Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 101 replies
  • Subscribers 53 subscribers
  • Views 30566 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v18.5 MR1: Feedback and experiences

LuCar Toni

V18.5 MR2: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr2-is-now-available

https://community.sophos.com/sophos-xg-firewall/f/discussions/131468/sophos-firewall-v18-5-mr2-feedback-and-experiences

Release V18.5 MR1 Post (326): https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr1-is-now-available 

https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=18.5

EAP(318) Blog Post: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v185-mr1-eap

"Old" MR3 Thread: https://community.sophos.com/xg-firewall/f/discussions/123403/xg-firewall-v18-mr-3-feedback-and-experiences

"Old" MR4 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/124771/xg-firewall-v18-mr-4-feedback-and-experiences

"Old" MR5 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/127053/xg-firewall-v18-mr-5-feedback-and-experiences



MR2
[bearbeitet von: LuCar Toni um 7:43 AM (GMT -8) am 30 Nov 2021]
  • 0 in reply to LuCar Toni

    Hi Lucar,

    I've managed to replicate this with a brand new virtual machine. If possible, keep us updated if you have any new information about this.

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to Prism

    This will be addressed with NC-76446 in the actual MR1 release (GA). There will likely be another build published with this fix included. This will be addressed in the release notes. 

    __________________________________________________________________________________________________________________

  • 0

    IPS/DOS is still broken. Something during v18.0.4 b broke IPS/DOS and has not been required in later releases.

    I have tried multiple ideas on settings and the only setting that works is disabling IPS/DOS. One security camera will load without triggering IPS/DOS but when I try to load all 4, only one loads and the others either timeout or disconnect.

    I have tried with the web proxy, DPI and neither no change to the ability to connect when IPS/DOS is enabled. The logviewer shows nothing in the IPS view but lots of either DOS on port 53 or broadcasts.

    ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Try a DOS exception for such devices, if you do not want to increase the numbers of the particular device. 

    support.sophos.com/.../KB-000035751

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thank you.

    I would expect the DOS bypass process to be a temporary fix until the DOS process is fixed.

    i tried that in v18.0.5 586 and came to the conclusion that the bypass process does not work. You end up with a log of hundreds of valid connections to external DNS devices. The connections never actually complete to the security cameras.

    I tried individual rules and network rules with the same result, no stable connections if the connection established. Also there are a large number of failed DHCP requests.

    I do not see the same number of entries when I disable the DOS settings.

    Also the DOS bypass process is a bit ancient, eg no dropdown lists to select networks or devices or even protocols (service).

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Prism

    ,

    Is there any news on NC-59127 for v19?, the original thread I've made about It back then got locked because of old age.

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • 0

    Is there any plans for HTTP/2 support in the future while doing TLS Decryption over the DPI Engine?

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • 0

    Thanks,

    upgrade was fine on my LANCOM UF-200 Firewall, i upgraded from 18.0.5 to 18.5 MR1.
    No Problems so far, i need to test if IPv6 will work now with Deutsche Glasfaser.

    They have a bad IPv6 implementation. They don´t have RA implemented correctly. RA´s are send randomly...

    I need to see if the 32GB SSD and 4GB will be enough ... 

  • 0 in reply to Prism

    The support of Intel based chips within Sophos SFOS is still on the backlog. We are still looking into this and the impact of implementing this. But i am assuming V19.0 is not the target release for this yet. More answers if ready to publish by Product management. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Wow. That’s disappointing to say the least.

Unfiltered HTML