Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v21.0 GA: Feedback and experiences

Release Post:  Sophos Firewall v21 is Now Available 

Release Notes: docs.sophos.com/.../sf_210_rn.html

Early Access EAP Thread:  Sophos Firewall: v21.0 EAP1: Feedback and experiences (EAP Thread) 

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue.   

Only XGS Hardware is supported - Not XG/SG Hardware. Sophos Home is excluded, as it uses Software, which is supported. 

Firmware update from the CM will be available after the firmware is available to all. Please refer to the standard update process.

Firmware update on Sophos firewall requires a valid support subscription (of any type - paid or trial) after the first 3 free firmware updates.

Parents
  • I'm seeing issues with HA on new V21 setup on XGS136.
    HA-Status states all fine:

    But central-settings show aux offline (locally):

    Triggering "Sync aux device" does nothing. SSH to aux not possible. Webadmin not possible as well. Ping OK

    Central showed HA green as well. Once i deregistered primary appliance, central went red with aux - showing disconnected since 7 days.
    Re-registering primary node with central not possible.

    "HA nodes are connected and fully functional." seems to be not correct.

    Case ID #02074000

Reply
  • I'm seeing issues with HA on new V21 setup on XGS136.
    HA-Status states all fine:

    But central-settings show aux offline (locally):

    Triggering "Sync aux device" does nothing. SSH to aux not possible. Webadmin not possible as well. Ping OK

    Central showed HA green as well. Once i deregistered primary appliance, central went red with aux - showing disconnected since 7 days.
    Re-registering primary node with central not possible.

    "HA nodes are connected and fully functional." seems to be not correct.

    Case ID #02074000

Children
  • Update: currently waiting with GES for Aux-Node having this issue again (if it will happen again sometime).
    Aux Node was totally "stuck" (no webadmin, no ssh, console available but no login). According to GES it was still sending heartbeats to primary, and therefore not declared dead.

    I'd suggest there should be more factors additional to heartbeat to determine ha-status. When a node is "stuck" and cluster obviously not fine, it should not show green ha-status and aux-node stuck being unnoticed and unnotified... Especially when some other components like Central Registration status in screenshot above detect, there's something wrong!