Sophos Firewall: v21.0 EAP1: Feedback and experiences (EAP Thread)

Release Post:  Sophos Firewall v21 Early Access Announcement 

Whats New Link: 

Please provide feedback using the option at the top of every screen in your Sophos Firewall as shown below or via the Community Forums.

NOTE: Sophos Firewall v21 does NOT include support for XG and SG Series appliances. XG Series EOL is March 31, 2025.
XG/SG Hardware will find them self until the EOL on the V20.0 Branche with MR2 + 
Sophos SFOS Home users are not affected, as SFOS Home is running the software version. 

For LE Related config issues, please review this post first:  Let´s Encrypt Deep Dive & Debugging in SFOSv21.0  

[bearbeitet von: LuCar Toni um 8:59 AM (GMT -7) am 31 Aug 2024]
  • No - That is not included in the V21.0 Release. 


  • We could generate the LE successful for  It was related to a poor performance of the System itself. 


  • Sophos Firewall shows an error after creating a Lets Encrypt certificate, but the certificate seems to work normally.

    Error Entry in letsencrypt.log:
    [2024-08-30 08:02:57,770] Dehydrated: ERROR: Problem connecting to server (post for; curl returned with 23)

    Assigning the certificate on the web admin works and is accepted

  • We are tracking this issue here: NC-141068


  • (English version below)

    Hallo zusammen,

    ich habe die EAP Version 21 gestern auf meiner privaten Firewall zu Hause installiert. Es handelt sich hierbei nicht um Sophos Hardware. Die guten Punkte vor weg, das Upgrade verlief Problemlos und die GUI ist nun deutlich schneller als es zuvor der Fall war.

    Mit zwei Punkten habe ich allerdings noch so meine Probleme.

    - Lets Encrypt
    Ich habe auf der Firewall die entsprechende Lets Encrypt Registrierung vorgenommen und versucht für zwei Domains, welche auf die WAN Seite der Sophos zeigen versucht ein Zertifikat auszustellen. Leider war das für beide Domains nicht erfolgreich. Die Zertifikate stehen zwischenzeitlich beide im Fehlerstatus.

    "detail":"87.XXX.XXX.222: Fetching Error getting validation data"

    das andere Zertifikat steht ebenfalls im Fehlerstatus, allerdings nur mit dem Fehler "http request error".

    - Third-party threat feeds
    Ich habe mehrere Feeds auf der Firewall eingetragen. Allerdings bleibt die Anzahl der Indicators immer bei 0 stehen. Beispiel feed:

    Ich habe heute noch ein paar feeds hinzugefügt und erhalte nun im feed Status die Meldung "Storage full". Wenn ich mir die Speicherauslastung der Sophos ansehe, ist allerdings noch ein guter Teil des Storages frei.

    SFVH_SO01_SFOS 21.0.0 EAP1-Build152# df -h
    Filesystem Size Used Available Use% Mounted on
    none 1.5G 1.2M 1.4G 0% /
    none 2.9G 424.0K 2.9G 0% /dev
    none 2.9G 44.0M 2.9G 1% /tmp
    none 2.9G 53.6M 2.9G 2% /dev/shm
    tmpfs 2.9G 0 2.9G 0% /sys/fs/cgroup
    /dev/boot 126.2M 34.7M 88.8M 28% /boot
    950.7M 87.8M 846.9M 9% /conf
    /dev/content 11.2G 543.3M 10.6G 5% /content
    /dev/var 87.1G 22.7G 64.4G 26% /var

    Wir bekomme ich die beiden Probleme am besten bereinigt?

    Grüße aus Deutschland!

    Hello everyone,

    Yesterday, I installed the EAP Version 21 on my home firewall, which is not Sophos hardware. On the positive side, the upgrade went smoothly, and the GUI is now significantly faster than before.

    However, I am facing two issues:

    - Let’s Encrypt:
    I registered Let’s Encrypt on the firewall and attempted to issue certificates for two domains that point to the WAN side of the Sophos. Unfortunately, the issuance was unsuccessful for both domains, and the certificates are now showing an error status.

    "detail":"87.XXX.XXX.222: Fetching Error getting validation data"

    The other certificate also shows an error status, but with a simpler "http request error."

    - Third-Party Threat Feeds:
    I have added several feeds to the firewall, but the number of indicators remains at zero. For example, the following feed:

    I added a few more feeds today, and now the feed status shows "Storage full." However, when I check the storage usage on the Sophos, a significant portion of storage is still available.

    SFVH_SO01_SFOS 21.0.0 EAP1-Build152# df -h
    Filesystem Size Used Available Use% Mounted on
    none 1.5G 1.2M 1.4G 0% /
    none 2.9G 424.0K 2.9G 0% /dev
    none 2.9G 44.0M 2.9G 1% /tmp
    none 2.9G 53.6M 2.9G 2% /dev/shm
    tmpfs 2.9G 0 2.9G 0% /sys/fs/cgroup
    /dev/boot 126.2M 34.7M 88.8M 28% /boot
    950.7M 87.8M 846.9M 9% /conf
    /dev/content 11.2G 543.3M 10.6G 5% /content
    /dev/var 87.1G 22.7G 64.4G 26% /var

    What would be the best way to resolve these two issues?

    Greetings from Germany!

  • So, Public request for this, can we please have a SW version that support the XGS hardware, i would go through the hoops to ask through the partner way but generally i find that just vanishes into the either. So feedback from myself either a Home Locked version of the HW image or a SW image that allows the XGS hardware to be used. meanwhile testing on my fleet of test units goes on

    Sophos XG Engineer

    Sophos Silver Partner

  • It is internally tracked, we will look into this for the future. 


  • For the thread feeds, share your insights here:  Sophos Firewall: v21.0 EAP1: Third Party Threat Feeds Discussions 

    For the LE Component: Could you share the support access ID with me?  


  • Essentially the Kernel is not directly related to the UEFI or NIC support capabilities. 
    A Kernel can bring more support but its not mandatory nor commit to improve this. 
