Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 99 replies
  • Answers 2 answers
  • Subscribers 76 subscribers
  • Views 37708 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v19.0 GA: Feedback and experiences

LuCar Toni

https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-os-v19-is-now-available

Release Notes: docs.sophos.com/.../index.html

"Old" V18.5 MR3 Thread: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr3-is-now-available

The V19.0 EAP Community: https://community.sophos.com/sophos-xg-firewall/sfos-v19-early-access-program/

About the Upgrade Issues: 

See Known Issue List in Release Note

s: 



This thread was automatically locked due to age.
Parents
  • 0

    Had to roll back to 18.x mr3....The SSL VPN for remote appeared to be working; however some users were getting socket timeout errors when attempting to connect through the IPsec tunnel to a server on the other side. After rolling back those users were able to connect just fine. Had tried the new all in one client as well. This is what it was doing:

    SSLVPN IN ---> Out Ipsec Tunnel to Remote Server ---> Program reports Socket Time out

    on 18.x mr3

     SSLVPN IN ---> Out Ipsec Tunnel to Remote Server ---> Connection succeeds

    Has anyone else seen this issue?

    And as stated it does not affect every user and the users that are affected are running the same version of the sophos ssl vpn client as the other users. Like I said I did try Sophos Connect and it did not work. I wish they had not combined them as well; we deploy multiple user config files to the SSLvpn directory; if these are imported to Connect they all look identical and must be manually renamed. I guess lucky for us we can probably eventually just start using the generic openssl client instead of the one from sophos.

  • 0 in reply to Cameron Savage1

    We had the same problem and found out that only some users are affected - users that have a configuration file generated with 17.x. Check in the VPN configuration if the affected users have the line "comp-lzo yes" and change it to "comp-lzo no". After this change SSL VPN works again. Thanks for the hours of work as this "change" has to be done on all client computers as administrator. It was 6 hours of work for 3 of my staff. Luckily only 15-20% of our clients were affected....

  • 0 in reply to Bjoern Mueller

    Are you using Sophos Connect? Because this could be done with Sophos Connect by the user itself by updating the policy. 

    __________________________________________________________________________________________________________________

  • 0 in reply to Bjoern Mueller

    Thanks for the tip; I did check a couple of the affected users and they do have the comp-lzo yes. I will be checking every user that I know was working when I was on V19.x and verifying that they do not have that set to yes or that it is missing in its entirety. After making the change and deploying all new configs to my users this week...I will try to go back to V19.x this weekened and hopefully this is the solution. I will report back here if it is.

  • 0 in reply to LuCar Toni

    Bjoern Mueller's suggestion fixed this issue for me. Thanks Bjoern! @ LuCar, the new client is not great for us because we deploy multiple configurations to one laptop and as it is completely user based for the new client it is not ideal for us. 

  • 0 in reply to Cameron Savage1

    same reason we don't use the new client as you can not define profiles which are assigned to a user...

Reply Children
No Data
Unfiltered HTML