Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v20.0 GA: Feedback and experiences

Release Post:  Sophos Firewall v20 is Now Available  

The EAP Post:  Sophos Firewall: v20.0 EAP1: Feedback and experiences  

The old V19.5 MR3 Post:  Sophos Firewall: v19.5 MR3: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 



This thread was automatically locked due to age.
Parents
  • Hello,

    And still no lets encrypt support.  Dont tell me to use some extra software, sorry. This should be done by the FW.

  • What I've done quite some time ago is to DNAT the ports you need (and yes, this is also possible with webadmin, userportal and vpn-portal) to a Docker machine with a Traefik reverse proxy which in turns forwards the traffic back to the firewall (or any other webservice inside the DMZ).

    Instead of using Administration - Device Access to manage who can reacht those services you can also limit the source in the DNAT rules to prevent unauthorized users from getting to the webadmin interface.

    I'm also having a hard time believing Sophos will ever again implement Lets Encrypt as they have done before in UTM.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • As i stated above: Why not looking into a Factory approach? If you have docker running, getting a Factory Docker Runner is made within 5 minutes. Then you build your pipeline (copy/paste) and can have wildcard certificates. 

    See:  [HowTo] Lets Encrypt Renewal Process with Factory  

    __________________________________________________________________________________________________________________

Reply Children
No Data