Sophos Firewall: v20.0 GA: Feedback and experiences

Question

Release Post: Sophos Firewall v20 is Now Available 
 The EAP Post: Sophos Firewall: v20.0 EAP1: Feedback and experiences 
 The old V19.5 MR3 Post: Sophos Firewall: v19.5 MR3: Feedback and experiences 
 To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 
 Release Notes: https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html

bobbylam · Accepted Answer

Hi Prateek, 
 We roll out a new Firewall firmware release in a staged manner. Due to the holidays we've paused the rollout, which is why you don't see it available on your Firewall yet. We will resume the rollout in January. This is not due to you connect your Firewall to Central. 
 In the meantime if you want to install v20 sooner, you can download the firmware update & apply it on the Firewall manually.

JanosRapcsak · Answer

Hi Paul 
 I've checked the SMTP logs on your firewall. 
 Apparently, the external SMTP server that is configured to handle notifications under "Administration > Notification settins" rejects emails larger than 2MB. 
 The size of the backup emails exceeded 2MB after the upgrade, hence they get rejected. 
 Please check the configuration of your external SMTP server and increase the size limit. 
 Thank you, 
 Janos

LuCar Toni · Answer

V20.0 MR1 is Released: Sophos Firewall: v20.0 MR1: Feedback and experiences

LuCar Toni · Answer

Thanks for your feedback. Lets Encrypt is on the roadmap for a future version. You can automate it with things like Sophos Factory or a script based approach, if you want. (Even better by doing it by the Script based, as you get a Wildcard Certificate, which is usable for multiple instances).

LuCar Toni · Answer

RED15 and RED50 still are there in V20.0GA. Future Releases will remove the support of EOL Hardware.

Jubin · Answer

Hi Prism , 
 Nope, SD-WAN probe support is currently targeted for v21 - we're currently in the planning phase. We will update once we have further details on timeline and release vehicle.

Alok · Answer

Yes, its same. As "Authentication services" is the group under which this configuration is provided. For better accommodation of services, its revised.

SPandya · Answer

Hi Ian Thanks for feedback 
 regarding 1/ , the fixes are on the way for next MR for v20 and tracked via internal tickets NC-123230, NC-123249

sanket.shah · Answer

Thanks for the clarification. 
 Reg. IPv6 lease table improvements, it's there in the roadmap. I will check with product management about its priority. 
 Reg. multiple IPv6 address management, I believe it might be due to transition in your setup from manual way of managing prefix network via DHCPv6 server to DHCPv6-PD. If it would have been a fresh deployment, I guess you would have got single IPv6 address in your LAN network via Router advertisement. For multiple IPv6 address management, cleaner approach is to use "user" based authentication to not worry about IP address at all to identify client machine(s). 
 If there is a need to have multiple IPv6 addresses to be managed (which I think you don't need as of now), DHCPv6 server with lease pool management will be required on delegated interface on top of prefix distribution via router advertisement. We will consider this requirement based on deployment feedback we get from the customer. 
 Thanks for your cooperation and support.

Giridhar Katti · Answer

AES-NI for IPsec is not supported.

Peter-Paul Gras · Answer

support.sophos.com/.../KB-000043162

Raphael Alganes · Answer

Hello Jarno Hynynen 
 The new v20 firmware will be gradually rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience. Kindly refer to this post. Sophos Firewall v20 is Now Available 
 However, you should be able to download the firmware directly from here: https://support.sophos.com/support/s/article/KB-000043162?language=en_US just click the appropriate choice - if you are on Hardware/Software or Virtual and in the new window you should see at the bottom of the list. If you decide to go this way, I'd recommend you to take a backup of your configuration first. 
 Have a nice day and thank you for choosing Sophos. 
 Cheers,

Stuart James · Answer

Aaron Leech1 why can&rsquo;t you do that now? Just add a system traffic nat.

GaryChancellor · Answer

So neither of my issues were v20. 
 1) my Admin->Device Access was correct on my upgraded unit, but not in my VPN remote unit. 
 2) After rebooting one more time after the upgrade, my WAN Link statuses were correct.

Core Agent		2023.1.3.6
Sophos Intercept X		2023.1.1.7

Sophos Firewall: v20.0 GA: Feedback and experiences

Top Replies