Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR1: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR1 is Now Available 

The old V20.0 GA Post:  Sophos Firewall: v20.0 GA: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Adding
[bearbeitet von: LuCar Toni um 10:50 AM (GMT -7) am 16 May 2024]
Parents
  • One of the Sophos pattern updates is causing CPU load, incoming data continually since the updates were installed about 0600 my time.

    I have checked my connections and none ares showing any significant traffic,

    Ian

    I have identified the cause, XG is continually scanning a mail message, 1000s of time.

    I have stopped the Apple mail client on my MBP which appears to be requesting mail updates though the message has been delivered though not with completion handshake.

    No mail is actually being passed through and many messages are being rescanned by the XG many times.

    I will have to roll back shortly because no mail is being delivered to any user. Please advise.

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • One of the Sophos pattern updates is causing CPU load, incoming data continually since the updates were installed about 0600 my time.

    I have checked my connections and none ares showing any significant traffic,

    Ian

    I have identified the cause, XG is continually scanning a mail message, 1000s of time.

    I have stopped the Apple mail client on my MBP which appears to be requesting mail updates though the message has been delivered though not with completion handshake.

    No mail is actually being passed through and many messages are being rescanned by the XG many times.

    I will have to roll back shortly because no mail is being delivered to any user. Please advise.

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • No feedback, so going to rollback to v20 GA.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Rolled back to v20 GA, mail is now working.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thank you   for reporting this and for your assistance.

    We have identified the root cause of the issue and will release a hotfix for it ASAP.

    I'll update this thread when the hotfix is released and you can move to 20.0 MR1 again.

  • The hotfix is released, the IMAP proxy should work again on 20.0 MR1.

    Please let us know when you can confirm this.

  • Hii Janos,

    I have rolled forward to v20.0.1 MR-1 and mail download is working. CPU is running higher than normal, but usually takes a couple of hours to settle down after an upgrade.

    I can't find any sign of the hot fix being applied eg no record in either logviewer - admin or system.

    Regarding that other mail issue II highlighted in the DM, I will send the support team a new access ID later today. There no sign of SASI scanning the emails still.

    Thank you for the prompt fix.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian, 

    Glad to hear your issue is resolved. Thank you so much for flagging this issue to us, and helping us fix it. 

    If you look in /log/u2d.log, you should see entries like this: 

    2024-05-17 15:17:28Z dr_dload_checker: Starting download for file sfsysupdate_NC-135882_2.tar.gz.sig
    2024-05-17 15:18:28Z dr_dload_checker: Download completed for file sfsysupdate_NC-135882_2.tar.gz.sig
    2024-05-17 15:18:28Z dr_dload_checker: Download for file sfsysupdate_NC-135882_2.tar.gz.sig passed integrity and sig checks
    Fri May 17 08:18:28 2024 [Hotfix]: Affected version '20.0.1.342' found
    Fri May 17 08:18:28 2024 [Hotfix]: Stopping services
    Fri May 17 08:18:28 2024 [Hotfix]: Backing up original files
    Fri May 17 08:18:28 2024 [Hotfix]: Copying files
    Fri May 17 08:18:28 2024 [Hotfix]: Restarting services
    Fri May 17 08:18:28 2024 [Hotfix]: Start service: warren

    This shows the hotfix 'sfsysupdate_NC-135882_2.tar.gz.sig' being downloaded & installed. 

    Note: You can now download the debug logs from Admin UI under Diagnostics -> Tools -> Troubleshooting logs, without having to go into the advanced console. This is a new feature in MR1.  

  • Hi bobbylam,

    I found the file and reviewed the data. The NC is in the file.

    A minor point would be good if the file data was written in local time.

    Regards

    Ian

    An update from the SASI file from when I restored to v20.0.1 MR-1

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.



    Added extract fro SASI log showing SASI files update failures since I rolled forward to v20.0.1 MR-1
    [edited by: rfcat_vk at 5:26 AM (GMT -7) on 18 May 2024]