Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR2: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR2 is Now Available    

The old V20.0 MR1 Post:  Sophos Firewall: v20.0 MR1: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Edited TAGs
[edited by: Erick Jan at 8:29 AM (GMT -7) on 23 Jul 2024]

Top Replies

Parents
  • Hi,

    when will Sophos fix two small but impactful bugs?

    1. if you use auto created firewall rules (I know better not to use) the logging is always off!

    2. the same with the dop all rule - NO logging

    Both would be easy to fix and would make troubleshooting much easier!

    BR Gerd

  • Essentially they are not considered as bugs. Auto created firewall are not using logging per default. 

    The default firewall rule is not existent. It is a visual placement, to indicate what happened if there is no matching firewall rule. If you want to have logging for default drop, you can create your own firewall rule at the bottom.

    As far as I remember, auto created firewall rules did not use logging on UTM either. It’s a design choice. As well as default drop. You could enable it, if you want, like you can create your own default drop firewall rule on SFOS. 

    Why do you consider those system designs as bugs ? 

    __________________________________________________________________________________________________________________

  • As a longtime Checkpoint customer I can say that no logging for dropped packets used to be the default for Checkpoint as well. However, over time, they changed that behavior to include dropped packets in the logs. Personally, I think it is a good thing because you may have something sitting on your network doing some crazy things that you would not easily pick up on. As a default I think having logs for drops makes sense for new installations. Let the admins turn off the noise if they don't like it. Just my opinion.

Reply
  • As a longtime Checkpoint customer I can say that no logging for dropped packets used to be the default for Checkpoint as well. However, over time, they changed that behavior to include dropped packets in the logs. Personally, I think it is a good thing because you may have something sitting on your network doing some crazy things that you would not easily pick up on. As a default I think having logs for drops makes sense for new installations. Let the admins turn off the noise if they don't like it. Just my opinion.

Children