Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 150 replies
  • Answers 12 answers
  • Subscribers 58 subscribers
  • Views 28469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v20.0 EAP1: Feedback and experiences

LuCar Toni

Release Post:  Sophos Firewall v20 Early Access Announcement 

Full Feature List: https://assets.sophos.com/X24WTUEQ/at/w8vnx57qw4vhs997fbknp2j/sophos-firewall-key-new-features.pdf



This thread was automatically locked due to age.

Top Replies

  • 0

    Will FQDN support for SD-WAN probes be available in this EAP?

    Also, thanks for the Early Access!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • 0

    Have upgraded 3 in my LAB environment, all with RED Server tunnels, not wokring anymore, even try to recreate, but just sees error:

    Tue Sep 26 10:32:33 2023Z REDD ERROR: server: Can not do SSL handshake on Socket accept from x.x.x.x': SSL accept attempt failed error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
    Tue Sep 26 10:32:35 2023Z REDD ERROR: server: Can not do SSL handshake on Socket accept from 'x.x.x.x': SSL accept attempt failed error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Architect

  • Anonymous
    0 Anonymous in reply to twister5800

    I'm also experiencing RED issues after upgrading. I use Firewall to Firewall RED tunnels.

  • 0 in reply to Anonymous

    Hi Can you please share the SFOS version where client is configured?

  • 0 in reply to Prism

    No - HTTPS and FQDN Support for probing is not included but considered for an upcoming release. 

    __________________________________________________________________________________________________________________

  • 0

    Eliminate False Missing Heartbeats – Devices that are in sleep or hibernate mode will no longer generate a
    missing heartbeat reducing false alerts and notifications

    Sounds good. Is it just disabled or max. delayed or ist it really "fixed" it think this would have been an endpoint issue?

    also great, that really made it into v20:  Firewall v20 introduces a new hardened and highly secure, containerized self-service VPN portal.

    I'm strongly interested to see a screenshot of that feature:
    Object Reference Lookup – You can now see the usage count of all host and service objects as well as a full
    list of all locations where that object is referenced such as in rules, policies, routing, etc. You can also directly
    edit or remove objects for many entities without switching context from the hosts and services list.

  • 0 in reply to LHerzog

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thank you!

    nice. and also with a link to the reference! I think it is the same for rule references?

  • 0 in reply to LHerzog

    __________________________________________________________________________________________________________________

  • 0 in reply to twister5800

    Hi Martin,

    Thank you for participating in EAP program and providing feedback.

    We acknowledge the issue and we are tracking this issue internally via NC-125221. The fix will be available in future release.

    Meanwhile we have a workaround to mitigate the issue.

    Please disable Force TLS 1.2 from Web admin console on RED Server side as shown in attached image.

    Please provide feedback after applying the work around.

    Apology for inconvenience caused. 

Unfiltered HTML