It’s nearly ten years since we released version 9.3 of Sophos UTM which introduced the use of SXL for high-performance, secure online web categorization. Our previous system, CFFS, used unencrypted HTTP/1.0, offering poor security and performance. We have kept CFFS up and running as the number of customers using these old versions dwindled away. The time has now come to shut them down.
We will be turning off CFFS services on 1 September, 2023. We will be fully removing the remaining support for CFFS in the UTM operating system in our next maintenance release, 9.7 MR16.
For most customers, there should be absolutely no functional impact of this change and there is no need to do anything. Customers who are not running the latest version of SG UTM may see occasional messages in the http.log file complaining about a failure to access CFFS servers. Even if your UTM is not actively using CFFS for categorization, the Web Proxy component would still perform occasional probes to determine the nearest CFFS server to use.
If you are concerned that your SG UTM may still be using CFFS, you can do one of the following:
- Upgrade to version 9.7 MR16 when it is released – this is currently planned to begin in mid-July
- Run the following command as root at the UTM’s command line:
# cc set http use_sxl_urid 1
You should see the response ‘1’, indicating that the command was successful.
Customers still running versions older than 9.3 and using Web Protection with category-based filtering should upgrade as soon as possible. These devices are unsupported, insecure, and of course will no longer be able to categorize websites and URLs.