Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v21.0 GA: Feedback and experiences

Release Post:  Sophos Firewall v21 is Now Available 

Release Notes: docs.sophos.com/.../sf_210_rn.html

Early Access EAP Thread:  Sophos Firewall: v21.0 EAP1: Feedback and experiences (EAP Thread) 

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue.   

Only XGS Hardware is supported - Not XG/SG Hardware. Sophos Home is excluded, as it uses Software, which is supported. 

Firmware update from the CM will be available after the firmware is available to all. Please refer to the standard update process.

Firmware update on Sophos firewall requires a valid support subscription (of any type - paid or trial) after the first 3 free firmware updates.

Parents
  • Is Cellular WAN broken for everyone in V21, or just for me?

    After upgrading a SG115 from SFOS 20.0.2 MR-2-Build378 to SFOS 21.0.0 GA-Build169 broke the USB Cellular WAN that was working fine previously. It now says "No modem plugged-in" in the row for WWAN1 in the Interfaces page of the web admin. The device is an Alcatel LTE USB modem, with identifiers 1bbb:0191 that worked out of the box (in  DHCP mode) in V20.

    Comparing the two dmesg lines shows a difference. Here is the dmesg output from V21. There are no additional lines appearing when the USB LTE modem is unplugged and plugged back in.

    [ 337.075512] usbcore: registered new interface driver usbserial
    [ 337.075535] usbcore: registered new interface driver usbserial_generic
    [ 337.075557] usbserial: USB Serial support registered for generic

    and here is the output from dmesg from V20, which shows how the modem is recognized properly:

    [ 208.491441] usbcore: registered new interface driver usbserial
    [ 208.491459] usbcore: registered new interface driver usbserial_generic
    [ 208.491472] usbserial: USB Serial support registered for generic
    [ 209.451176] i801_smbus 0000:00:1f.1: can't derive routing for PCI INT A
    [ 209.451181] i801_smbus 0000:00:1f.1: PCI INT A: not connected
    [ 209.451208] i801_smbus 0000:00:1f.1: SPD Write Disable is set
    [ 209.451229] i801_smbus 0000:00:1f.1: SMBus using polling
    [ 209.722440] xhci_hcd 0000:00:15.0: xHCI Host Controller
    [ 209.722453] xhci_hcd 0000:00:15.0: new USB bus registered, assigned bus number 1
    [ 209.723589] xhci_hcd 0000:00:15.0: hcc params 0x200077c1 hci version 0x100 quirks 0x0000000001109810
    [ 209.723615] xhci_hcd 0000:00:15.0: cache line size of 64 is not supported
    [ 209.737852] hub 1-0:1.0: USB hub found
    [ 209.737880] hub 1-0:1.0: 8 ports detected
    [ 209.743853] xhci_hcd 0000:00:15.0: xHCI Host Controller
    [ 209.743862] xhci_hcd 0000:00:15.0: new USB bus registered, assigned bus number 2
    [ 209.743869] xhci_hcd 0000:00:15.0: Host supports USB 3.0 SuperSpeed
    [ 209.747442] hub 2-0:1.0: USB hub found
    [ 209.750991] hub 2-0:1.0: 7 ports detected
    [ 209.765508] Intel(R) Gigabit Ethernet Linux Driver - version 5.3.5.20
    [ 209.765511] Copyright(c) 2007 - 2018 Intel Corporation.
    [ 209.996463] usb 1-1: new high-speed USB device number 2 using xhci_hcd
    [ 228.397584] usb 1-1: USB disconnect, device number 2
    [ 229.268421] usb 1-1: new high-speed USB device number 3 using xhci_hcd
    [ 229.559780] cdc_ether 1-1:1.2 usb0: register 'cdc_ether' at usb-0000:00:15.0-1, CDC Ethernet Device, ba:56:f1:ad:6
    5:cf
    [ 229.559872] usbcore: registered new interface driver cdc_ether
    [ 230.373621] cdc_ether 1-1:1.2 WWAN1: renamed from usb0
    [ 234.878651] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped
    [ 239.188946] usbserial: USB Serial deregistering driver generic
    [ 239.189003] usbcore: deregistering interface driver usbserial_generic
    [ 239.189021] usbcore: deregistering interface driver usbserial
    [ 240.205963] usbcore: registered new interface driver usbserial
    [ 240.205983] usbcore: registered new interface driver usbserial_generic
    [ 240.206003] usbserial: USB Serial support registered for generic
    [ 258.725893] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped
    [ 258.725937] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped
    [ 258.725942] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped

    I didn't find any mention of USB or Cellular WAN in these references about V21:

    I reverted back to V20 and hope that someone here can either point me in the right direction or tell me that it will be fixed in a future version.

    Thanks

    Dan

  • Hi  

    The issue looks like specific to Alcatel LTE USB Modem that is being used. 

    Request to share the support access ID via PM for further troubleshoot the issue. 

Reply Children
  • Hi  

    Thank you connecting with me via PM. I am trying to send you PM but private messages seems disabled in your profile setting. Request to enable it.

    It does not require device in v21 to troubleshoot the issue at this point. You can keep the device in v20 firmware and share the device access via PM, we will try to check issue using the logs.

    In case if you are unable to enable the support access due to any reason then please share the below log files.

    /log/syslog.log
    /log/modemd.log
    /log/mdev.log
    /log/applog.log
    /log/csc.log

    If we are unable to find the RCA with available logs then I will request you a session for the troubleshoot.

    Thanks

    Jekin