This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

18.5 EOL Upgrade Advice

We have an XG135 currently running SFOS 18.5.4 MR-4-Build418 but have learned that this is due to be EOL by the end of June (it would be nice if we could be alerted about this rather than having to manually check

We have been hesitant to move to v19x as v18.5 has been stable and I have heard about critical IPsec issues in certain versions of v19x where it was not possible to connect after the upgrade and downloading a new SCX file would be corrupt or empty.

I also heard about this user that had wifi issues after a similar upgrade path (v18.5 to v19 MR2) to what we are considering:  RE: Sophos Firewall: v19.0 MR2: Feedback and experiences (we don't use Sophos wifi access points but do have a VLAN configured for Cisco access points)

We use VPN heavily so I would particularly like to avoid the IPsec issue - I'm hoping it has been resolved in v19 MR2. I also believe that we can roll back to v18.5 from v19 (but not v19.5)? This is not something that I have any experience of and would rather not have to use it but it would be reasuring to have the option of rolling back.

Has anyone else been through the same upgrade path, particularly using the XG135 or similar? Anything else that we should be aware of?

This thread was automatically locked due to age.
Parents Reply Children
  • Hi Erick,

    Thank you for your response. I already have a ticket open with Sophos but they just refered me to the list of known issues which is helpful to some extent (although it can be quite difficult to interpret and filter by a specific version). It is still useful if I can get some real-world experience here.

    One issue that I saw that affects v19 MR2 is NC-113646 (Traffic fails with v4inv6 tunnel when compression is enabled on all XGS platforms) but I assume this does not affect the XG models.

    Do you have more information about NC-95633? This could be the IPsec issue that I was thinking of.



  • Hello Alan,

    NC-95633 is fixed on 19.0 MR2 GA and above.

    NC-113646 for the workaround for now is to disable compression. This will only affect you if you use v4inv6 tunnels.


    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Thank you for confirming the NC-95633 fix. Regarding NC-113646, I don't believe we are using v4inv6 tunnels but how would we confirm this? I had a quick look in the IPsec settings.