Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 145 replies
  • Answers 11 answers
  • Subscribers 94 subscribers
  • Views 61944 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v20.0 GA: Feedback and experiences

LuCar Toni

Release Post:  Sophos Firewall v20 is Now Available  

The EAP Post:  Sophos Firewall: v20.0 EAP1: Feedback and experiences  

The old V19.5 MR3 Post:  Sophos Firewall: v19.5 MR3: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 



This thread was automatically locked due to age.
  • 0 in reply to alan weir

    Can you explain - what your concerns are here? 
    So if you are setting up the firewall, in a "pre registrations state" the firewall allows everything to the internet. That is to allow an administrator to setup the firewall and still have access to tools like a password safe etc. But this state should not be the usual case of a firewall. 

    And there should be no difference between V20 and V19.5. It has the same behavior pre registration. 

    The Default TLS inspection rule is setup to "No do anything" for the domains, you add to the list and are added by Sophos to the list. If you do not create a own list, it will not do anything. 

    About TLS Inspection: There are two different modules working here: 1. Inspection by decryption & 2. blocking of ciphers / methods you dont want to have. They can work independently. So you can block for example RC4 but not decrypt the traffic. 

    And if you find a website not working with blocking of insecure cipher, you can build an exclusion. But that is nothing, SFOS "related". 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Interesting, but strange answer.

    A post from another forum I visit advises that ASUS router/firewall and PFSense also have the same startup issue with open internet access for a few seconds.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to ShrikantSophos

    No response after chasing this up, am I to just accept that I no longer have any reporting functions?

  • 0 in reply to CraigLloyd

     Hi  

    Upon investigating the issue with your device, we discovered that the /var partition is currently 84% utilized. According to the established logic, report summarization is halted when the /var partition reaches 80% & more. To address this, we propose conducting a cleanup of old data. If you agree, we can schedule a live session to perform the cleanup activity. By removing old data and reducing the /var usage below 80%, you should then be able to view the reports and graphs. Please confirm your availability for a live session.

  • 0 in reply to Ratikant Samantray

    Yes, I'm available for a live session, what do I need to do?

  • 0 in reply to Ratikant Samantray

    I can't reply to your PM but the time you suggested it ok for me

  • 0 in reply to CraigLloyd

    Hi  , I have shared the meeting invite in PM

  • 0

    In the release notes it was mentioned, that Heartbeat false positives have been reduced: "Synchronized Security has also been enhanced with added scalability and reduced false missing heartbeats for devices that are in a sleep or hibernate state."

    After upgrading to SFOS 20 we still see the same amount of false positives concerning "missing hearbeat" alerts as with v19.x before.

    Can anyone confirm that in v20 anything has changed here to the better and what one can do to improve the situation? Our workaround currently is to avoid S0 (modern standby) as much as possible, but this is not a very convenient solution and is not applicable to every device (MacOS for example).

    Thanks for any comments.

    Hans

  • 0 in reply to Sophos User5928

    Hi Hans,

    Thanks for your post.

    To avoid false missing heartbeat alerts due to modern standby, changes are needed on both SFOS and Endpoint.
    SFOS 20.0 has these changes. Similarly Windows Endpoint also made the necessary changes and are available to customers with latest version, which is being rolled out.
    MacOS Endpoint changes are in pipeline and will be available in future.

    Hope this answers your query.

    Thanks,
    Vamsee

  • 0 in reply to Vamsee Krishna Koramutla

    Hi Vamsee,

    thanks a lot for your prompt reply!

    Can you specify which Endpoint version it needs to get the changes that you mention?

    All our Windows clients currently run

    Core Agent 2023.1.3.6
    Sophos Intercept X 2023.1.1.7

    Is there anything newer out yet?

    Best,

    Hans

Unfiltered HTML