Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v21.0 GA: Feedback and experiences

Release Post:  Sophos Firewall v21 is Now Available 

Release Notes: docs.sophos.com/.../sf_210_rn.html

Early Access EAP Thread:  Sophos Firewall: v21.0 EAP1: Feedback and experiences (EAP Thread) 

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue.   

Only XGS Hardware is supported - Not XG/SG Hardware. Sophos Home is excluded, as it uses Software, which is supported. 

Firmware update from the CM will be available after the firmware is available to all. Please refer to the standard update process.

Firmware update on Sophos firewall requires a valid support subscription (of any type - paid or trial) after the first 3 free firmware updates.

Parents
  • What is status of NC-141046 as reported by Scotty Huges Jr. about 2 months ago in the EAP thread?

    I cannot find any mentioning of this anywhere outside that forum post.

    I have the excact same problem as he described. Bitwarden client App on some Android devices does not work because of this.
    If i change over to another Lets Encrypt certificate optained by certbot on another system and imported to SFO v21 firewall it works without problems.

    Why is this NC-141046 but not present in the release notes on your site?!? You officially have an ID for it. But dont publish it on your status - thats really shamefull!
    I just waste most of a work day trying to figure out what the hell was wrong with our WAF setup at work, until i stubmled on Scottys note from the EAP program.
    That is just really bad PR from you guys.

    Scotty. If youre reading this: Can you explain how you managed to fix this?
    Did you just import the missing LetsEncrypt CA's to the firewall?

Reply
  • What is status of NC-141046 as reported by Scotty Huges Jr. about 2 months ago in the EAP thread?

    I cannot find any mentioning of this anywhere outside that forum post.

    I have the excact same problem as he described. Bitwarden client App on some Android devices does not work because of this.
    If i change over to another Lets Encrypt certificate optained by certbot on another system and imported to SFO v21 firewall it works without problems.

    Why is this NC-141046 but not present in the release notes on your site?!? You officially have an ID for it. But dont publish it on your status - thats really shamefull!
    I just waste most of a work day trying to figure out what the hell was wrong with our WAF setup at work, until i stubmled on Scottys note from the EAP program.
    That is just really bad PR from you guys.

    Scotty. If youre reading this: Can you explain how you managed to fix this?
    Did you just import the missing LetsEncrypt CA's to the firewall?

Children
  • So we closed the ID NC-141046 as an internal ID and updated all CAs in another ID, which is closed with V21.0 GA. 

    We updated all LE CAs within the product: 

    You should see the same as well. 

    There are all the certificates, which the User in the EAP Thread mentioned. 

    So it would be useful to know, what kind of CA really is missing here in the Chain. 

    __________________________________________________________________________________________________________________

  • Thats interesting.

    I have the same LE CAs as in your screenshot.
    But when i use a LE certificate managed by SFOS 21 i get errors in Bitwarden Android client.

    When using a LE certificate obtained outside and manually imported to SFOS 21, the Android client works.

    Same FQDN for LE certificate, same WAF rule etc. Only change is switching between LE certificates.

    I can see, that the working certificate is issued by LE CA E6.
    And the one not working from SFOS 21 is issued by LE CA E5.