Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Replies 7 replies
  • Subscribers 49 subscribers
  • Views 678 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: v21.0 GA: Feedback and experiences

LuCar Toni

Release Post:  Sophos Firewall v21 is Now Available 

Release Notes: docs.sophos.com/.../sf_210_rn.html

Early Access EAP Thread:  Sophos Firewall: v21.0 EAP1: Feedback and experiences (EAP Thread) 

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue.   

Only XGS Hardware is supported - Not XG/SG Hardware. Sophos Home is excluded, as it uses Software, which is supported. 

Firmware update from the CM will be available after the firmware is available to all. Please refer to the standard update process.

Firmware update on Sophos firewall requires a valid support subscription (of any type - paid or trial) after the first 3 free firmware updates.

Parents
  • 0

    I added the FireHOL L3 threat (IP address) threat feed and am finally getting blocks. (URLHaus URLs don't seem to give blocks beyond Sophos built-in. Which is fine: I think the Sophos list does a great job.) Two things I notice about third-party threat feeds:

    1. Their block seems to happen up front, before the Appliance Access blocking? I'm noticing hits from outside IPs there, not to outside IPs. My theory is that these used to show up as Appliance Access and were dropped -- those are fairly common -- but now some of them correspond to FireHOL IP's and so are classified there first. Not a problem, though I had to turn of email notifications because that happens so often.

    2. With a lowly XGS87, there's no room for on-device logging so I depend on Sophos Central and third-party hits are classified in SC as access to remote beacons. I think they should be identified more like "FireHOL_L3 IP address" or "URLHaus URL address" or something not so disturbing.

Reply
  • 0

    I added the FireHOL L3 threat (IP address) threat feed and am finally getting blocks. (URLHaus URLs don't seem to give blocks beyond Sophos built-in. Which is fine: I think the Sophos list does a great job.) Two things I notice about third-party threat feeds:

    1. Their block seems to happen up front, before the Appliance Access blocking? I'm noticing hits from outside IPs there, not to outside IPs. My theory is that these used to show up as Appliance Access and were dropped -- those are fairly common -- but now some of them correspond to FireHOL IP's and so are classified there first. Not a problem, though I had to turn of email notifications because that happens so often.

    2. With a lowly XGS87, there's no room for on-device logging so I depend on Sophos Central and third-party hits are classified in SC as access to remote beacons. I think they should be identified more like "FireHOL_L3 IP address" or "URLHaus URL address" or something not so disturbing.

Children
No Data
Unfiltered HTML