 MR-3: Feedback and experiences

Just for the visibility: This topic is discussed here: https://community.sophos.com/xg-firewall/f/discussions/123441/traffic-inspection-bug-relay_invalid_traffic

We have been using TLS/SSL for 200 + users and working.... need exception on  some site which are non compliant.

Hi,

please post a copy of your SSL/TLS setup so we can see where we are making mistakes.

Thank you

Ian

Still seeing traffic drops in MR-3.

We have two sites that definitely have/had this issue. One has been OK for a week since its MR-3 upgrade but as it seems to have been a bit intermittent, I'm reserving judgement. The other we have only just been made aware of and is already running MR-3. Apparently they have has the issue since the unit was installed a few weeks ago but have only just mentioned it.

We setup trace route monitoring and within an hour saw the XG drop traffic for over two minutes before it recovered.

Several other people reported this issue with MR-1 in the MR-3 thread. How has your experience been with MR-3? I was really hoping that the cause of this would be fixed. Looks like I will have to suffer Sophos support to get it looked at.

Hello Twister5800,

yesterday I restored one day old backup and what surprise! All alerts miraculously disappeared and only the alert storage master key remained!

Hello Sophos, could you please comment on this behavior?

Regards

alda

Anything regarding how to "kill" theese old messages on the dashboard?

Hello, Im running v18 MR-3 over 5 days and Im having a seirous problem.

Currently we have a Ipsec tunnel established and working.

I have created a SDWAN rule to direct my traffic to internet using my WAN interface

and I have configured the route precedence to  

Routing Precedence:
1. VPN routes
2. Static routes
3. SD-WAN policy routes

The traffic From HO to Bo over ipsec interface it works correctly, but in random momments some hosts from BO Lan when try access hosts to HO Lan has the access interruped.

With a little troubleshooting I could check that in this momment the Hosts from BO try access the hosts to HO over WAN interface, even the ipsec tunnel is UP and other hosts from the same subnet BO LAN is working over IPSEC tunnel.

It seems that route precedence sotp to works and redicrect the traffic over SDWAN rule. 

Does someone has any experience like this!?

Regards

Carlos

I did a trial of Sandstorm back in v16.5.  I've had a "Sandstorm module(s) expired" Alert ever since, for years now.  I raised a support ticket on this back then and after a bit of back and forth, they decided it simply couldn't be done to remove it.  

So don't hold your breath.

I had a problem with a customer using wireless protection, when upgrading XG v17.5 mr14-1 to v18 mr3 (XG 210, AP's compatible with v18). A wifi network is working normal (Enabled), another wifi network is shown unplugged. I created a new wifi network, but the devices did not surf the internet. After a restart in the AP's, coincidence or not, it apparently returned to work. There was also an increase in CPU consumption. We are still analyzing the case.

Could you show us the link, please?

Let's vote on this request!