Release Notes: https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_190_rn.html
"Old" V18.5 MR4 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/134965/sophos-firewall-v18-5-mr4-feedback-and-experiences
V19.0 GA Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/134009/sophos-firewall-v19-0-ga-feedback-and-experiences
Fall into the same "trap".
After the recent change of SSLVPN in V19.0, you need to specify the subnet range correctly.
I have a problem with firewall rules. Since I upgraded from 19.0 GA to 19.0 MR1, my WIFI rule is not working anymore, nothing is let through. No ping, no TCP connection from LAN zone to WIFI zone:
As you can see, 0 bytes sent/received. When I switch back to 19.0 GA it all works again and counters go up. I have no explanation why this is happening, any idea where to look for in the logs?
Edit: Same seems to be the case for Rule #11 SMTP.
Same problem observed. After the upgrade to v19.0.1 MR-1 traffic is not hitting the firewall rule and is being logged and dropped by rule ID=0.
Could you send me the AccessID as well?
I've sent it over PM
Coming back to this one: MarekDalke & EdmundSackbauer
This seems to be an already under investigation issue with the wlnet (separate Zone) based traffic.
Bug ID: NC-94019
Currently under investigation.
One workaround in a broader Scale would be using Central Wireless + VLAN Tagging, if applicable.
Just wanted to share this workaround / alternative deployment method. (That is the reason, i did not pick up this issue, as i do not use any separate zone anymore and moved everything to VLAN).
Central Wireless is free to use.
We are also facing issue of with wireless separate guest network . I have deleted guest zone and recreated it ,then added to acces point group again then only it works......
Temporary workaround provided by Support Engineer which I believe I can share here.
You need to modify the timer value in /sys/class/net/<affected_interface_name>/bridge/ageing_time from 0 to 30000. In my case: # echo 30000 > /sys/class/net/wlnet3/bridge/ageing_time
After above modification traffic started to hit the firewall rule as before the upgrade to v19.0.1 MR-1.