Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v21.0 GA: Feedback and experiences

Release Post:  Sophos Firewall v21 is Now Available 

Release Notes: docs.sophos.com/.../sf_210_rn.html

Early Access EAP Thread:  Sophos Firewall: v21.0 EAP1: Feedback and experiences (EAP Thread) 

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue.   

Only XGS Hardware is supported - Not XG/SG Hardware. Sophos Home is excluded, as it uses Software, which is supported. 

Firmware update from the CM will be available after the firmware is available to all. Please refer to the standard update process.

Firmware update on Sophos firewall requires a valid support subscription (of any type - paid or trial) after the first 3 free firmware updates.

Parents Reply
  •  ,

    In v21, we have resolved the issue with lexicographical ordering of interfaces. Previously, for interfaces like Port1, Port2...Port10, Port10 would incorrectly appear next to Port1, resulting in an order like Port1, Port10, Port2, and so on. This has now been fixed.

    Additionally, based on feedback from various users, we’ve adjusted the interface ordering to be alphabetical, with numeric values considered only when they appear at the end of the interface name. For example, PLANInter1, PLANInter2, and PWAN3 will now appear in both alphabetical and numerical order. If a number appears within the name, only the letters before the number are considered for ordering. For example, in "P2 LAN Inter," only the letter 'P' is considered for sorting, and the rest is ignored.

     Considering both numbers and letters that appear anywhere in the name would make the sorting more complex, and the lexicographical issue would persist. This was a design choice we had to make.

    In the future, we aim to further improve this and provide users with the option to customize how interfaces are ordered.

Children
  • Sorry  but that argument makes absolutely no sense in my optinion.


    An interface named "WAN2 xyz" should always be sorted after an interface "WAN1 abc", regardless of the characters that are coming after that number.
    How many of all deployed appliances have more than 10 ports so that the "1, 10, 2" is a real world problem? In my opinion THAT old "sorting problem" was maybe reasonable for 1-10% of all firewall users while 90-99% are now suffering from the new unlogical sort order.

    Just make the interface list adjustable (drag & drop or a configurable "rank" ID number for each interface) and just don't show unconfigured interfaces (like the UTM handled that) at all. That would be an improvement, but not the change that was made in V21...


    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

  • "Just make" is always something, which is not that easy in software development. 

    As stated above, there are improvements considered for the future. By now, we changed the ordering now based on the Name and not the Interface numbering. 

    __________________________________________________________________________________________________________________

  • I know, but unlogical changes are easy to implement.
    Example:

    What is the logic here? (Port#s are 4,2,6 top-down)

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

  • I would consider to name Interfaces with Numbers as well - But that is me. 
    As stated above, we consider right now only Numbers, if attached to the first number. 

    On my installation(s) - I always map WAN with numbers, to quick reference, i have WAN1 Cable and WAN2 LTE - But that is me. 

    Giving it a number would also sort it as you like. 

    The question is: How many people have Interfaces without any number - So WAN X etc.

    We will see, after getting the first customers towards the SFOSv21.0 GA, how the adaption is and how feedback is received. 

    __________________________________________________________________________________________________________________

  • Yes, but ONLY if I name them WAN1, WAN2, WAN3.
    As soon as something naming comes after the number the sort order is not comprehensible for me...

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

  •    like "WAN1 Cable" and "WAN2 LTE" would be useful. But unfortunately that's what's not working.
    See my initial screenshot or @kerbora's above.
    So new sorting should be some kind of alphabetical but does not support blanks, numbers between characters and more...

    It only sorts correct without any numbers, blanks, etc. or only with a single number at the very end of interface name, without anything following to the number.

    So "WANCable1" and "WANLTE2" would sort correctly - but impacting readability and i cannot include Port Number as well.

  • We will look into this in more detail, if we missed certain use cases. 

    __________________________________________________________________________________________________________________

  • Hi  ,  ,

    Thank you for your valuable feedback on interface sorting!

    We're improving the interface ordering in the upcoming release.

    Based on the examples you provided, the updated logic would now sort interfaces in the following order:

    ["Lag1", "P1 LAN Intern", "P3 WAN DHCP", "Port1", "Port2", "Port11_1234", "port13A1abc23", "WAN1 Cable", "WAN2 LTE"]

    Please let us know if this meets your expectations or if there’s anything else you’d like us to consider.

  • Great to hear that! Examples are looking good. I'd add following examples for tagged interfaces: "P1.10 VLAN Guest", "P1.20 VLAN Phone". So additional dot in some cases. Will that be handled "correctly" as well? So order like ["P1 LAN Intern", "P1.10 VLAN Guest", "P1.20 VLAN Phone", "P3 WAN LTE"]

  • In this case order will be - 

    • ["P1.10 VLAN Guest", "P1.20 VLAN Phone", "P1 LAN Intern", "P3 WAN LTE"]