Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 33 subscribers
  • Views 5141 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BUGs and other issues new and old in V18 MR1

rfcat_vk

Hi folks,

V18.0.1 MR-1 existing bugs, new BUGs and things that weren't reported as bugs.

1/. Existing bugs that didn't get fixed

a) multiple entries in the logviewer for DDNS registrations.

b} diagnostic traffic reporting - way under actual

c) IPv6 static addresses not appearing in the DHCP leased list

d) IPv6 RA assigned addresses not appearing in logviewer or in assigned address list

e) use of FQDNs in IPv6 firewall rules

f) daily reports will have to wait until tomorrow to see they haven fixed

g) pattern updates for authentication client, Sophos connect client and SSLVPN clients have not updated since Dec 2019

 

A previous bug though not reported.

XG fails to stop adult/sexually explicit sites even though they are correctly categorised. Blocks video and ads associated with the sites, but not the sites. Now according to the firewall logviewer -> web page one site is blocked, but the actual block message come from Sophos Home Premium. The appears to be a bug in Sophos Home Premium with regard to blocking some of these sites on Apple devices, currently inland with Sophos Home Premium.

 

New Bugs.

So far I have not found any.

 

Maybe BUG

a) normally when I run speedtest I see entries in the IPS GUI but no values in the table when I click on an item, today no entries after 4 speedtests.

 

A question about a BUG in V18 GA

Did the default drop rules get fixed eg can I remove my default rule?

 

Ian



This thread was automatically locked due to age.
Parents
  • 0

    I have found also a bug after upgrade:

    "Dropped due to TLS engine error: FLOW_TIMEOUT[5]"

    My SSL settings:


    THIS is AFTER REVERT to previous firmware

     

    And now its working

  • 0 in reply to Regex

    Thanks for posting, I have hit this error across the board as well. After updating. several apps, especially Dropbox and Apple Mail and other similar apps, do not work at all. Looking at SSL/TLS logs showed several errors, and disabling SSL/TLS inspection caused them to go away.

  • 0 in reply to PowerPete

    Hi PowerPete.

    Apple sites/updates do not like HTTPS scanning so SSL/TLS will also fail. For the Apple updates you need to setup a rule that does not use HTTPS and has none for SSL/TLS.

    This issue has been around a for a  number of years.

    Apple mail needs to have the XG CA installed on the receiving device, then mail stopped and then a little while later opened again. It does work on mac mini, MBP and iPad.

    Ian

  • 0 in reply to rfcat_vk

    rfcat_vk said:

    Hi PowerPete.

    Apple sites/updates do not like HTTPS scanning so SSL/TLS will also fail. For the Apple updates you need to setup a rule that does not use HTTPS and has none for SSL/TLS.

    This issue has been around a for a  number of years.

    Actually, this worked just fine before the update to MR1. So this is definitely a new issue and has nothing to do with whatever it is that has been around for a number of years. 

  • 0 in reply to cryptochrome

    Hi,

    in your XG configuration possibly.

    Prior ro V18 there was no SSL/TLS inspection seperate from the HTTPS proxy. In V18 EAP SSL/TLS inspection did not work correctly. V18.0.1 MR-1 re-release has a fix for the SSL/TLS inspection and also you are able to setup firewall rules with web none and not use SSL/TLS.

    Finally those error look like the original V18, you will need to click add to exception for those items because Sophos acknowledge that not all sites play fair with SSL/TLS scanning.

    Ian

  • 0 in reply to rfcat_vk

    rfcat_vk said:

    Hi,

    in your XG configuration possibly.

     

    Nope. Not that either. I wasn't running v17 or v18 EAP before I upgraded to v18 MR1, I was using a production build of v18 (the last one available before MR1 was released). I know all about the new TLS decryption and have been using the exception group for a while now. Apple is on both the new exception group as well as the old style exceptions that were used prior to v18 (which supposedly still work with v18). I am still getting these errors. 

    It is a problem that was introduced with MR1. 

  • 0 in reply to cryptochrome

    This is interesting because since I upgraded to v18 MR1, I got some issues regarding Google Play Store. 

    I didn't changed anything in my configuration and rules, btw. So maybe there is something wrong in MR1...

  • 0 in reply to TheBalmasque

    TheBalmasque said:

    This is interesting because since I upgraded to v18 MR1, I got some issues regarding Google Play Store. 

    I didn't changed anything in my configuration and rules, btw. So maybe there is something wrong in MR1...

     
    Yep, Google is affected as well. 
     
    I think what's going on here is that MR1 no longer respects the "old" (pre-v18) web exception list. I had Google on there forever and after the upgrade to MR1 I had to put Google on the "new" (URL-Group based) exceptions to get it to work. v18 releases prior to MR1 respected the old list.
     
     
     
  • 0 in reply to cryptochrome

    What's even more weird (as I just found out) is that play.google.com is even included on the managed exclusion list, as seen here:

    Yet I had to add it to my local exclusion list for it to work. Something is really broken here. 

Reply Children