Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR2: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR2 is Now Available    

The old V20.0 MR1 Post:  Sophos Firewall: v20.0 MR1: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Edited TAGs
[edited by: Erick Jan at 8:29 AM (GMT -7) on 23 Jul 2024]

Top Replies

Parents
  • We've encountered a strange behavior regarding IPsec SA's after upgrading Sophos XGS1xx oder XGS21xx HA-Cluster from SFOS 20.0.0 GA-Build222 to SFOS 20.0.2 MR-2-Build378. After the upgrade the branch office initiates the policy based IPsec tunnel to the hq, but not all SA's are established. Current workaround is to restart the strongswan daemon in the hq and branch office.  Might this somehow related to the resolved issue NC-123233 from SFOS 20.0.0 MR1 Build 374? Has anyone observed a similar behavior?

Reply
  • We've encountered a strange behavior regarding IPsec SA's after upgrading Sophos XGS1xx oder XGS21xx HA-Cluster from SFOS 20.0.0 GA-Build222 to SFOS 20.0.2 MR-2-Build378. After the upgrade the branch office initiates the policy based IPsec tunnel to the hq, but not all SA's are established. Current workaround is to restart the strongswan daemon in the hq and branch office.  Might this somehow related to the resolved issue NC-123233 from SFOS 20.0.0 MR1 Build 374? Has anyone observed a similar behavior?

Children