Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v19.5 MR2: Feedback and experiences

Release Post:   Sophos Firewall OS v19.5 MR2 is Now Available  

The old V19.5 MR1 Post: Sophos Firewall: v19.5 MR1: Feedback and experiences 

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 



This thread was automatically locked due to age.
  • Really?!?

    I don't know about you, but it works for me.

    Regards, alda

    Wink

  • I guess you just created IP host objects with FQDN in its name, but IP addresses as content. That is not an FQDN object, as it does not resolve anything

  • Hello ddcool,

    yes, you're right, sorry, I forgot that I have hosts records defined like this as FQDN.


    Well, again, all the more reason that I started using another firewall solution a long time ago. Something like that obviously works there, sorry...

    Regard

    alda

  • From which version did you upgrade? And do you know (for sure) if the Avira AV Pattern were working before? 

    Sophos upgraded the Avira Version in V19.0 MR1. See: https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_190_rn.html 

    __________________________________________________________________________________________________________________

  • There are plans to implement a FQDN Support for ACLs - Generally speaking: Using Services like Central for Access from external instead could be a good approach to access the firewall. 

    There are even plans to build a SSO Access as a Partner directly to the SFOS Firewall of a customer (Partner Dashboard). 

    Other approach could be using VPN Tunnels (To ensure a access). 

    __________________________________________________________________________________________________________________

  • All of them are valid points, but there are scenarios and customer whishes, which would benefit from having this feature. In general I think every object type should be usable within all modules of the firewall if possible.

  • Yes - every kind of objects should be consistently avaliable through all of Sophos firewall. This is a must-have!

  • It works fine on both appliances I've upgraded so far. Current version is 1.0.421526. Last successful update on 06:10:54, May 10 2023. The uprade from 19.5.1 MR1 to19.5.2 MR2 went fine.

  • A bit more RAM usaged can be seen by now.

    Update was installed on small size XG106 as a test on Tuesday 6PM:

    pattern update fine so far

  • Overall, this release is not to tackle the way, how Customers/Partner work today. So if you are doing access to your firewall like that "today" it will not change anything.

    It is only to automatically increase the security of all customers, who do not use it at all. If you are not using WAN for 90 Days, likely you wont use it at all. So customers will get a setting removed, which highly reduce there attack surface at no cost. 

    Sophos is working on a way to improve the product in the future for partner access and customer access. And there are multiple approaches to this situation, like described above. 

    But those approaches are not covered in this Release, it is only to reduce the attack surface for all customers, who are currently not using it. 

    __________________________________________________________________________________________________________________