Sophos Firewall: v19.0 GA: Feedback and experiences

What did you upgrade from?
ian

XG135 - SFOS 18.5.3 MR-3-Build408

Switching back to it gets me back on track.

Had to do a factory reset because somehow I locked myself out of webinterface and ssh cli rebootfw -f 2 didn't work.

we had running  V19 GA running 4 days on XG310. Some external websites (Citrix Netscaler)  are significantly slowed down and site2site SSLVPN connections were broken every 24 hour. Reverting back to 18.5.2 resolved these issues.

Lost LACP with Upgrade.

Switch (cisco switch) say "peer don't provide LACP protocol"

Rebooting the Cluster didn't solve the problem. Has to reconfigure the switch-ports without LACP.

is that also when setting link speed manually? 

There are currently investigations of LAG related Issues with the Link Speed. By setting those settings it seems to work fine. You should contact Support. Bug ID would be: NC-92783

Had to roll back to 18.x mr3....The SSL VPN for remote appeared to be working; however some users were getting socket timeout errors when attempting to connect through the IPsec tunnel to a server on the other side. After rolling back those users were able to connect just fine. Had tried the new all in one client as well. This is what it was doing:

SSLVPN IN ---> Out Ipsec Tunnel to Remote Server ---> Program reports Socket Time out

on 18.x mr3

 SSLVPN IN ---> Out Ipsec Tunnel to Remote Server ---> Connection succeeds

Has anyone else seen this issue?

And as stated it does not affect every user and the users that are affected are running the same version of the sophos ssl vpn client as the other users. Like I said I did try Sophos Connect and it did not work. I wish they had not combined them as well; we deploy multiple user config files to the SSLvpn directory; if these are imported to Connect they all look identical and must be manually renamed. I guess lucky for us we can probably eventually just start using the generic openssl client instead of the one from sophos.

We had the same problem and found out that only some users are affected - users that have a configuration file generated with 17.x. Check in the VPN configuration if the affected users have the line "comp-lzo yes" and change it to "comp-lzo no". After this change SSL VPN works again. Thanks for the hours of work as this "change" has to be done on all client computers as administrator. It was 6 hours of work for 3 of my staff. Luckily only 15-20% of our clients were affected....

Are you using Sophos Connect? Because this could be done with Sophos Connect by the user itself by updating the policy. 

I am using LACP with 2 x 10G SFP Modules with the same interface settings as in LHorzog's Screenshot.

Can you confirm there are no LACP problems with updating from 18.5MR3 to 19.0GA with my setup?

Is the LACP problem only related to Ports with auto-negotiation?