Release Notes: https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_190_rn.html
"Old" V18.5 MR4 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/134965/sophos-firewall-v18-5-mr4-feedback-and-experiences
V19.0 GA Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/134009/sophos-firewall-v19-0-ga-feedback-and-experiences
Fall into the same "trap".
After the recent change of SSLVPN in V19.0, you need to specify the subnet range correctly.
I have a problem with firewall rules. Since I upgraded from 19.0 GA to 19.0 MR1, my WIFI rule is not working anymore, nothing is let through. No ping, no TCP connection from LAN zone to WIFI zone:
As you can see, 0 bytes sent/received. When I switch back to 19.0 GA it all works again and counters go up. I have no explanation why this is happening, any idea where to look for in the logs?
Edit: Same seems to be the case for Rule #11 SMTP.
Same problem observed. After the upgrade to v19.0.1 MR-1 traffic is not hitting the firewall rule and is being logged and dropped by rule ID=0.
Could you send me the AccessID as well?
I've sent it over PM
Coming back to this one: MarekDalke & EdmundSackbauer
This seems to be an already under investigation issue with the wlnet (separate Zone) based traffic.
Bug ID: NC-94019
Currently under investigation.
One workaround in a broader Scale would be using Central Wireless + VLAN Tagging, if applicable.
Just wanted to share this workaround / alternative deployment method. (That is the reason, i did not pick up this issue, as i do not use any separate zone anymore and moved everything to VLAN).
Central Wireless is free to use.
I can confirm LuCarToni's workaround. I had the same problem after upgrading from 18.5.2 to 19.0.1.I put the access points (without Central Wireless) into several VLANs and so far I have no more problems. It is of course a little effort to provide the active components (switches) with the VLANs, but are with us and our customers all managed switches And I have also gained more flexibility, because I can now determine exactly in which directions the data traffic between the WLANs and the LANs should run.
This is pretty much what I did when I switched to Central Wireless. I substituted VLANs for the VXLANs that XG-based wireless used. I don't use the WiFi zone anymore, but instead it's three zones corresponding to three AP-based VLANs: LAN, Guest, and Work_IoT. (Actually, LAN is a bridge between an AP-based VLAN and a wired port for a server.)