Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 72 replies
  • Answers 4 answers
  • Subscribers 65 subscribers
  • Views 19583 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: v21.0 GA: Feedback and experiences

LuCar Toni

Release Post:  Sophos Firewall v21 is Now Available 

Release Notes: docs.sophos.com/.../sf_210_rn.html

Early Access EAP Thread:  Sophos Firewall: v21.0 EAP1: Feedback and experiences (EAP Thread) 

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue.   

Only XGS Hardware is supported - Not XG/SG Hardware. Sophos Home is excluded, as it uses Software, which is supported. 

Firmware update from the CM will be available after the firmware is available to all. Please refer to the standard update process.

Firmware update on Sophos firewall requires a valid support subscription (of any type - paid or trial) after the first 3 free firmware updates.

  • 0 in reply to Stephen BabuJohnson

    Is it a HA? 
    Because reports are only appliance related, not cluster related. So it might be, the customer is looking at the wrong appliance. 

    __________________________________________________________________________________________________________________

  • +1 in reply to Stephen BabuJohnson

    Hi  

    In version 21, we upgraded the Postgres database to a newer version. As a result, version 21 temporarily operates with the old and new databases. 

    Before the upgrade: Reports created are stored in the old database.

    After the upgrade: Any new reports generated post-upgrade are stored in the new database.

    Please refer  help for more details: https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Reports/index.html#reports-behavior

  • 0

    Is Cellular WAN broken for everyone in V21, or just for me?

    After upgrading a SG115 from SFOS 20.0.2 MR-2-Build378 to SFOS 21.0.0 GA-Build169 broke the USB Cellular WAN that was working fine previously. It now says "No modem plugged-in" in the row for WWAN1 in the Interfaces page of the web admin. The device is an Alcatel LTE USB modem, with identifiers 1bbb:0191 that worked out of the box (in  DHCP mode) in V20.

    Comparing the two dmesg lines shows a difference. Here is the dmesg output from V21. There are no additional lines appearing when the USB LTE modem is unplugged and plugged back in.

    [ 337.075512] usbcore: registered new interface driver usbserial
    [ 337.075535] usbcore: registered new interface driver usbserial_generic
    [ 337.075557] usbserial: USB Serial support registered for generic

    and here is the output from dmesg from V20, which shows how the modem is recognized properly:

    [ 208.491441] usbcore: registered new interface driver usbserial
    [ 208.491459] usbcore: registered new interface driver usbserial_generic
    [ 208.491472] usbserial: USB Serial support registered for generic
    [ 209.451176] i801_smbus 0000:00:1f.1: can't derive routing for PCI INT A
    [ 209.451181] i801_smbus 0000:00:1f.1: PCI INT A: not connected
    [ 209.451208] i801_smbus 0000:00:1f.1: SPD Write Disable is set
    [ 209.451229] i801_smbus 0000:00:1f.1: SMBus using polling
    [ 209.722440] xhci_hcd 0000:00:15.0: xHCI Host Controller
    [ 209.722453] xhci_hcd 0000:00:15.0: new USB bus registered, assigned bus number 1
    [ 209.723589] xhci_hcd 0000:00:15.0: hcc params 0x200077c1 hci version 0x100 quirks 0x0000000001109810
    [ 209.723615] xhci_hcd 0000:00:15.0: cache line size of 64 is not supported
    [ 209.737852] hub 1-0:1.0: USB hub found
    [ 209.737880] hub 1-0:1.0: 8 ports detected
    [ 209.743853] xhci_hcd 0000:00:15.0: xHCI Host Controller
    [ 209.743862] xhci_hcd 0000:00:15.0: new USB bus registered, assigned bus number 2
    [ 209.743869] xhci_hcd 0000:00:15.0: Host supports USB 3.0 SuperSpeed
    [ 209.747442] hub 2-0:1.0: USB hub found
    [ 209.750991] hub 2-0:1.0: 7 ports detected
    [ 209.765508] Intel(R) Gigabit Ethernet Linux Driver - version 5.3.5.20
    [ 209.765511] Copyright(c) 2007 - 2018 Intel Corporation.
    [ 209.996463] usb 1-1: new high-speed USB device number 2 using xhci_hcd
    [ 228.397584] usb 1-1: USB disconnect, device number 2
    [ 229.268421] usb 1-1: new high-speed USB device number 3 using xhci_hcd
    [ 229.559780] cdc_ether 1-1:1.2 usb0: register 'cdc_ether' at usb-0000:00:15.0-1, CDC Ethernet Device, ba:56:f1:ad:6
    5:cf
    [ 229.559872] usbcore: registered new interface driver cdc_ether
    [ 230.373621] cdc_ether 1-1:1.2 WWAN1: renamed from usb0
    [ 234.878651] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped
    [ 239.188946] usbserial: USB Serial deregistering driver generic
    [ 239.189003] usbcore: deregistering interface driver usbserial_generic
    [ 239.189021] usbcore: deregistering interface driver usbserial
    [ 240.205963] usbcore: registered new interface driver usbserial
    [ 240.205983] usbcore: registered new interface driver usbserial_generic
    [ 240.206003] usbserial: USB Serial support registered for generic
    [ 258.725893] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped
    [ 258.725937] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped
    [ 258.725942] cdc_ether 1-1:1.2 WWAN1: kevent 12 may have been dropped

    I didn't find any mention of USB or Cellular WAN in these references about V21:

    I reverted back to V20 and hope that someone here can either point me in the right direction or tell me that it will be fixed in a future version.

    Thanks

    Dan

  • 0 in reply to dbro

    Hi,

    please check this link, it might apply to your situation?

    https://community.sophos.com/sophos-xg-firewall/f/discussions/147435/huawei-3372-lte-stick-not-working-in-sfos-20-0-2-mr-2-build378/548390

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks for the suggestion. The link you shared appears to be a different situation involving version 20.0.2 not working (in my situation, the dongle works fine in this version, and then stops working in the following version 21.0.0) and a different symptom where the USB LTE dongle is recognized but not working, whereas in my situation the dongle is not recognized at all.

  • 0 in reply to dbro

    Hi  

    The issue looks like specific to Alcatel LTE USB Modem that is being used. 

    Request to share the support access ID via PM for further troubleshoot the issue. 

  • 0 in reply to jekin.virparia

    Hi  

    Thank you connecting with me via PM. I am trying to send you PM but private messages seems disabled in your profile setting. Request to enable it.

    It does not require device in v21 to troubleshoot the issue at this point. You can keep the device in v20 firmware and share the device access via PM, we will try to check issue using the logs.

    In case if you are unable to enable the support access due to any reason then please share the below log files.

    /log/syslog.log
    /log/modemd.log
    /log/mdev.log
    /log/applog.log
    /log/csc.log

    If we are unable to find the RCA with available logs then I will request you a session for the troubleshoot.

    Thanks

    Jekin

  • 0 in reply to FFin

    Hi  ,  ,

    Thank you for your valuable feedback on interface sorting!

    We're improving the interface ordering in the upcoming release.

    Based on the examples you provided, the updated logic would now sort interfaces in the following order:

    ["Lag1", "P1 LAN Intern", "P3 WAN DHCP", "Port1", "Port2", "Port11_1234", "port13A1abc23", "WAN1 Cable", "WAN2 LTE"]

    Please let us know if this meets your expectations or if there’s anything else you’d like us to consider.

  • 0 in reply to Jubin

    Great to hear that! Examples are looking good. I'd add following examples for tagged interfaces: "P1.10 VLAN Guest", "P1.20 VLAN Phone". So additional dot in some cases. Will that be handled "correctly" as well? So order like ["P1 LAN Intern", "P1.10 VLAN Guest", "P1.20 VLAN Phone", "P3 WAN LTE"]

  • 0 in reply to FFin

    In this case order will be - 

    • ["P1.10 VLAN Guest", "P1.20 VLAN Phone", "P1 LAN Intern", "P3 WAN LTE"]
Unfiltered HTML