Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR2: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR2 is Now Available    

The old V20.0 MR1 Post:  Sophos Firewall: v20.0 MR1: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Edited TAGs
[edited by: Erick Jan at 8:29 AM (GMT -7) on 23 Jul 2024]

Top Replies

Parents Reply Children
  • As you so clever said:

    ”there is no 'right' default”

    Wink

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • Hello JasP,
    With all due respect!
    But we should keep a good tone here!

    Have you ever tried to edit a Sophos drop all rule?

    Then you would know that your contribution is not only superfluous, but unfortunately also completely wrong!

    Greetings Gerd

  • Have you ever tried to edit a Sophos drop all rule?

    Then you would know that your contribution is not only superfluous, but unfortunately also completely wrong!

    I worded it badly because, of course, you can't edit the default drop rule. You just add one above it with logging turned on. This should be something that anybody who wants to work on firewall rules should be able to work out.

  • I meant your sentence "Maybe you should do something else instead!"

    That's simply not appropriate in a forum like this!


    I'm responsible for >170 firewalls and am a Sophos architect, perhaps I should add that to my signature.
    And small design decisions like that often cost a lot of time.


    So back to the factual discussion, ok?

    This is called feedback and experiences - Not tell anyone how to do it better!!!!!

    And at the end of the day, you didn't actually give me any really important technical tips!

  • Based on the different personas, you can argue of both situations. 

    As mentioned earlier: The "default drop rule" is an cosmetic item to showcase what happen, if there is no firewall rule. If you need logging, you need your own firewall rule. 

    For Partners/power users of SFOS, it would be also useful to think about XML Import/Export and/or Backup/Restore scenarios, to reduce the amount of configuration needed per firewall.

    This thread is also to reflect the particular Release. Discussing something, which is documented in this thread is maybe not the best solution, as it will blow up this thread and people looking for MR2 feedback have to read more feedback about SFOS since V18.0. 

    __________________________________________________________________________________________________________________