Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR2: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR2 is Now Available    

The old V20.0 MR1 Post:  Sophos Firewall: v20.0 MR1: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Edited TAGs
[edited by: Erick Jan at 8:29 AM (GMT -7) on 23 Jul 2024]

Top Replies

Parents
  • We’ve identified a bug in XGS 20 MR2 where PPPOE connections randomly disconnect and fail to reconnect until the firewall is restarted. I’ve downgraded to 20 MR1, which has resolved the issue . I’m reporting this bug so that it can be addressed and fixed. while PPPOE is attempting to initiate a session, it’s not successful, and the ISP does not detect any session requests during this period. Restarting the firewall resolves the problem. I have opened a case with Sophos Support.

  • Sophos support has responded today after reviewing all the logs and confirmed that this is a known issue in MR2. However, it is unclear who was aware of this, as Sophos support itself did not know about it and it is not listed in the known issues.

    We are concerned about how this critical bug, affecting WAN connectivity—a vital component of any firewall—was able to bypass testing. We have encountered similar issues with both PPPoE and DHCP WAN connectivity in the past, and these problems seem to resurface intermittently.

    It appears that Sophos cannot guarantee that such critical aspects are thoroughly tested before a release. Additionally, the MR2 release notes do not indicate any changes related to PPPoE, leaving us uncertain about how this issue arose and why the release notes were incomplete.

    Please do not update to MR2 unless you are prepared for potential issues with your firewall disconnecting PPPoE and needing frequent restarts.

    Thanks

    Dev Singh

  • Let me give some insight about this issue right now. 
    The ID is a known issue, right now tracked by two customers (one of which is  ). 

    One potential approach to this problem could be to perform a RMA replacement for your Desktop appliance, as it seems to affect your system as well. 

    Sophos will prepare a fix for V21.0 (The EAP version already has a fix for this issue, to not come up again) and the next MR version, but still, as this is a rare situation to happen, it would be a good approach to switch the system by using an RMA. Just to be sure, it is not entirely related to a broken system. 

    __________________________________________________________________________________________________________________

  • So this issue is somehow related to bricked hardware -- as in the firmware update permanently breaks this function?  Not a problem for us thankfully as all our customers left PPPOE behind long ago (thankfully)... but does seem to be a big issue.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • Hello Dev,

    I will check the details in case and will keeps you updated. Let's wait for my update on this.

    Mayur Makvana
    Technical Account Manager | Global Customer Experience

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data