Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v21.0 GA: Feedback and experiences

Release Post:  Sophos Firewall v21 is Now Available 

Release Notes: docs.sophos.com/.../sf_210_rn.html

Early Access EAP Thread:  Sophos Firewall: v21.0 EAP1: Feedback and experiences (EAP Thread) 

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue.   

Only XGS Hardware is supported - Not XG/SG Hardware. Sophos Home is excluded, as it uses Software, which is supported. 

Firmware update from the CM will be available after the firmware is available to all. Please refer to the standard update process.

Firmware update on Sophos firewall requires a valid support subscription (of any type - paid or trial) after the first 3 free firmware updates.

Parents
  • The EAP worked well and the GM update installed smoothly. The new, dynamic Control Center is really coming into its own. Have been trying third-party block feeds, though they haven't hit anything that Sophos doesn't already hit. (Which is ultimately a good thing.) I even noticed that the Messages no longer shows those info notifications (being under Sophos Central, VPN controls have moved) that we could never eliminate.

    Now that the XGS effort is behind you, it feels like you're making solid progress with each release, and working off the backlog of requests like Let's Encrypt.

    (My only disappointment is that the way port 8090 access works evidently means we can't use Let's Encrypt for web-block interactions on our Guest networks. Which would be super-useful for, well, guests who won't have our CA certificate installed on their machines. Hopefully this can be straightened out at some point in the future. I've submitted it as a suggestion from the firewall.)

  • Lets Encrypt requires that all certificates and hostnames be public (WAN facing).  Web blocks (etc) require that we serve things private (LAN facing).  It is a limitation of Lets Encrypt.  I believe some customers have had success using split horizon DNS.

Reply Children
No Data