XG V18 MR3

Hi All,

To confirm, yes - the release for v18 MR3 has been unfortunately delayed and will not be released this week. Please stay tuned next week, as we'll continue to follow up with the development teams to share updates for the Community.

Hi Flo,

have the development team provided any update guidance on the release date?

Ian

Hello rfcat_vk,

That is true, but it has been cut across all departments. It was not aimed at incompetent developers.
Unfortunately, it also affected workers who were very capable and were definitely a benefit to Sophos.
When the forest is felled, splinters fly - we say here.

Regards

alda

Maybe if/when this update comes it will allow me to fight this tumor in my head that is VPN issues I seem to be encountering, Hopefully before it does any real permanent damage. Just chaotic instability issues it seems - mostly seen with 2FA enabled on VPN. Many of them keep having to re-enter their one-time password all day D:

Maybe this will help you. Look for my last answers to this bug.

The global maximum session limit with activated MFA / OTP crashes the user session behind the vpn.  

https://community.sophos.com/xg-firewall/f/discussions/102442/vpn-timeout-key-negotion-after-8-hours 

Thanks Jonnie,

I think that gives me some good information. I think I'm going to disable 2FA for IPsec / SSL VPN as I can use certs and only enable it for the user portal. This stops people from downloading the config with a compromised account if it happens but keeps the user experience optimal. At least until it works better...

EDIT: Well damn I found that green thing you asked if it was a bad joke... I guess that makes sense, I was starting to find 4/ 8 hour connection issues. Mostly 4 hours as we moved many of the systems to IPsec because the SSL VPN clients weren't seemingly playing as nice as I'd like... or something. We just did for fun. Though I remember seeing 4 hours in some logs, the tickets lay out a 4-5 hour window and the one from last night was 8 hours exactly. It's very noticeable when they suddenly have to enter their 2FA code again so I'm disabling it on everything but the user portal for now. Jeesh. Thanks again for helping out that VPN tumor that has been growing :S

Glad to hear! =) 

Beside from disabling the 2FA, you can easily set the Maximum Session Limit at the XG to 12 hours, if it reasonable for your network. We did this also for our ssl vpn clients and there are no further disconnects. 

Yea. We also have most people using IPsec with the new connect thing haha. The hard coded timeout crap. Though with the new 2.0 client, I think we can get them back to SSL VPN as it seems to work nicely. I started the discussion internally so that's fun. Stupid rekey time thing with 2FA hah.

Any updates from the Webinar?

They said it will be released this week. They had to do some further QA testing. Thats why it was delayed.

Ok, i wanted to know what new and improved features will be in the MR3 release.

Better SSL VPN Performance
Better HA Support for Sophos Central

Better SSL VPN Performance
Better HA Support for Sophos Central

giannki that's all?  Any Updates for Sophos Connect 2.0 MacOS? Or that they finally fixed that mess of AD Sync?

Sorry that's what I remember on top of my head what they specifically announced for MR3.

Correct me if I'm wrong, but wasn't "Better SSL VPN Performance" actually in the "sort of" unreleased MR2?  

PMParth published a blog post about v18 MR3 but rapidly deleted it; The three main features are:

Better SSL VPN Throughput, he said up to 6x higher on 2U appliances.

Better HA support for Sophos Central and Groups support for Sophos Connect

And 36 bug fixes, nothing else...

I've been waiting for AES-NI fix for software installation which has supposed to be on v18 MR3, but well, still not available.

Hello Prism,

I don't think it's a surprise, it has to be their "high quality standards".

Regards

alda

Was like shooting at ducks.  Better be quick to catch it ...

Paul Jr

As well was hoping for AES-NI but they said it wasn't coming in this release. It was wishful thinking.

That seems to be the Sophos MO, over-promise and under-deliver.  I think they confused the two, but I've been watching this since v16 now and it is always the same.

Groups support for Connect would be awesome...hopefully it works!

Hi All,

As some of you may have seen, unfortunately the work-in-progress release post for MR3 was accidentally published in error. The post has since been removed. Note that the information contained in the post may be incorrect as the team is still actively working on the release.

SFOS v18 MR3 is still expected to be launched next week, so please stay tuned.