Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 101 replies
  • Subscribers 53 subscribers
  • Views 30393 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v18.5 MR1: Feedback and experiences

LuCar Toni

V18.5 MR2: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr2-is-now-available

https://community.sophos.com/sophos-xg-firewall/f/discussions/131468/sophos-firewall-v18-5-mr2-feedback-and-experiences

Release V18.5 MR1 Post (326): https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr1-is-now-available 

https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=18.5

EAP(318) Blog Post: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v185-mr1-eap

"Old" MR3 Thread: https://community.sophos.com/xg-firewall/f/discussions/123403/xg-firewall-v18-mr-3-feedback-and-experiences

"Old" MR4 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/124771/xg-firewall-v18-mr-4-feedback-and-experiences

"Old" MR5 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/127053/xg-firewall-v18-mr-5-feedback-and-experiences



MR2
[bearbeitet von: LuCar Toni um 7:43 AM (GMT -8) am 30 Nov 2021]
Parents Reply Children
  • 0 in reply to ChaseHansen

    It is not that easy to integrate a Hardware support for AES-NI. And currently the same team is working on improvements for XGS hardware and the integration of more technology to the Sophos own chip. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Guess my use case is somewhat unique yet I’m sure also common. I have a home license but using Sophos hardware. To use the home license I have to install the software version and because of that I miss out on AES-NI. 

  • 0 in reply to LuCar Toni

    Hi,

    why do some Sophos firewalls (using intel CPUs) have AES-NI and others don't, it really should be a switch in the compiler, the integration has been tested over many releases?

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to LuCar Toni

    Is there any reason at all on why the Devs prefer to only patch for vulnerabilities instead of update the underlying open source software such as SSLVPN (OpenVPN), or WAF (Apache)?

    The Firewall could have AES-GCM and TLS 1.3 support for SSLVPN if OpenVPN has been updated.

    Or even HTTP/2 and TLS 1.3 support for WAF.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to Prism

    There is a difference. You cannot simply update a openVPN tool and "hope" it will works. And you need openssl to update first. Which is a much more difficult. OpenSSL is a module used in all modules. As you can see, there are multiple dependencies. This is the reason, openssl 1.0.2 still exists in a LTS. Vendors have difficulties to open such a module. But Sophos is commited to tackle this for the future. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thanks a lot for the answer!

    Hopefully some of those packages get updated in the future.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to LuCar Toni

    Will there be a v19 EAP in the future?

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to Prism

    Yes - ETA is to be announced. You will see the EAP as usual in the community, once it is ready. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Will it still be announced this year or 2022?

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to Prism

    I cannot comment on that, as i am not a product manager. 

    __________________________________________________________________________________________________________________

Unfiltered HTML