XG Firewall v18 MR-5: Feedback and experiences

Same here adding/deletiing recourses are affected in "Live" XG210 and "Lab" VM

Hello, 

fw rules LAN>WAN with target defined by fqdn stops matching, after update from 18mr4 to mr5

Try to edit this FQDN hosts and see, if the appliance can save them. If not, the object is broken. 

edit is possible

Running 18.5.0 GA Build 264 on a new XGS 57 and after about a week had a weird crash. Since the 57 doesn't have an SSD, I assume there are no useful records that I could forward to Sophos? (Not sure what the procedure is -- or if there is one -- either.)

I was happily on a video conference, but apparently the control rebooted while data kept flowing? I ended up having problems when I switched to try to go to a website while screen sharing and web activity was denied. Then I lost the conferencing as well. I was able to get into the GUI and take a screenshot of the diagnostic graphs, which showed 0% CPU utilization for  quite a while before the current time. Like it was a dead router routing.

Hi,

I think you mean a XGS87, also this is a thread on v18.0.5 MR-5 586 not v18.5.x. Please start a new thread on v18.5.

Thank you

ian

I just downgraded back to MR-4 as web browsing speeds tanked after MR-5 upgrade.
Watching page load in inspector showed long TTFB, between 3 and 5 seconds for most sites.
Suspect possible issue with IPS, didn't have time to dig into troubleshooting it.
Rollback to MR-4 went smoothly, web page loads are no longer delayed.

Your suspicions are correct. Since March 22nd we have been working with support on downloads pausing when TLS decryption is enabled. They have narrowed it down to firewall acceleration. When Acceleration is disabled and TLS is enabled, we can download large items, albeit slower than our throughput. Web browsing in general seems delayed across  the estate even without TLS decryption. The handling of this case has been abysmal and we’ve extended patience wayyyyy beyond what should be required for enterprise gear. A solution is still unmentioned at this point. I’ve always enjoyed Sophos support, but as soon as they sold to private equity, things immediately went downhill. Prove us wrong Sophos and you’ll keep customers for life. 

First of, this is already work in progress as a fix. See: https://community.sophos.com/sophos-xg-firewall/f/discussions/123913/sophos-xg-18-mr3-dpi-slow-download/462938#462938

Expecting to be fixed in the next upcoming version. 

The part about the download and issue with downloading files. Do you have anykind of Antivirus scanning enabled for big files (Increase the size of the download file in Proxy)? 

Where is the “Known issues” section of the release notes? Why then, is support still wasting my time logging into the device and collecting logs and atop monitoring multiple times, not clearly laying out the known problem? This has not to my knowledge been mentioned that a solution is in play already. I’ve sunk 30+ hours of customer support into this so far. To their credit, support has been apologetic and I feel bad even mentioning it here, but serious, how are things going to change if we don’t squeak loudly enough that this is not an okay process. I’ve experienced great support from Sophos, so I know it can be done. Finding out about a known issue here from a “community forum” rather than from my escalated support techs is frustrating to say the least. Were 8 weeks into the abyss on this problem. 
thank you for your link however and I suppose we should be glad a fix is on the way, but Sophos MUST stop beta (read: Upgrade as soon as possible) testing on its users of XG Firewall, and update release notes when a known issue this significant is understood.