Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v20.0 GA: Feedback and experiences

Release Post:  Sophos Firewall v20 is Now Available  

The EAP Post:  Sophos Firewall: v20.0 EAP1: Feedback and experiences  

The old V19.5 MR3 Post:  Sophos Firewall: v19.5 MR3: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 



This thread was automatically locked due to age.
  • Hello,

    And still no lets encrypt support.  Dont tell me to use some extra software, sorry. This should be done by the FW.

  • Thanks for your feedback. Lets Encrypt is on the roadmap for a future version. 
    You can automate it with things like Sophos Factory or a script based approach, if you want. (Even better by doing it by the Script based, as you get a Wildcard Certificate, which is usable for multiple instances). 

    __________________________________________________________________________________________________________________

  • How is the new VPN portal treated or named in the automatic provisioning file for Sophos Connect?
    Since now it was named "user_portal_port", which will now end on another port.

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

  • Essentially SFOS will offer the VPN Portal on the same port like the User Portal was pre V20.0. 
    Sophos Connect can and will interact with the VPN Portal like it did with User Portal. 
    So no changes there. 
    More Information here: https://support.sophos.com/support/s/article/KB-000045105?language=en_US&csrf=976t4qc7l1l2g9kjip09ro452c

    __________________________________________________________________________________________________________________

  • Just updated my SW and KVM firewall - so far all fine :-)
    As i still have a HQ firewall with RED 15w i don´t try to update it :-(

    Expert-Zone.Net IT Consulting
    Neuenhofer Weg 23 • D-52074 Aachen

  • Is there any hope that a RED 15 and RED 50 still works with 20 GA ?
    The risk to test this my own is to high! So i ask the Community and Sophos engineers.
    I still know the usage is on my own risk - but i need to win time !

    Expert-Zone.Net IT Consulting
    Neuenhofer Weg 23 • D-52074 Aachen

  • I saw some firewall rules warning as of no function - after 15min all alerts clear and still no issues
    So as usual - update and have a coffee or tea for some minutes (>15min) and all will be fine :-)

    Expert-Zone.Net IT Consulting
    Neuenhofer Weg 23 • D-52074 Aachen

  • Just updated my SW HA pair and no issues appeared yet, will test with a few more different models and see how it behaves 

    Sophos XG Engineer

    Sophos Silver Partner

  • RED15 and RED50 still are there in V20.0GA. Future Releases will remove the support of EOL Hardware. 

    __________________________________________________________________________________________________________________

  • Installed on the XG115W this morning.

    The good, the bad and the ugly

    1/. the inbuilt AP is still enabled - no ability to disable

    2/. no IPv6 FQDN support

    3/. IPv6 delegation works with DHCP and selectable options

    4/. the reconnect WAN at restart works without any action by the admin.

    5/. the GUI is even slower than before.

    6/. unable to assign a range to IPv6 DHCP server

    7/. unable to assign IPv6 addresses from IPv6 DHCP server created by delegated interface..

    8/. IPv6 lease table does not display active leases.

    9/. Unable to edit name of the delegated created DHCP IPv6 server

    So far so good.

    Ian

    Added extra info.

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.