Sophos Firewall: v19.0 EAP2: Feedback and experiences

Please enable "Add firewall rule" within one click with uncoupling "Add firewall rule" and DNAT assistant. Nobody uses DNAT assistant and if then there is enough space to place it next to the "Add firewall rule" button. Don't force us for all the firewall rules adding click twice instead of a one!

I was hoping that this will be fixed in v19.

I am actually not able to understand, what you mean. Could you give some screenshots context? 

I suspect he is talking about the server creation rule which probably should be called WAF creation, rather than DNAT?

ian

Sorry for asking this question here, but I'm really excited about v19. I wanted to clear up two doubts.

In version 19, are we expected to have improvements in SSL VPN, which go beyond the performance improvement?

Today SSL VPN RA and S2S share the same service and the same range of IPs, separating this would be very good without interrupting the two services.
Another improvement would be to be able to specify which remote destinations of the ssl vpn connection could be made to the remote server.

I really like IPsec and I like to see you dedicating a lot to this technology. I use and will use them a lot, but in small companies the ease of configuring and managing SSL is very practical. LOT

Another thing I wanted to know that would help a lot is having the option to clone a reverse rule. It is very annoying to create a rule from src to dst and then create another inverse one, if there was a click that already creates the rule in reverse, it helps a lot.

Is this expected in the new version or the next ones?

Another thing that would help a lot to save clicks would be to be able to change a part of the rule, on the line without having to go in and edit. Example, I want to change the port in the services part. In the line of the rule, if you could click on services and the window to change appears, it would be very fast for our day to day.

Is this expected in the new version or the next ones?

Sorry to use this channel for these doubts, but I couldn't find a more effective place for a roadmap to be implemented.

You still use SSL VPN for Site to Site? Because from my perspective, this is rather rarely used. Why are you rely on SSLVPN for Site connections? 

Why do you want to do a "reverse rule"? Stateful firewall will allow the traffic in a stateful manner, if this is the goal? 

LuCar Toni you say in this release "Be aware: V18.5 MR2 is not supported to migrate". Is this a cut and paste error?

The release notes for EAP2 say "Sophos Firewall OS v19 EAP2 (Build 271) is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later and all previous versions of v18.5."  and (I believe) I have successfully upgraded from V18.5 MR2 to EAP2

My bad. Copy/Pasted the old post and missed to remove this part. 

Here are the screenshots. The same goes for nat. Logically the product is the firewall product, so most of all you will add firewall and nat rules, which it is really inefficient to to that all the time via the submenu. Imagine when you are installing a new firewall and have to create 100 fw rule and 40 NAT rule in average all the time for all firewalls.

The wave of "Enterprise NAT" rejection during v18 launch is long gone, so you can (should) adjust it now.

Small correction Add NAT rule should obviously open "NEW NAT rule page" - not firewall rule page :-)

I restored the backup of v18.5 MR2 to v19 EAP2. Then, the "TLS certificate" setting of "SMTP TLS configuration" and "POP and IMAP TLS configuration" was changed to "Default".
I had to change the "TLS certificate" setting to the original.