Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v21.0 GA: Feedback and experiences

Release Post:  Sophos Firewall v21 is Now Available 

Release Notes: docs.sophos.com/.../sf_210_rn.html

Early Access EAP Thread:  Sophos Firewall: v21.0 EAP1: Feedback and experiences (EAP Thread) 

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue.   

Only XGS Hardware is supported - Not XG/SG Hardware. Sophos Home is excluded, as it uses Software, which is supported. 

Firmware update from the CM will be available after the firmware is available to all. Please refer to the standard update process.

Firmware update on Sophos firewall requires a valid support subscription (of any type - paid or trial) after the first 3 free firmware updates.

  • [deleted]

    Expert-Zone.Net IT Consulting
    Neuenhofer Weg 23 • D-52074 Aachen

  • Installed on my VM XG and performed a restore from there XG115W backup. The password was not recognised even though I have used the backups to perform restores on the XG115W. Reset the XG115W password and the restore on the VM XG went smoothly. 

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hello,

    Thanks f or reaching out. 

    We wanted to confirm if this happened on your Sophos Firewall after upgrading to v21 GA? or are you unable to access Sophos Community from China even though you are not behind a Sophos Firewall? if it is, you may want to open a new thread here instead:  Community Chat  As this thread is designated for concerns encountered and feedback for SFOS v21. 

    If we miss any context of your post please feel free to add and elaborate details. Thank you

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • I have Updated my KVM and SW Firewalls so far and all fine
    No issues - progress runs smoothly

    KVM v21GA
    SW v21GA with SD-RED 20

    Expert-Zone.Net IT Consulting
    Neuenhofer Weg 23 • D-52074 Aachen

  • Great Update - upgrade from EAP went through smoothly. Good to see Interface-Naming was updated in GA to get rid of „#PortX“ only in dropdown-menues.

    Two things i noticed within WAF-Rules: there‘s this new popup/tooltip when selecting certificate:

    • it‘s not translated (at least in german)
    • the first hint regarding certificate naming is useless at this point as you do not define or change it‘s name here
      (this should be located in the certificate menu instead WAF and include more details on which special chars are allowed and which are not)

  • Hello  ,

    Point well taken. We shall approach the team and we will review and let you know if this is feasible or not.

    Mayur Makvana
    Technical Account Manager | Global Customer Experience

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

  • The EAP worked well and the GM update installed smoothly. The new, dynamic Control Center is really coming into its own. Have been trying third-party block feeds, though they haven't hit anything that Sophos doesn't already hit. (Which is ultimately a good thing.) I even noticed that the Messages no longer shows those info notifications (being under Sophos Central, VPN controls have moved) that we could never eliminate.

    Now that the XGS effort is behind you, it feels like you're making solid progress with each release, and working off the backlog of requests like Let's Encrypt.

    (My only disappointment is that the way port 8090 access works evidently means we can't use Let's Encrypt for web-block interactions on our Guest networks. Which would be super-useful for, well, guests who won't have our CA certificate installed on their machines. Hopefully this can be straightened out at some point in the future. I've submitted it as a suggestion from the firewall.)

  • I added the FireHOL L3 threat (IP address) threat feed and am finally getting blocks. (URLHaus URLs don't seem to give blocks beyond Sophos built-in. Which is fine: I think the Sophos list does a great job.) Two things I notice about third-party threat feeds:

    1. Their block seems to happen up front, before the Appliance Access blocking? I'm noticing hits from outside IPs there, not to outside IPs. My theory is that these used to show up as Appliance Access and were dropped -- those are fairly common -- but now some of them correspond to FireHOL IP's and so are classified there first. Not a problem, though I had to turn of email notifications because that happens so often.

    2. With a lowly XGS87, there's no room for on-device logging so I depend on Sophos Central and third-party hits are classified in SC as access to remote beacons. I think they should be identified more like "FireHOL_L3 IP address" or "URLHaus URL address" or something not so disturbing.

  • Thank you  for the feedback about third party threat feed feature.

    Would it be possible to share log viewer snippets of the traffic which is being blocked?

    Could you please confirm whether destination IP (in blocked traffic) is one of the appliance IPs or different?

    Reg. Sophos Central wrong classification, could you please share screenshot?

    If you can share appliance access details via PM, it would help us to look from our end as well.

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

  • The new alphabetical (but not alpha-numerical?) interface-name-order does not feel very natural?
    I'd expect "P1 XXX" before "P3 XXX"? - like Excel would sort a table ;)