Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v19.5 MR1: Feedback and experiences

Release Post:   Sophos Firewall OS v19.5 MR1 is Now Available 

The old V19.5 GA Thread:  Sophos Firewall: v19.5 GA: Feedback and experiences 

Removed Prio.
[gesperrt von: LuCar Toni um 11:37 AM (GMT -7) am 9 May 2023]
  • Hi,

    We've got some rbvpn issues since the MR1 update. We've updated the headoffice firewall (XGS3300) to 19.5.1 and we see some problems with icmp/ping traffic from the headoffice to the branchoffice.

    We are using HP Device manager to manage Thin Clients in the remote office and the program can't find the ThinClients anymore since the update. On 19.5 there where no problems. HPDM doe show al local ThinClients.

    Firewall rules are basically Any-Any Allow in both directions. We see no problems from the branchoffice to headoffice, but that is only RDP traffic. 

    Also known clients in the branchoffice do not reply on pings from the headoffice.

    This does not go for all traffic, some devices are available for pings, mostly static devices such as printers.

    Bart van der Horst

    Sophos XG v18(.5) / v19 Certified Architect

  • Hi,

    We've got some rbvpn issues since the MR1 update. We've updated the headoffice firewall (XGS3300) to 19.5.1 and we see some problems with icmp/ping traffic from the headoffice to the branchoffice.

    We are using HP Device manager to manage Thin Clients in the remote office and the program can't find the ThinClients anymore since the update. On 19.5 there where no problems. HPDM doe show al local ThinClients.

    Firewall rules are basically Any-Any Allow in both directions. We see no problems from the branchoffice to headoffice, but that is only RDP traffic. 

    Also known clients in the branchoffice do not reply on pings from the headoffice.

    This does not go for all traffic, some devices are available for pings, mostly static devices such as printers.

    Bart van der Horst

    Sophos XG v18(.5) / v19 Certified Architect

  • We think we have solved the problem, customer has windows firewall enabled on major part of the clients and updated the images last week, they are all in private mode now and don't accept ping or any other things from the (trusted) network now. Disabled wfw on one Thin client made them accessible in HPDM.

    Sorry customer didn't inform us on this. And blamed it on the new update we performed.

    Don't know for sure this is the answer, but my money is on it.

    Kind regards,

    Bart van der Horst

    Bart van der Horst

    Sophos XG v18(.5) / v19 Certified Architect