Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR1: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR1 is Now Available 

The old V20.0 GA Post:  Sophos Firewall: v20.0 GA: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Prio Change
[bearbeitet von: LuCar Toni um 4:40 PM (GMT -7) am 23 Sep 2024]
Parents
  • WAF / Login template issue:
    Custom/customized WAF login template is lost/inaccessible.
    WAF reports a non-existent path.
    The firewall GUI shows the template.
    Within firewall-GUI, i see the template.
    Recreating the template with the same files and switching to this new template resolves the issue.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hello Dirk,

    Did this by any chance happen in an HA setup? We have recently fixed an issue where only the WAF configuration was synced between the nodes, but not the template files. This sounds like the same problem.

  • Yes, this is an HA setup.
    But WAF at both Nodes worked with 20.0.0 before upgraded.
    So both nodes should have the template-files. ...except, sync delete the (old) files
    ...or the files are ignored/forgotten when migrating the configuration to 20 MR1


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • Yes, this is an HA setup.
    But WAF at both Nodes worked with 20.0.0 before upgraded.
    So both nodes should have the template-files. ...except, sync delete the (old) files
    ...or the files are ignored/forgotten when migrating the configuration to 20 MR1


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
  • My current theory is that one of your devices was actually affected by the WAF sync bug, and had an empty template directory. And after the MR1 upgrade, when the sync started working again, it synced this empty directory to the other device.

    I know the issue is now solved for you, but would you mind opening a support ticket and/or providing access to these devices? Maybe we could still find something in the logs that could help prevent this in the future.

    Thanks,

    Attila

  • Hi Attila,

    I can try to open a support ticket, but currently I use my home-license (i own an architect licence too, but would not destroy my unlimited home licence with the 2-year architect licence)

    I will send you support access and some additional information via PM


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.