Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR1: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR1 is Now Available 

The old V20.0 GA Post:  Sophos Firewall: v20.0 GA: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Prio Change
[bearbeitet von: LuCar Toni um 4:40 PM (GMT -7) am 23 Sep 2024]
Parents
  • Hi folks,

    I run a dual stack system.

    I have been investigating issues with facebook messenger, for those that are not aware facebook has implemented a limited deployment of secure end to end chats for some users.

    With v20 GA there wasn't an issue with secure chats, with V20.0.1 MR-1 with and without the hot fix some of the secure chats failed to send.

    I spent some time investigating the issue and had to create a new firewall rule to allow facebook messenger secure chats to function.

    What I found was using the proxy in v20.0.1 MR-1 does not pickup the web exceptions eg ignores them.

    The new rule uses http, https, quic and port 5222 to the Facebook IPV6 /32 CDN. Even with this rule in place, enabling the proxy causes the chats to fail and fail to update the secure keys. Disable all proxy functions and the chats work.

    The issue is mainly with the messenger application, when using the web browser access chats work where the secure keys update, though the person receiving the chat on the application cannot respond.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi folks,

    I run a dual stack system.

    I have been investigating issues with facebook messenger, for those that are not aware facebook has implemented a limited deployment of secure end to end chats for some users.

    With v20 GA there wasn't an issue with secure chats, with V20.0.1 MR-1 with and without the hot fix some of the secure chats failed to send.

    I spent some time investigating the issue and had to create a new firewall rule to allow facebook messenger secure chats to function.

    What I found was using the proxy in v20.0.1 MR-1 does not pickup the web exceptions eg ignores them.

    The new rule uses http, https, quic and port 5222 to the Facebook IPV6 /32 CDN. Even with this rule in place, enabling the proxy causes the chats to fail and fail to update the secure keys. Disable all proxy functions and the chats work.

    The issue is mainly with the messenger application, when using the web browser access chats work where the secure keys update, though the person receiving the chat on the application cannot respond.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children