Sophos Firewall: v19.5 MR3: Feedback and experiences

Question

Release Post: Sophos Firewall OS v19.5 MR3 is Now Available 
 The old V19.5 MR2 Post: Sophos Firewall: v19.5 MR2: Feedback and experiences 
 To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 
 Release Notes: https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=19.5

Alok · Accepted Answer

It&rsquo;s not related to MR3 or upgrade, we have captured the logs for further investigation. 
 It looks like while SSLVPN service was coming up it got timed out and terminated by the parent service, but it returned error for termination request and hence it got stuck. Historically, we have seen a similar issue once earlier on another version by one of the customers. Appliance reboot has resolved the problem for now.

PMParth · Answer

19.5 MR3 updates SSD firmware ONLY for some SSD models within the XGS 2100, XGS 2300, XGS 3100, XGS 3300 and XGS 4300 firewalls to optimize performance and reliability. 
 Every component used in Sophos firewalls is carefully selected to operate at optimal capacity throughout the full lifecycle of the product. The solid-state drives (SSDs) we use are no exception to this, and are models intended for enterprise use where a high volume of read/write cycles is to be expected. 
 Please reach out to Sophos support if you are seeing any erroneous symptoms with your firewall device.

LuCar Toni · Answer

Introducing Sophos ZTNA on Sophos Firewall

Vishal_R · Answer

Hi Sergejs Guridi Thank you for your cooperation & patience with us while the Support team has worked on this case with you and investigated it. As per the latest update of the case, I can see the reported issue has been investigated with the Dev team with ID NC-124519 , and as of now workaround has been applied on your XG, and post that form-based authentication is working fine.

LuCar Toni · Answer

Caching Issue - Will be updated soon in all regions.

JVora · Answer

Thanks, Ian, for providing feedback & access id. 
 UI status for LocalWIFI0 reflects (unfortunately ) post-reboot, i.e. it changes to "-" from "Active" 
 We have observed that on your device, Wireless Protection was enabled before migration, 
 awed.log (Before Migration) 
 2023-08-02 09:20:04Z [MASTER] SIGTERM received, sending SIGTERM to siblings, exiting 
 awed.log (After Migration) 
 2023-08-02 09:24:46Z [MASTER] awed_ng starting 
 
 If you will change Wireless Protection turned OFF and will reboot the device then the LocalWiFi0 status will be displayed the same as the previous 19.5.MR2 release. Sorry for the trouble - we may need to discuss this internally to see how can we improve user experience here.

SPandya · Answer

We have found two legacy issues on your setup 
 1) UI AP status reflects after reboot in case of LocalWifi (being tracked via NC-123230) 
 2) External APX not coming online (when rebooted device after disabling wireless protection) - 
 To fix 2nd issue - you would need to Enable wireless protection and reboot device again - this issue is being tracked via NC-123249) 
 We believe mentioned workaround should fix APX120.

SPandya · Answer

Hi, 
 Your local (inbuilt) AP is offline right now - however it isn't reflect status to UI due to same issue (we're counting this to fix in same JIRA NC-123230.

SPandya · Answer

Hi Ian, 
 In SFOS local APs goes inactive on UI (i.e. SFOS shows "-" in status column) - only when 
 Entire "Wireless Protection" is turned OFF, this disables LocalWiFi0 (Inbuilt AP) as well as other AP/APX. 
 As mentioned it require device reboot to reflect on UI. 
 
 Hope this answers what you're facing.

SPandya · Answer

There's no firmware upgrade in 19.5 MR3 for your SSD (i.e. Phison...) - so you're anyway unaffected (even if you stay in 19.5 MR2 or you upgrade to 19.5 MR3)

Sophos Firewall: v19.5 MR3: Feedback and experiences

Top Replies