Sophos Firewall: v19.5 MR1: Feedback and experiences

There are plans to implement this in the future. No ETA right now. 

Hi Evandro,

Thank you for reaching out to Sophos Community.

Would it be possible to share the Case ID. Thank you

Hi Erick.
We decided to redo the high availability configuration.
The sync process took 8 hours to finish and it is working now.

Hi,

We've got some rbvpn issues since the MR1 update. We've updated the headoffice firewall (XGS3300) to 19.5.1 and we see some problems with icmp/ping traffic from the headoffice to the branchoffice.

We are using HP Device manager to manage Thin Clients in the remote office and the program can't find the ThinClients anymore since the update. On 19.5 there where no problems. HPDM doe show al local ThinClients.

Firewall rules are basically Any-Any Allow in both directions. We see no problems from the branchoffice to headoffice, but that is only RDP traffic. 

Also known clients in the branchoffice do not reply on pings from the headoffice.

This does not go for all traffic, some devices are available for pings, mostly static devices such as printers.

We think we have solved the problem, customer has windows firewall enabled on major part of the clients and updated the images last week, they are all in private mode now and don't accept ping or any other things from the (trusted) network now. Disabled wfw on one Thin client made them accessible in HPDM.

Sorry customer didn't inform us on this. And blamed it on the new update we performed.

Don't know for sure this is the answer, but my money is on it.

Kind regards,

Bart van der Horst

Unfortunately, there is still no way to display a specific time period in logs, sometimes you have to scroll for minutes. 

Hello,

very bad experience for me.
I upgraded from 19.0.1 to 19.5.1
After the update, user authentication works poorly, and they have to restart their PC.
I lost all "ClientLess User" access
Even when recreating by hand, the firewall does not allow flows to pass.

I had to revert to 19.0.1, then update to 19.0.2.
And there, everything works perfectly.

I can only advise against version 19.5.1 :(

Hello Sebastien HENRY ,
Have you notice any specific error during clientless user recreation?
If possible, then please PM me appliance access detail so I can debug further.

Thanks

Hello Bhavik24,

Sorry, but everything was erased due to firmware rollback.
I had opened a case with SOPHOS, but it was closed following my switch to 19.0.2

FYI, when I booted to firmware 19.5.1, absolutely no clientless users appeared in the list of active users (under current activities -> live users).

After returning to 19.0.1, everything appears again.
After migration to 19.0.2, everything also appears correctly.

There can be (unrelated to the firmware version) issues with the services, providing the clientless users.

Most likely, if this is the case, it is a one time issue: 

Restarting the Authentication daemon fixes this and it should not come up again.