Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 1357 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem after upgrade to Sophos Firewall Manager SFM 17.1 MR1

BeEf

The sophos support told us to update to SFM 17.1 MR1 to resolve some issues with the delay of distribrution of rules to our firewalls. As we are in the beginning of our project wie have only our central XG 550 cluster connected. The cluster is running on SFOS 17.5 MR7.

After the update there was a mismatch in the configuration on the firewall cluster and the SFM. Basically I saw no groups and from 100 Rules on the SFM only the first 70 rules were in the configuration in increasing order. Removing and rejoining the firewall from SFM did not help. We connected an newly installed SFOS 17.5 MR8 firewall which showed up in a correct manner and also with a group. But the configuration was quite small (5 rules).

There seems to be no up to date compatibility guide online but older guide let me think that the previous version SFOS 17.5 MR7 should be supported. The announcement also shows no hints that all firewalls need to be on SFOS 17.5 MR8 before updating and the support did not tell us to do so.

Did somebody else notice that? What are the experience regarding the stability of SFM - Firewalls. In our case a backward replication from SFM -> Firewall of the wrong rules probably would have left our company out of service for several hours as we did a lot of changes recently.

What are the experiences with Sophos Central Management? Have you seen things like this happen there too? How is the performance and stability. Is there a compatibility guide for sophos central management?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Sorry for the inconvincible caused!

    For details related to SFM-https://www.sophos.com/en-us/support/documentation/sophos-firewall-manager.aspx#

    I     would request you to contact technical support to investigate the issue further, please PM us the service request number.

  • 0 in reply to Keyur

    Hello Keyur,

    thanks you for your answer. Unfortunately the compatibility Guide is from February 2019 and does not cover the versions I am using. Outdated like so many documentation from Sophos (they should look to some competitors e.g. Fortinet. They have much better and always up to date documentation).

    I might contact the technical support but my experience regarding speed an success rate is not very good. First step they will ask is to update the firmware on the firewall which is only 2 weeks older. If there is an incompatibilty there should be an warning during the installation and/or in the release notes.

    I will update the firmware and try to include it once again. Hopefully it works. If not I might decide to go on without SFM. This bug is really critical. If for some reason the outdated and incomplete rules that are in the wrong order are pushed out to the firewall several hundred people won't be able to work :-(.

    Best regards,
    Bernd

  • 0 in reply to BeEf

    Hi  

    I understand your concern and the point you are trying to make. I would recommend raising a support service request to analyze the issue further. If any troubleshooting or escalation required, they will help you further, please PM us the service request number if you contact them.

  • 0 in reply to Keyur

    This morning I updated the firewall and everything is working again. However I still think that not having checks in place and information in the readme file is very bad.

     

    This looks like working/not working by chanche. I also suspect that this was not the intended behaviour by sophos - so it is a bug ...

Reply
  • 0 in reply to Keyur

    This morning I updated the firewall and everything is working again. However I still think that not having checks in place and information in the readme file is very bad.

     

    This looks like working/not working by chanche. I also suspect that this was not the intended behaviour by sophos - so it is a bug ...

Children