Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR2: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR2 is Now Available    

The old V20.0 MR1 Post:  Sophos Firewall: v20.0 MR1: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Edited TAGs
[edited by: Erick Jan at 8:29 AM (GMT -7) on 23 Jul 2024]

Top Replies

Parents
  • We are currently running V20 MR2 and continue to observe that the DHCP server is issuing renewals every 30 seconds to 1-2 minutes for several clients. This issue persists on our customers firewalls as well. The default lease time being set to 1440 minutes and the maximum lease time to 2880 minutes,

    There should be a fix for this, but we haven't seen any improvements yet. We are using a single WAN connection. What steps should we take to address this issue?

    DHCP enhancements

    • IPv6 DHCP prefix delegation: The firewall requests the preferred prefix from the ISP each time you update the interface configuration or when the firewall restarts.
    • DHCP lease time: DHCP clients will make renewal requests at 30 seconds if the lease interval's half-time is 30 seconds or less, ensuring continuous WAN connectivity.
Reply
  • We are currently running V20 MR2 and continue to observe that the DHCP server is issuing renewals every 30 seconds to 1-2 minutes for several clients. This issue persists on our customers firewalls as well. The default lease time being set to 1440 minutes and the maximum lease time to 2880 minutes,

    There should be a fix for this, but we haven't seen any improvements yet. We are using a single WAN connection. What steps should we take to address this issue?

    DHCP enhancements

    • IPv6 DHCP prefix delegation: The firewall requests the preferred prefix from the ISP each time you update the interface configuration or when the firewall restarts.
    • DHCP lease time: DHCP clients will make renewal requests at 30 seconds if the lease interval's half-time is 30 seconds or less, ensuring continuous WAN connectivity.
Children