There is an issue present is SFOS since 18.5 MR4 and still in SFOS 19.0.1 MR-1-Build365.
We have a firewall rule that allows the required traffic from our AP and APX devices to Sophos Central.
The Rule has *.prod.hydra.sophos.com as Wildcard FQDN as allowed destination (beside other FQDN of no matter here).
Since the upgrade this wildcard FQDN does no longer work. The APs will become offline in Sophos Central after some time after the upgrade.
The reason is, that the firewall rule does no longer match. The traffic is not picked by that rule, it runs through the rule set until the final block rule.
Workaround: create new FQDN for wifi-cloudstation-eu-central-1.prod.hydra.sophos.com in that rule.
It's so sad to see that Sophos Hardware does not work without issues on Sophos Firewall and that wildcard Sophos domains don't work either on a firewall that should support it.
This issue has been seen on all of our XG and XGS clusters.
This thread was automatically locked due to age.
