Sophos Firewall: v20.0 EAP1: Feedback and experiences

Question

Release Post: Sophos Firewall v20 Early Access Announcement 
 Full Feature List: https://assets.sophos.com/X24WTUEQ/at/w8vnx57qw4vhs997fbknp2j/sophos-firewall-key-new-features.pdf

sanket.shah · Accepted Answer

Thanks rfcat_vk for your support and patience! 
 Reg. shorten form of interface identifier (:0:0:0:1 instead of ::1), it was conscious decision made because we have segregated IPv6 address into 3 parts - delegated prefix: subnet id: interface id - to make it more readable to administrator. 
 Reg. link failure detection requires interface to be updated, that shouldn't be the case. Will interact with you over PM to get more details about it. 
 Thanks again for your support.

LuCar Toni · Answer

Sophos Firewall: v20.0 GA: Feedback and experiences V20.0 was released (GA).

LuCar Toni · Answer

As of today in this Release - PPPOE is not supported for DHCPv6-PD. This will be included later (Not sure if it is for V20.0 or after V20.0).

LuCar Toni · Answer

This is not included in V20.0 - But considered to be an UX Improvement for the future.

Kaushal Kansara · Answer

Hi Martin, 
 Thank you for participating in EAP program and providing feedback. 
 We acknowledge the issue and we are tracking this issue internally via NC-125221. The fix will be available in future release. 
 Meanwhile we have a workaround to mitigate the issue. 
 Please disable Force TLS 1.2 from Web admin console on RED Server side as shown in attached image.

Please provide feedback after applying the work around. 
 Apology for inconvenience caused.

sanket.shah · Answer

Hello rfcat_vk, 
 IPv6 FQDN support is still in the future roadmap.

LuCar Toni · Answer

Not in this release. It is on the roadmap to update Kernel in the future.

LuCar Toni · Answer

Not in this release. It is on the roadmap to support 4096 Bit DH Key

sanket.shah · Answer

Thanks for the feedback about "Traffic shaping" setting placement. I will discuss this feedback internally with product management team. 
 Reg. default traffic shaping policy, there are 3 different tabs (with similar names) and I can understand it can create some confusion sometime if its purpose is not clear. Let me try to explain it. 
 "Traffic shaping default" tab shared in your attached screen shot is related application and application category. From this tab, admin can associate "application" type of traffic shaping policy to desired application(s) as per need. 
 Under "System services" menu, there are 2 more tabs "Traffic shaping settings" and "Traffic shaping". Screenshot attached below. 
 "Traffic shaping settings" is used to define various global settings like total WAN bandwidth available, VoIP traffic optimization preference etc. (2nd number arrow in attached screenshot.) 
 Under "traffic shaping" tab (3rd number arrow in attached screenshot), admin can create new traffic shaping policy as per need or use provided default traffic shaping policies for firewall rules, User, application, web traffic. If you have already created any traffic shaping policy previously or using pre-created ones, you should be able to find it here.

LuCar Toni · Answer

No - HTTPS and FQDN Support for probing is not included but considered for an upcoming release.

Jubin · Answer

Hi rfcat_vk , We do not have a specific timeline yet. We will provide updates as we have more information.

Jubin · Answer

Thank you RyzenShine for your feedback! We will change the default position of Sophos Assistant to the bottom so that it does not get in the way on many screens.

BhruguPatel · Answer

Hello LHerzog , 
 Yes, You can sort the data either in ascending or descending order by clicking the "Usage" link/text shown in the below screenshot

After clicking it you'll able to see the sorted data based on your requirements. For reference, I sorted it in descending order.

Let us know if this w ould be helpful to identify and delete 0 usage items from your list. 
 
 Regards, 
 Bhrugu Patel

Steve Weißflog · Answer

If anybody else find the logic of mapping of AD groups / syncing of AD users should be realized in a better and consistant way: 
 Write your Sophos Account Manager and tell him to push the feature request: SFSW-1183

Sophos Firewall: v20.0 EAP1: Feedback and experiences

Top Replies