Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 86 replies
  • Answers 5 answers
  • Subscribers 71 subscribers
  • Views 23577 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: v21.0 GA: Feedback and experiences

LuCar Toni

Release Post:  Sophos Firewall v21 is Now Available 

Release Notes: docs.sophos.com/.../sf_210_rn.html

Early Access EAP Thread:  Sophos Firewall: v21.0 EAP1: Feedback and experiences (EAP Thread) 

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue.   

Only XGS Hardware is supported - Not XG/SG Hardware. Sophos Home is excluded, as it uses Software, which is supported. 

Firmware update from the CM will be available after the firmware is available to all. Please refer to the standard update process.

Firmware update on Sophos firewall requires a valid support subscription (of any type - paid or trial) after the first 3 free firmware updates.

  • 0 in reply to dbro

    Hi  

    The issue looks like specific to Alcatel LTE USB Modem that is being used. 

    Request to share the support access ID via PM for further troubleshoot the issue. 

  • 0 in reply to rfcat_vk

    Thanks for the suggestion. The link you shared appears to be a different situation involving version 20.0.2 not working (in my situation, the dongle works fine in this version, and then stops working in the following version 21.0.0) and a different symptom where the USB LTE dongle is recognized but not working, whereas in my situation the dongle is not recognized at all.

  • 0 in reply to dbro

    Hi,

    please check this link, it might apply to your situation?

    https://community.sophos.com/sophos-xg-firewall/f/discussions/147435/huawei-3372-lte-stick-not-working-in-sfos-20-0-2-mr-2-build378/548390

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Is Cellular WAN broken for everyone in V21, or just for me?

    After upgrading a SG115 from SFOS 20.0.2 MR-2-Build378 to SFOS 21.0.0 GA-Build169 broke the USB Cellular WAN that was working fine previously. It now says "No modem plugged-in" in the row for WWAN1 in the Interfaces page of the web admin. The device is an Alcatel LTE USB modem, with identifiers 1bbb:0191 that worked out of the box (in  DHCP mode) in V20.

    Comparing the two dmesg lines shows a difference. Here is the dmesg output from V21. There are no additional lines appearing when the USB LTE modem is unplugged and plugged back in.

    [ 337.075512] usbcore: registered new interface driver usbserial
    [ 337.075535] usbcore: registered new interface driver usbserial_generic
    [ 337.075557] usbserial: USB Serial support registered for generic

    and here is the output from dmesg from V20, which shows how the modem is recognized properly:

    [ 208.491441] usbcore: registered new interface driver usbserial
    [ 208.491459] usbcore: registered new interface driver usbserial_generic
    [ 208.491472] usbserial: USB Serial support registered for generic
    [ 209.451176] i801_smbus 0000:00:1f.1: can't derive routing for PCI INT A
    [ 209.451181] i801_smbus 0000:00:1f.1: PCI INT A: not connected
    [ 209.451208] i801_smbus 0000:00:1f.1: SPD Write Disable is set
    [ 209.451229] i801_smbus 0000:00:1f.1: SMBus using polling
    [ 209.722440] xhci_hcd 0000:00:15.0: xHCI Host Controller
    [ 209.722453] xhci_hcd 0000:00:15.0: new USB bus registered, assigned bus number 1
    [ 209.723589] xhci_hcd 0000:00:15.0: hcc params 0x200077c1 hci version 0x100 quirks 0x0000000001109810
    [ 209.723615] xhci_hcd 0000:00:15.0: cache line size of 64 is not supported
    [ 209.737852] hub 1-0:1.0: USB hub found
    [ 209.737880] hub 1-0:1.0: 8 ports detected
    [ 209.743853] xhci_hcd 0000:00:15.0: xHCI Host Controller
    [ 209.743862] xhci_hcd 0000:00:15.0: new USB bus registered, assigned bus number 2
    [ 209.743869] xhci_hcd 0000:00:15.0: Host supports USB 3.0 SuperSpeed
    [ 209.747442] hub 2-0:1.0: USB hub found
    [ 209.750991] hub 2-0:1.0: 7 ports detected
    [ 209.765508] Intel(R) Gigabit Ethernet Linux Driver - version 5.3.5.20
    [ 209.765511] Copyright(c) 2007 - 2018 Intel Corporation.
    [ 209.996463] usb 1-1: new high-speed USB device number 2 using xhci_hcd
    [ 228.397584] usb 1-1: USB disconnect, device number 2
    [ 229.268421] usb 1-1: new high-speed USB device number 3 using xhci_hcd
    [ 229.559780] cdc_ether 1-1:1.2 usb0: register 'cdc_ether' at usb-0000:00:15.0-1, CDC Ethernet Device, ba:56:f1:ad:6
    5:cf
    [ 229.559872] usbcore: registered new interface driver cdc_ether
    [ 230.373621] cdc_ether 1-1:1.2 WWAN1: renamed from usb0
    [ 234.878651] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped
    [ 239.188946] usbserial: USB Serial deregistering driver generic
    [ 239.189003] usbcore: deregistering interface driver usbserial_generic
    [ 239.189021] usbcore: deregistering interface driver usbserial
    [ 240.205963] usbcore: registered new interface driver usbserial
    [ 240.205983] usbcore: registered new interface driver usbserial_generic
    [ 240.206003] usbserial: USB Serial support registered for generic
    [ 258.725893] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped
    [ 258.725937] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped
    [ 258.725942] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped

    I didn't find any mention of USB or Cellular WAN in these references about V21:

    I reverted back to V20 and hope that someone here can either point me in the right direction or tell me that it will be fixed in a future version.

    Thanks

    Dan

  • +1 in reply to Stephen BabuJohnson

    Hi  

    In version 21, we upgraded the Postgres database to a newer version. As a result, version 21 temporarily operates with the old and new databases. 

    Before the upgrade: Reports created are stored in the old database.

    After the upgrade: Any new reports generated post-upgrade are stored in the new database.

    Please refer  help for more details: https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Reports/index.html#reports-behavior

  • 0 in reply to Stephen BabuJohnson

    Is it a HA? 
    Because reports are only appliance related, not cluster related. So it might be, the customer is looking at the wrong appliance. 

    __________________________________________________________________________________________________________________

  • 0

    Hi,

    Recently, we have updated the V21 in our customer's firewall and we have got the information that  the ReportDB got regenerated and the reports were shown only from the date of firmware upgrade. This is the update what we have got, as of now.

  • 0

    cosmetic: some firewall generated mail could not be sent during upgrade

  • 0 in reply to m8ey-au

    confirming no issues so far when upgrading some XGS 126, 136 and 4500 HA clusters - a stable release

    impressive RED robustness: the remote side behind a RED had only 7 ping loss during node reboot.

    this has been much worse in earlier versions.

  • 0

    Just noticed today looking for dependcies on my interfaces to plan upcoming changes: Object usage does not show depended firewall-rules using "#Port2"-Definition.
    As all "#PortX" ip-host-objects are automatically created/updated i'd expect those to show up in unterface object usage as well.
    So when i try to find all settings related to this interface, e.g. firewallrules containing host-definition should be listed there as well:

    Sure, you might use new port-migration assistant during restore (with downtime) to handle interface changes, but sometimes smaller changes might benefit here.
    Anything on the roadmap to change interface - hardware mapping? Like move only sinlge vlan-interface to other hardware-port with one click like on utm/sg?

Unfiltered HTML