Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 18 replies
  • Answers 1 answer
  • Subscribers 49 subscribers
  • Views 12646 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v19.0 MR2: Feedback and experiences

LuCar Toni

Release Post:  Sophos Firewall OS v19.0 MR2 is Now Available 

Old v19.0 MR1 thread:  Sophos Firewall: v19.0 MR1: Feedback and experiences 

https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_190_rn.html

Keep in Mind: V19.5 GA cannot be "downgraded to V19.0 MR2". 



This thread was automatically locked due to age.
  • 0

    V19.5 MR1 was released!  Sophos Firewall OS v19.5 MR1 is Now Available 

     Sophos Firewall: v19.5 MR1: Feedback and experiences  

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Sorry, I meant 19.5 MR1.  Looking at the release notes it doesn't seem to mention the wifi issue I described above -- is this not an issue in 19.5 MR1?

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent

    No, this is not addressed in V19.5 MR1. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    So is a fix for this planned in the next MR release for v19 and 19.5?

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0

    Hi,

    since we upgraded from 19.0.1 MR1 to 19.0.2 MR2 in the firewall rules the object "##ALL_IPSEC_RW" is not hitted anymore.
    So we have to edit all firewall rules for our homeoffice users connecting via sophos connect client.

    I thought, using this objects is recommended instead of using network objects?

    Is this a general problem? Or i am the only one having this problem as everytime i have a problem?

  • 0 in reply to Nafets

    Update: It seems like the first leased IP-Address from connect client range is not included in ##ALL_IPSEC_RW ... ?! wtf.
    All other connected users have no problems. only the guy with the first ip...

    Configured range:

    User with IP 172.27.72.10 has problems.

    Policy Tester:

    Second IP of Lease:

    I have now done a quick and dirty workaround: I created a dummy vpn user and assigned a static ipsec remote address... so the first range ip is never leased...

    @ SOPHOS: Please check this scenario if this is a general problem in 19.0.2-MR2

    EDIT: Please also check ##ALL_SSLVPN_RW too...

  • 0

    Hi!

    The followings are really annoying:
    1., LAG interface creation, you need to assign an IP-address, You cannot create LAG interface without IP-address assignment. ( Use-case What if just want to use VLANs on the LAG device, why need to assign ip address in the first place ? ) WHY?
    2., Not possible to disable the IP-ALIAS on the interface: The only way is to remove/delete, but it casues "remove all" assoicated NAT rules. WHY ?
    3., DHCP Server: You define the IP-Pool, then save it. You want to add static leases within the IP-Pool. You cannot add, because you can only add "static lease" outside the IP-POOL. WHY?
    4., Interface changing the MTU/Speed causes to remove all the "ip addresses" from the interface and resets back to "empty". WHY ?

  • 0 in reply to MysteriousDT

    Most of those point will be addressed soon. 

    __________________________________________________________________________________________________________________

Unfiltered HTML