Sophos Firewall: v19.5 MR1: Feedback and experiences

thank you for this information which may help other people.

It's unfortunate that the French Sophos telephone support did not tell me.
I would have saved a lot of time...

Hi Sebastien HENRY  can you share the case ID that was created with Bhavik.  We can check if  the logs are collected while creating the case , If so we may be able find more info on what happened for  19.5.1 .-Shrikant

hello, it's done.

Moved from 19.0 MR1 to 19.5 MR1 and have extreme problems with OSPF.

We had OSPF enabled before the update and used it without problems but now after it seems crashing every 3-10 minutes.

This behaviour occurs on 50% of our XGS116 appliances, on the other 50% it works fine.

Will it be possible for you to provide support access ID for both types of appliances where it's working and crashing frequently?

I will DM you for the same.

Thanks for providing support access to the setup.

We are able to narrow down the problem and tracking it under NC-115369 for further RCA and fix.

There was remote network scan for /16 network getting performed over VPN, which was creating huge incomplete neighbour lookup entries. As a side effect it was causing routing demon restart.

After stopping that scan OSPF has been stable now.

I am running two XG125 in an active/passive-HA and got some issues with/after the upgrade:

- the failover during the upgrade-process happened way to early. The new primary took another minute or two to complete initialization and the admin interface to be available.

- Startup takes forever. about 7-10 Minutes for each node.

- For some reason TuneIn Radio doesn't work as long as the Firewalls are in a HA-Configuration. Everything is fine in Standalone.

Regards

Fabian

I experienced the slow surfing that lferrara wrote about as well. Most of the time is spent on content delivery, but it seems highly dependend on concurrency. e.g if only a single web page with a moderate number of external resources is loaded, delivery times are in the low milliseconds, but as soon as i try to load multiple pages at once everything slows to a crawl.

Post update I saw an issue with link load balancing wherein the switching between the links is too aggressive and even the established sessions are switched between the links resulting in loss of session for example Anydesk connection becomes unstable due to frequent disconnections. Once you disable SD-WAN policy it seems to work fine so I am assuming its the change in link.

All our client devices are showing 19.5.0 or 19.5.1 available for install on the device, but we can't schedule the update from Central. Central is only showing 19.0.2 available. I've logged a ticket with support but they want me to keep a 3-4 hour window clear for them to call, which seems a bit silly for them to need to call me when it's all client tenants showing the same thing.

Is this a known limitation for 19.5.x that it isn't available for install/scheduling from Central?