Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR1: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR1 is Now Available 

The old V20.0 GA Post:  Sophos Firewall: v20.0 GA: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Prio Change
[bearbeitet von: LuCar Toni um 4:40 PM (GMT -7) am 23 Sep 2024]
Parents
  • Hi Luca,

    release notes of v20 MR1 shows "NC-129249 - Fixed vulnerabilities in libssh2 CVE-2023-48795".
    However, when I check the ssh connection to the firewall with "Terrapin_Scanner_Windows_i386" from Github it indicates that it is still vulnurable to Terrapin (=CVE-2023-48795).

    ChaCha20-Poly1305 support:   true
    CBC-EtM support:             false
    Strict key exchange support: false
    The scanned peer is VULNERABLE to Terrapin.

    Can you please check and confirm it the CVE is fixed in v20 MR1 or not?

    Thanks
    Andreas

Reply
  • Hi Luca,

    release notes of v20 MR1 shows "NC-129249 - Fixed vulnerabilities in libssh2 CVE-2023-48795".
    However, when I check the ssh connection to the firewall with "Terrapin_Scanner_Windows_i386" from Github it indicates that it is still vulnurable to Terrapin (=CVE-2023-48795).

    ChaCha20-Poly1305 support:   true
    CBC-EtM support:             false
    Strict key exchange support: false
    The scanned peer is VULNERABLE to Terrapin.

    Can you please check and confirm it the CVE is fixed in v20 MR1 or not?

    Thanks
    Andreas

Children