Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 101 replies
  • Subscribers 52 subscribers
  • Views 26652 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v18.5 MR1: Feedback and experiences

LuCar Toni

V18.5 MR2: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr2-is-now-available

https://community.sophos.com/sophos-xg-firewall/f/discussions/131468/sophos-firewall-v18-5-mr2-feedback-and-experiences

Release V18.5 MR1 Post (326): https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr1-is-now-available 

https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=18.5

EAP(318) Blog Post: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v185-mr1-eap

"Old" MR3 Thread: https://community.sophos.com/xg-firewall/f/discussions/123403/xg-firewall-v18-mr-3-feedback-and-experiences

"Old" MR4 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/124771/xg-firewall-v18-mr-4-feedback-and-experiences

"Old" MR5 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/127053/xg-firewall-v18-mr-5-feedback-and-experiences



MR2
[bearbeitet von: LuCar Toni um 7:43 AM (GMT -8) am 30 Nov 2021]
Parents Reply
  • 0 in reply to ChaseHansen

    Their answer has v18.5 or v19, If AES-NI isn't present until v18.5 GA, then we will have to wait for v19.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

Children
  • 0 in reply to Prism

    ,

    Is there any news on NC-59127 for v19?, the original thread I've made about It back then got locked because of old age.

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • 0 in reply to Prism

    The support of Intel based chips within Sophos SFOS is still on the backlog. We are still looking into this and the impact of implementing this. But i am assuming V19.0 is not the target release for this yet. More answers if ready to publish by Product management. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Wow. That’s disappointing to say the least.

  • 0 in reply to ChaseHansen

    It is not that easy to integrate a Hardware support for AES-NI. And currently the same team is working on improvements for XGS hardware and the integration of more technology to the Sophos own chip. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Guess my use case is somewhat unique yet I’m sure also common. I have a home license but using Sophos hardware. To use the home license I have to install the software version and because of that I miss out on AES-NI. 

  • 0 in reply to LuCar Toni

    Hi,

    why do some Sophos firewalls (using intel CPUs) have AES-NI and others don't, it really should be a switch in the compiler, the integration has been tested over many releases?

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to LuCar Toni

    Is there any reason at all on why the Devs prefer to only patch for vulnerabilities instead of update the underlying open source software such as SSLVPN (OpenVPN), or WAF (Apache)?

    The Firewall could have AES-GCM and TLS 1.3 support for SSLVPN if OpenVPN has been updated.

    Or even HTTP/2 and TLS 1.3 support for WAF.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • 0 in reply to Prism

    There is a difference. You cannot simply update a openVPN tool and "hope" it will works. And you need openssl to update first. Which is a much more difficult. OpenSSL is a module used in all modules. As you can see, there are multiple dependencies. This is the reason, openssl 1.0.2 still exists in a LTS. Vendors have difficulties to open such a module. But Sophos is commited to tackle this for the future. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thanks a lot for the answer!

    Hopefully some of those packages get updated in the future.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • 0 in reply to LuCar Toni

    Will there be a v19 EAP in the future?

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

Unfiltered HTML